B.
1. Check DNS servers, must point to itself and must have at least 4,5 services - AD
C.
1. Check where currently pointing to ( DNS )
Filer> priv set diag
Filer> registry walk auth
If requires to rerun cifs setup, this registry can be deleted
Filer> registry deltree auth
D.
Net view \\filername should show all shares from windows side and cifs shares should show from filer side
But, when share is accessed from windows machine, we get No Network Provider Present. Ping works, iscsi works, iscsi drives are OK – can access. But, cifs shares does not work. In filer side we see ‘Called name not present ( 0x82). Cifs resetdc also gives the same message.
Check :
a. If filer and windowsdc is rebooted at the same time because of power failure this is seen. Filer needs to come first and then DC
b. make sure that there is no virus related activities goin on that host. Virus scan to windows host or filer can also make this happen
When trust is there
When trust is newly established – No Logon Server available may come while accessing.
Cifs resetdc will make it work. Also in some permission issues.
Disable WINS on interface e0 ( if requires to go by pure DNS only )
Filer> ifconfig e0 –WINS
( so that filer do not talk to WINS server )
Process to find CIFs problem
Cifs shares should see everyone full control
Qtree security NTFS
Check options wafl
< > blank
< > unix
< > pcuser
Check /etc/usermap.cfg
/etc/passwd file
/vol/test - check this is UNIX or NTFS
When WINS address is changed
Options cifs.wins_servers ( ip address, , , ) ---- to view WINS
Cifs resetdc
Common Cifs issues - cannot access , access denied
1. time lag between pc and filer ( change from filer view )
2. qtree security [unix | ntfs | mixed ] - change temporarily
From ntfs to unix and
back to ntfs or ntfs to
mixed and back to ntfs
(when folder is mapped…in its drive letter you do not see security tab…..as well.)
Cifs Options
Cifs.show_snapshot ON
Options cifs.netbios_aliases.names --- alternate names of
Filer
Wafl.net_admin_priv_map_to_root ON*
Options cifs.trace_login ON
* to take ownership of file by windows top level administrator when file is created from unix side and has only unix ACLs
CIFS + NFS both
Scenario A
1. qtree in vol is created with mixed sec
2. share that qtree
3. groupwise users access in unix are defined in /etc/group file
/etc/group - > is in unix side. Client or NIS server
Eng::gid:khanna, Uddhav
In client side
Ls –l file / directory listing
Chmod
Chgroup
Chown
( to see both permission in cifs shares – permission from unix and permission from windows use secureshare access )
4. In windows create group and give access
5. /etc/usermap.cfg file is used to map user accounts in windows and their corresponding account in unix to access/manage resources
Win unix
- <= - (unix to windows)
- >= - (windows to unix)
- == - (both)
Test\* == - ( all users of test windows domain)
Domain\<user> => root
( if the user is not able to see home directory but all other users folders ; CIFS restart and access home )
6. when file is created in that cifs directory or nfs mounted place, the ownership is maintained by who ever created it and access is granted by usermap.cfg file
7. Make sure that
Wafl.net_admin_priv_map_to_root ON
( sometimes permissions are locked and some files gets corrupted; while accessing it says do not have access or encrypted. Every other files works fine. In this case changing
Options cifs.nfs_root_ignore_acl from off to ON and
Change the permission from NFS mounted side -unix
to Chmod 777 and access file. Change back to OFF.
Will work after this all the time
(this was the cause when user upgraded from 6.4 to 6.5 and some files in mixed qtree’s folders were not able to access nor change the permission from even root user from NFS side. Above permission reset made it work.
Scenario B
1. Qtree is created its security is unix
2. Share is created of that qtree – so location is the same
3. Cifs client cannot chdir into directory if the user has execute
Permission – d-wx-wx-wx eg MODE == 111. User gets
NT_Status_access_Denied message when accessed
4. If the user is granted read only – MODE == 444 ), chdir is
Successful.
CIFS audit
Options Cifs.audit.enable ON
Cifs.audit.file_access_events.enable ON
Cifs.audit.logon_events.enable ON
Cifs.audit.logzie 524288
Cifs.audit.saveas /etc/log/adtlog.evt
Filer > cifs audit save –f
Read /etc/log/adtlog.evt as event log thru windows
CIFS errors
LSAOpenPolicy2 : Exception rpc_s_assoc_grp_max exceeded
Veritas Backup Exec 9.1 : mycomputer -> shares -> sessions shows Veritas Backup Exec Administrative account connections for every share in filer. One connection per share and it grows each and every day as well as stays there each and everyday. This must be wiped out.
Virus Scan
Vscan ---- to see the status of virus scan
Vscan on
Vscan off
Vscan options
Vscan scanners
Vscan options client_msgbox [on|off]
Vscan scanners secondary_scanners ip1 [ip address]
Fpolicy
Fpolicy show
Fpolicy enable
Fpolicy options
Fpolicy server
Quotas
rdfile /etc/quotas
Cluster Prerequisite
Volume option create_ucode ON
Options coredump.timeout.enable ON
Options coredump.timeout.seconds 60 or less
Cluster
Cf disable
Cf enable
Cf status
Partner cifs terminate –t 0
Cf giveback
F1 F2
Cf takeover Can shutdown
When comes up
Waiting for giveback
from partner
cf giveback
Sometimes, due to active state, this may not run. Make sure that no cifs sessions are running. Also snapmirror should be off
San FCP
Switch>cfgshow
>fcp show cfmode (standby,partner,mixed)
>fcp set cfmode mixed
>fcp show adapters
>fcp show initiators
>fcp setup
>fcp set cfmode [dual_fabric | mixed | partner | standby ]
>fcp nodename
>fcp config
>fcp status
>fcp start
>fcp config 10b
>igroup show