Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1402596.1
Update Date:2012-06-28
Keywords:
Solution Type  Technical Instruction Sure

Solution  1402596.1 :   Sun Storage 7000 Unified Storage System: Mapping to specific UNIX users fails  

Related Items 
    

  • Sun Storage 7310 Unified Storage System
    •  
  • Sun Storage 7410 Unified Storage System
    •  
  • Sun ZFS Storage 7120
    •  
  • Sun ZFS Storage 7320
    •  
  • Sun ZFS Storage 7420
    •  
  • Sun Storage 7110 Unified Storage System
    •  
  • Sun Storage 7210 Unified Storage System
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
    •  
  • .Old GCS Categories>Sun Microsystems>Storage - Disk>Unified Storage
    •  






In this Document


Goal


Fix


References

 Created from <SR 3-3740498461>


Applies to: 

Sun ZFS Storage 7320 - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7420 - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7310 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7110 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7210 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
7000 Appliance OS (Fishworks)



Goal


This document explains how to check for and resolve server connection problems that can lead to mapping failures.


To discuss this information further with Oracle experts and industry peers, we encourage you to review, join or start a discussion in the My Oracle Support Community - 7000 Series ZFS Appliances


Fix


In order to successfully map a user or group to a non-ephemeral uid/gid, an active connection to both the AD server and the UNIX naming service is required. Often, the issue is that one of these connections has been lost.

To check the UNIX nameserver, use getent database name at the CLI admin interface. For example:


nas1:> getent passwd will

will:x:100:10::/var/ak/home/will:/usr/lib/ak/tools/aksh-wrapper


A failure to resolve the name is an indication you need to check the configuration or connection to this server.


To check the connection to the AD server, check the AD configuration:


server-a:> configuration services ad show

Properties:

<status> = online

mode = domain

domain = nas.local

server = <none>


In this example, the connection has been lost. If the connection were active, there would be a valid IP address for "server".



Individual mappings can also be checked using:


Configuration - Services - Identity Mapping - Mappings


Here's an example of the results for a Windows user:


User Properties

Name <No name available>

ID 2147483650

Source Cached mapping

Backend Ephemeral


... this tells us that the mapping is Ephemeral, so if it was expected to see a mapping to a known UNIX user, this would be confirmation that it's not working, and that once again, the UNIX name server should be checked.






Also note the very large UID beginning with 2147. The ZFSSA uses numbers in this range to avoid conflicts with existing NIS or LDAP users, so they are easily identifiable as ephemeral IDs.


 


Back to <Document 1428753.1> Sun Storage 7000 Unified Storage System: How to Troubleshoot Identity Mapping and cross-platform file sharing issues.
References
<NOTE:1428753.1> - Sun Storage 7000 Unified Storage System: How to Troubleshoot Identity Mapping and cross-platform file sharing issues



Attachments

This solution has no attachment


















       

Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.

 Feedback