Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-75-1439883.1
Update Date:2012-09-28
Keywords:

Solution Type  Troubleshooting Sure

Solution  1439883.1 :   Sun Storage 7000 Unified Storage System: How to Troubleshoot Windows/SMB file and directory permissions issues  


Related Items
  • Sun Storage 7410 Unified Storage System
  •  
  • Sun Storage 7310 Unified Storage System
  •  
  • Sun ZFS Storage 7120
  •  
  • Sun Storage 7110 Unified Storage System
  •  
  • Sun ZFS Storage 7320
  •  
  • Sun ZFS Storage 7420
  •  
  • Sun Storage 7210 Unified Storage System
  •  
Related Categories
  • PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
  •  
  • .Old GCS Categories>Sun Microsystems>Storage - Disk>Unified Storage
  •  




In this Document
Purpose
Troubleshooting Steps
References


Applies to:

Sun ZFS Storage 7120 - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7110 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7320 - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7210 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7410 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Information in this document applies to any platform.

Purpose

This document provides a procedure to resolve problems with SMB (Windows) file and directory permissions/security on the ZFS Storage Appliance.

This usually manifests as an inability to access shares, access denied, or incorrect/unexpected permissions on newly created or copied files.

To discuss this information further with Oracle experts and industry peers, we encourage you to review, join or start a discussion in the My Oracle Support Community - 7000 Series ZFS Appliances

Troubleshooting Steps

Steps to Follow

This document should be used to troubleshoot issues accessing files and directories over SMB shares/mounts. Each of the following steps will provide instructions and/or a link to a document, to check for issues and provide corrective action as necessary.


Step 1  -  Check the configuration of your shares and ACLs.

Document: 1439412.1 provides some guidance on ACL and configuration settings that can help to achieve the expected behavior when manipulating files via SMB.


Step 2  -   Understand the difference between SMB share security and ACL file and directory security, and how and where to use each of these.

ACL security is the modern method for applying security to Windows (and ZFS / NFSv4) files and directories. Share ACLs are a legacy feature that is more limited. Document 1439485.1 explains the differences, shows where to configure each and provides some guidance on when to use each.


Step 3  -  SMB workgroup mode vs. AD Domain mode.

Though most customers are using Active Directory for security, the ZFS Storage Appliance also supports Workgroup mode. There is some extra configuration required for Workgroup mode, including the creation of user accounts on the ZFSSA. Document 1431403.1 explains the differences in the two modes and the steps necessary to configure the ZFSSA in Workgroup mode.


Step 4  -  Check for a known issue with Share ACLs

If certain shares are inaccessible, usually a small subset, Document 1439662.1 explains an issue with share ACLs that may be causing the problem. This can affect customers whether or not they are using share ACLs.


Step 5  - 
Check for issues that prevent access to all SMB shares.

Document 1439858.1 helps to troubleshoot known issues that prevent access to all Windows/SMB shares. Checking the connection to the Domain Controller is included in this document.


Step 6 - Collect data and contact Oracle ZFSSA Support

At this point, if the issue has not been resolved with the troubleshooting steps listed above, to open a Service Request is recommended. Having the following data (as available) will help the engineer assigned to the Service Request to expedite a solution:

  • A ZFSSA support bundle. See Document 1019887.1
  • File and directory permissions from the command line. In UNIX, use the ls command (-V and -Vd for Solaris, equivalents for other UNIX OS). If there's a file operation involved, collect this data both before and after the operation.
  • Steps to reproduce the problem.
  • If possible, a network capture of the failed attempt to access the file. This should be run from the client, and should begin before the drive is mounted or mapped. See Document 1398376.1 for details on how to collect a network capture.

References

<NOTE:1019887.1> - Sun Storage 7000 Unified Storage System: How to collect a supportbundle using the BUI or CLI
<NOTE:1431403.1> - Sun Storage 7000 Unified Storage System: Active Directory Domain Mode vs. Workgroup Mode
<NOTE:1439412.1> - Sun Storage 7000 Unified Storage System: Tips for Configuring Shares for Windows clients
<NOTE:1439485.1> - Sun Storage 7000 Unified Storage System: Share ACLs vs. File and Directory ACLs
<NOTE:1439662.1> - Sun Storage 7000 Unified Storage System: Some SMB (Windows) shares are inaccessible
<NOTE:1439858.1> - Sun Storage 7000 Unified Storage System: All SMB (Windows) shares inaccessible

Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback