Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1402596.1
Update Date:2012-06-28
Keywords:

Solution Type  Technical Instruction Sure

Solution  1402596.1 :   Sun Storage 7000 Unified Storage System: Mapping to specific UNIX users fails  


Related Items
  • Sun Storage 7310 Unified Storage System
  •  
  • Sun Storage 7410 Unified Storage System
  •  
  • Sun ZFS Storage 7120
  •  
  • Sun ZFS Storage 7320
  •  
  • Sun ZFS Storage 7420
  •  
  • Sun Storage 7110 Unified Storage System
  •  
  • Sun Storage 7210 Unified Storage System
  •  
Related Categories
  • PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
  •  
  • .Old GCS Categories>Sun Microsystems>Storage - Disk>Unified Storage
  •  




In this Document
Goal
Fix
References


Created from <SR 3-3740498461>

Applies to:

Sun ZFS Storage 7320 - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7420 - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7310 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7110 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7210 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
7000 Appliance OS (Fishworks)

Goal

This document explains how to check for and resolve server connection problems that can lead to mapping failures.

To discuss this information further with Oracle experts and industry peers, we encourage you to review, join or start a discussion in the My Oracle Support Community - 7000 Series ZFS Appliances

Fix

In order to successfully map a user or group to a non-ephemeral uid/gid, an active connection to both the AD server and the UNIX naming service is required. Often, the issue is that one of these connections has been lost.
To check the UNIX nameserver, use getent database name at the CLI admin interface. For example:

nas1:> getent passwd will
will:x:100:10::/var/ak/home/will:/usr/lib/ak/tools/aksh-wrapper

A failure to resolve the name is an indication you need to check the configuration or connection to this server.

To check the connection to the AD server, check the AD configuration:

server-a:> configuration services ad show
Properties:
<status> = online
mode = domain
domain = nas.local
server = <none>

In this example, the connection has been lost. If the connection were active, there would be a valid IP address for "server".

Individual mappings can also be checked using:

Configuration - Services - Identity Mapping - Mappings

Here's an example of the results for a Windows user:

User Properties
Name <No name available>
ID 2147483650
Source Cached mapping
Backend Ephemeral

... this tells us that the mapping is Ephemeral, so if it was expected to see a mapping to a known UNIX user, this would be confirmation that it's not working, and that once again, the UNIX name server should be checked.

Also note the very large UID beginning with 2147. The ZFSSA uses numbers in this range to avoid conflicts with existing NIS or LDAP users, so they are easily identifiable as ephemeral IDs.

 

Back to <Document 1428753.1> Sun Storage 7000 Unified Storage System: How to Troubleshoot Identity Mapping and cross-platform file sharing issues.

References

<NOTE:1428753.1> - Sun Storage 7000 Unified Storage System: How to Troubleshoot Identity Mapping and cross-platform file sharing issues

Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback