Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-1464691.1
Update Date:2012-06-08
Keywords:

Solution Type  Problem Resolution Sure

Solution  1464691.1 :   Sun Storage 7000 Unified Storage System: Changing a share quota generates "Unknown user"-error.  


Related Items
  • Sun Storage 7410 Unified Storage System
  •  
  • Sun ZFS Storage 7320
  •  
  • Sun Storage 7310 Unified Storage System
  •  
  • Sun Storage 7210 Unified Storage System
  •  
  • Sun ZFS Storage 7420
  •  
  • Sun ZFS Storage 7120
  •  
  • Sun Storage 7110 Unified Storage System
  •  
Related Categories
  • PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
  •  


Changing quota on a share with root-ACL's set may give an "Unknown user" in the Browser UI, or 
"error: invalid property value "undefined" for "com.sun.ak:acl": Unknown or invalid user" in CLI.

In this Document
Symptoms
Cause
Solution


Created from <SR 3-5496486261>

Applies to:

Sun ZFS Storage 7420 - Version Not Applicable and later
Sun Storage 7410 Unified Storage System - Version Not Applicable and later
Sun ZFS Storage 7120 - Version Not Applicable and later
Sun ZFS Storage 7320 - Version Not Applicable and later
Sun Storage 7210 Unified Storage System - Version Not Applicable and later
Information in this document applies to any platform.

Symptoms

When trying to change the share quota the browser UI gets the error "Unknown user", and CLI will get the error "error: invalid property value "undefined" for "com.sun.ak:acl": Unknown or invalid user"

Cause

The appliance could not properly map the UID for the one named user in the root ACL so it could not be removed from the BUI.

Commonly the ACL will contain an entry set from one of the clients for a client local user, and not an AD/NIS/LDAP user.
 
 

Solution

To find out the ACL entry causing this you will need to check each named user entry in the root ACL of the share in the idmap cache.

The root ACL can be found under Shares -> <affected share> -> Access in the browser UI.

Looking at the idmap-cache the named user that could not properly be mapped had a SID that was very much shorter than a proper SID.

The SID's for the users in the ACL can bee looked up under Configuration -> Services -> Identity Mapping -> Mappings, where you can lookup each individual user to see if the mapped SID looks strange.

For reference an example of a normal SID is: S-1-5-21-3265591825-2404522831-4215850146-46613

If the SID is considerably shorter than the example, it is most likely causing this issue as it is normally a local user in one of the attached clients, thus it cannot be mapped properly by the appliance.

Currently the only way to properly remove the invalid ACE is by deleting it from a client system, for windows systems this can take a little while as the ACL will be removed for all directory and file entries in the share.

Once the ACE is removed, changing the quota is again possible.
 


Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback