Sun Storage 7410 Unified Storage System
 
Sun Storage 7310 Unified Storage System
 
Sun ZFS Storage 7120
 
Sun Storage 7110 Unified Storage System
 
Sun ZFS Storage 7320
 
Sun ZFS Storage 7420
 
Sun Storage 7210 Unified Storage System
 

PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
 
.Old GCS Categories>Sun Microsystems>Storage - Disk>Unified Storage
 

In this Document

Purpose

Troubleshooting Steps

References

Applies to:

Purpose

This document provides a procedure to resolve problems with SMB (Windows) file and directory permissions/security on the ZFS Storage Appliance.

This usually manifests as an inability to access shares, access denied, or incorrect/unexpected permissions on newly created or copied files.

Troubleshooting Steps

Steps to Follow

This document should be used to troubleshoot issues accessing files and directories over SMB shares/mounts. Each of the following steps will provide instructions and/or a link to a document, to check for issues and provide corrective action as necessary.


Step 1  -  Check the configuration of your shares and ACLs.

Document: 1439412.1 provides some guidance on ACL and configuration settings that can help to achieve the expected behavior when manipulating files via SMB.


Step 2  -   Understand the difference between SMB share security and ACL file and directory security, and how and where to use each of these.

ACL security is the modern method for applying security to Windows (and ZFS / NFSv4) files and directories. Share ACLs are a legacy feature that is more limited. Document 1439485.1 explains the differences, shows where to configure each and provides some guidance on when to use each.


Step 3  -  SMB workgroup mode vs. AD Domain mode.

Though most customers are using Active Directory for security, the ZFS Storage Appliance also supports Workgroup mode. There is some extra configuration required for Workgroup mode, including the creation of user accounts on the ZFSSA. Document 1431403.1 explains the differences in the two modes and the steps necessary to configure the ZFSSA in Workgroup mode.


Step 4  -  Check for a known issue with Share ACLs

If certain shares are inaccessible, usually a small subset, Document 1439662.1 explains an issue with share ACLs that may be causing the problem. This can affect customers whether or not they are using share ACLs.


Step 5  -  Check for issues that prevent access to all SMB shares.

Document 1439858.1 helps to troubleshoot known issues that prevent access to all Windows/SMB shares. Checking the connection to the Domain Controller is included in this document.


Step 6 - Collect data and contact Oracle ZFSSA Support

At this point, if the issue has not been resolved with the troubleshooting steps listed above, to open a Service Request is recommended. Having the following data (as available) will help the engineer assigned to the Service Request to expedite a solution:

• A ZFSSA support bundle. See Document 1019887.1
• File and directory permissions from the command line. In UNIX, use the ls command (-V and -Vd for Solaris, equivalents for other UNIX OS). If there's a file operation involved, collect this data both before and after the operation.
• Steps to reproduce the problem.
• If possible, a network capture of the failed attempt to access the file. This should be run from the client, and should begin before the drive is mounted or mapped. See Document 1398376.1 for details on how to collect a network capture.

References

This solution has no attachment