Mapped GID is changing while accessing CIFS share

Similar Messages

• Unable to access CIFS shares using SSL Web portal

  Hello,
  i have deployed Cisco Clientless Web VPN on my ASA5515.
  I'm having an issue when I try to browse a file server (access CIFS shares) from the WEB VPN portal.   I am prompted for login, and after logging in  I get the "Error contacting host" immediately. it's seem like a bug on ASA ? i saw that on Cisco Web site : bug CSCsl94183
  I already DONE those things :
  1- reload the ASA
  2- upgrade to the latest software release
  3- test different web browser ( Firefox, IE, Chrome)
  1- ASA Platform is 5515 running  latest software release (9.1.4)
  2- File  server running Windows 2008 R2
  3- Clients is using Firefox.
  4- When I establish SSL VPN connection using Cisco AnyConnect I  have no problems accessing files or folders on the same server.
  NOTE :  I have 2 other CIFS server running  Window 2003 and there is no issue.  the issue is happening ONLY  with the server running Window 2008 R2

  I've also seen this exact problem. We have several Windows 2008 R2 servers, one of our Domain controllers has been migrated to 2008 R2. I can access shares on the Windows 2008 R2 domain controller, but not a deicated (member) file share server. 

• Random error accessing CIFS shares from Windows

  I am setting up some CIFS shares to be used from Windows clients and in the process I had some random problems accessing the shares.
  In hope of finding the answer I checked the CIFS Service and the Active Directory Service, and while watching the screen for Active Directory Service I saw that the "Selected Domain Controller" changed from one to another. I now stayed within this screen and noticed that the "Selected Domain Controller" continued to change and then I found the problem, because an unknown Domain Controller appeared. The IP was 216.150.17.8
  I found that when ever this Domain Controller was the selected one, all access to CIFS shares from Windows clients failed! This is correct, because the 216.150.17.8 of course is unaware of all users in Our Domain
  So the Questions are:
  - what is happening?
  - and how to solve this?
  - why is a Domain Controller 216.150.17.8 sometimes the Selected Controller?
  - where does this 216.150.17.8 come from?
  Have You seen anything like this?

  I now have found out why the DC changes - it is because the CIFS service is restarting ;-(
  This is a log snip
  2009-5-14 09:24:53 Executing start method ("exec /usr/lib/smbsrv/smbd start").
  2009-5-14 09:24:53 Executing stop method (:kill).
  2009-5-14 09:24:53 Stopping because all processes in service exited.
  2009-5-14 09:24:39 Method "start" exited with status 0.
  2009-5-14 09:23:48 Executing start method ("exec /usr/lib/smbsrv/smbd start").
  smbd: NetBIOS services started
  2009-5-14 09:23:48 Executing stop method (:kill).
  2009-5-14 09:23:48 Stopping because all processes in service exited.
  2009-5-14 09:23:34 Method "start" exited with status 0.
  It seems to happen when I access the share and thereby force a uservalidation
  Any ideas?

• Cannot access CIFS shares from Windows 2008R2 on NSS3000

  Hi,
  I am trying to upgrade our 2008 domain to 2008R2 but with that last version we cannot access to cifs shares on the NSS3000. Access from all other clients are OK. It was 100% OK under 2008...
  Whether I use the IP or the FQDN, I got an error from Windows 2008R2. From IP, I got "No process is on the other end of pipe." and from network Gui, I got "Windows cannot access \\nas0026CB647BC6. Check the spelling of the name...blabla. Details : Error Code : 0x80070035, The network path was not found".
  On the NAS, I got this errors in the cifs logs :
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: rpc_api_pipe: Remote machine WIN2008-PDC.bluemoon.holywell.leics pipe \NETLOGON fnum 0x4002returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED 
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: [2011/02/24 14:12:45, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) 
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: rpc_api_pipe: Remote machine WIN2008-PDC.bluemoon.holywell.leics pipe \NETLOGON fnum 0x4002returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED 
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: [2011/02/24 14:12:45, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) 
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: rpc_api_pipe: Remote machine WIN2008-PDC.bluemoon.holywell.leics pipe \NETLOGON fnum 0x4002returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED 
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: [2011/02/24 14:12:45, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) 
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: rpc_api_pipe: Remote machine WIN2008-PDC.bluemoon.holywell.leics pipe \NETLOGON fnum 0x4002returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED 
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: [2011/02/24 14:12:45, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) 
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: rpc_api_pipe: Remote machine WIN2008-PDC.bluemoon.holywell.leics pipe \NETLOGON fnum 0x4002returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED 
  Feb 24 14:12:48 NAS0026cb647bc6 winbindd[28457]: [2011/02/24 14:12:48, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) 
  It is likely to be an incompatibility between Windows 2008R2 smbv2 and the NSS3000 smbd but I can't find any firmware update and I can't find the process to allow in the registry.
  I can ping it, I can connect on the web interface, I can connect on FTP but no CIFS at all.
  Firmware version running is 1.20.1. Hardware rev : V03.
  Any idea?

  Hi SpaceBass, have you looked into sharepoints or into Netinfo manager. I have been playing around with sharepoints and it does let me enter non local users into the sharing prefs- albeit manually. Only thing is , depending on the number of macs you have, it could be a long and tedious job entering it all by hand. Netinfo may have an easier way, I'll do some more digging and post back.
  Cheers.

• Force to ask Credentials while accessing a share

  How do I force windows to ask for credentials whenever I connect to a share or whenever I access a share folder?

  maybe this thread will help you to do workaround
  http://superuser.com/questions/722153/in-windows-8-1-how-to-force-prompt-for-credentials-when-accessing-a-shared-fold
  go to computer management  > shared folders > session, and disable guest account

• WEBVPN trouble accessing CIF shares

  Hello everybody,
  there is an issue it is driving me crazy:
  I correctly set up a webvpn gateway on a cisco 1921 and share my Apple Time Capsule disk on the portal.
  When I connect to it (click on link) I have to authenticate (the time capsule password) and then I can open the root directory of the drives but as soon as I click on any folder I am sent back to the authentication for the share and using the password doesn't work. I can correctly transfer files from and to the root directory of the share but not in the directories.
  Needles to say the share works locally both from MAC access and from Windows access (using username and password theg get me in the first directory and not past it). I did search for bugs on the IOS implementation of webvpn but I could not find anything related to this behaviour.
  Also I could not find anything explaining the debug output of debug webvpn cifs, so I cannot understand what is going wrong.
  Any suggestions (beside opening a case with TAC:-))?
  Thanks
  Fabio

  please try other web browser instead of IE 8 or older version of IE. make sure that your PC and router are on the same subnet and that the PC had its gateway ip address set the same on the router interface ip address. also try accessing using https.

• Finder cannot access CIFS share but Terminal can

  Hello,
  when I connect to a Samba share of my university for which the folder permissions are set via NFS ACLs, Finder gives an error: The folder FOLDER cannot be opened because you don't have permission to see its contents.
  Access via Terminal to the folder FOLDER works fine though.
  The behavior is identical to the following post
  https://discussions.apple.com/message/8398410#8398410
  But no solution was given.
  Any ideas?
  Thanks,
  To

  Hi nvpurk,
  Have you accessed to the shared folder in the Linux from the Windows machine before ?
  Have you configured the permissions of the shared folder and add the permissions for the specific user ?
  Considering you are using the Linux system as a shared host .We can refer to the following link to configure it .
  How to Share Folders in Ubuntu & Access them from Windows 7
  http://www.7tutorials.com/how-access-ubuntu-shared-folders-windows-7
  How to Share Files Between Windows and Linux
  http://www.howtogeek.com/176471/how-to-share-files-between-windows-and-linux/
  According to the error message ,we can run "icacls path to the network share folder" to check whether the present user has the permission to access the folder .
  NOTE: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites.
  Considering you are using the Linux as a shared and we are not familiar with configuring it .We also can try to ask for help from the Linux Forum.
  Best regards
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• [SOLVED]Setting up Arch to read CIFS shares but no smb.conf

  I am trying to ACCESS CIFS shares from another computer. Other clients can access these shares without issue. I am NOT trying to host files from Arch.
  Reading I have done: wiki pages on SAMBA and SMBCLIENT.
  Reading the SMBCLIENT wiki page, it apparently states that only the package smbclient should be installed, which I did.
  But, following the SMBCLIENT wiki, it shows to issue:
  #smbclient -L
  #smbclient
  both error saying smb.conf can not be read. BTW, is the -L to just list the shares available from any place?
  Questions:
  1. So, should smb.conf be created to use smbclient? This package evidently does not install smb.conf in any form.
  2. Does the SAMBA package need to be installed to use smbclient? Samba does install a smb.conf.something.
  Any tips you have so I can read CIFS shares will be appreciated.
  Thanks
  steve.
  Last edited by stevepa (2012-11-30 03:22:49)

  Reporting my results at resolving my issues
  1. installing smbclient provides the described ftp-like environment while accessing CIFS shares. It works fine. I used
  $smbclient //OMV/steve -Usteve%omv
  to access my share on the OMV server. I could list, get and put files. I still get the message about no smb.conf file but it works.
  2. Installing gvfs-smb package allowed Thunar to display the shares. In my case, I do a Ctrl-L and then smb://OMV/steve and I can display the shared content perfectly! Click to remember password or it apparently does not work.
  Hope this helps someone.
  Steve.

• Accessing Windows CIFS Shares via Nautilus

  Hi,
  I've recently installed and configured Solaris 11, am having problems accessing Windows CIFS shares via Nautilus.
  I've installed both samba (needed for CUPS to print to printers connect to a windows pc) and smb/client. The smb/client and samba services are running. The smb/server service is not installed.
  I can print to any printer on the windows PC I'm trying to access via Nautilus, so I know my username/password for accessing the pc are correct.
  I can also manually mount any share on the windows PC via the cli (eg mount -F smfs -o user=elin //elink/users /mnt), and browse the files directly that way, except the file permisssions don't seem to align with any unix user. Again this just shows that the username/password combination is ok.
  For Samba, I'm using the default smb.conf file as /etc/samba/samba.conf. Workgroup is set to WORKGROUP in smb.conf.
  On the Windows pc, in the security event viewer, I can see the auth request, however is failing with bad password (event ID 4776, error code 0x006a). In the default group policy object for networking, I've set to accept "LM & NT, NTLMv2 when neogiatated", as this allows legacy clients to connect. (Legacy meaning NT4, Win95, etc, and also has the benefit of allowing other OSes to connect as well).
  I'm also able to access the WIndows PC CIFS shares from an Arch Linux based setup (running GNOME 3.2 w/ Nautilus 3.2), so I doubt it's the Windows side of things causing the problems. Additionally, when I was running Solaris 10u9 (just before upgrading to Sol11), I was able to access the shares via Nautilus as well.
  So my question is:
  1. Does Nautilus use Samba or the Oracle smb/client service to handle mount windows CIFS shares?
  2. What log files or configuration files do I need to looking at to help with this error?
  As a side question,
  I've found that on a clean installation running the "Print Manager" accesses CUPS fine, but once you install a printer, it'll no longer connect to CUPS, unless run from the cli "sudo system-config-printers". So this is a permissions issue, where's the best place to fix/handle that one.

  Replying to my own thread, as I have a possible but very-hackish solution.
  To add some further details to my original post.
  There are 4 PCs on the LAN.
  1. Hellfire - OS = Solaris 11 11/11
  2. Brimstone - OS = Arch Linux
  3. Elink - OS = Win7 Pro x64 SP1
  4. IsaacPC - OS = WinXP Home SP3
  Attempting to connect to Elink from Hellfire, accessing CIFS shares via Nautulis fails. (Mounting shares via Nautulis fails, but works fine from CLI using 'mount' command which to my understanding uses the smb/client service to work). Elink also hosts all the printers on the LAN, a HP LJ1200 and an Epson Fax/Printer/Scanner.
  Helfire does attempt to authenticate, as listed in the event logs on the Win7 PC (elink), but is returning bad password when using Nautulis. (but printing from hellfire to either printer on elink works fine, as does mounting CIFS shares using 'mount').
  Booting the live CD of Solaris 11, also exhibits the same non-working behaviour when attempting to mount CIFS shares in Nautulis.
  Attempting to access CIFS shares on elink from Brimstone (via Nautulis 3.2 within GNOME 3.2), or from IsaacPC works fine.
  Hellfire configuration.
  Samba is installed, but NOT running (samba is needed for accessing the printers on elink, as CUPS needs smbspool which is part of the samba package), and the native smb/client service is also running.
  smb.conf is a direct copy of the default *.conf file, except the WORKGROUP is set to 'WORKGORUP'. There is a symlink to smb.conf in /etc/sfw/smb.conf -> /etc/samba/smb.conf
  Onto the hackish-fix.
  I've noticed that there are 2 copies of libsmbclient.so installed on the system, one in /usr/sfw/lib (part of the "libsmbclient" package) and another in /usr/lib/samba (part of the "samba" package).
  "libsmbclient" appears to be based on samba 3.5.8 codebase, and is linked to the gvfsd-smb daemon (this is the software that Nautulis uses to talk SMB to access CIFS shares).
  "samba" is based on the samba 3.5.10 codebase, and it's installation has nothing to do with GNOME or Nautulis in any manner.
  Using any of the samba included tools to test SMB/CIFS functions, work with 1 minor exception (which I'll list below). eg, using smbclient I can list all shares on any PC on the LAN, etc.
  So as a hunch, I renamed the libsmbclient.so.0 in /usr/sfw/lib, and symlinked /usr/sfw/lib/libsmbclient.so.0 -> /usr/lib/samba/libsmbclient.so.0 (so that gvfsd-smb is linked against the slightly newer version of the libsmbclient.so as included in the samba package located in /usr/lib/samba).
  I rebooted Hellfire, and now I'm able to access CIFS shares via Nautulis, provided that some form of authentication is needed (that is a username and password is needed - guest access and blanks passwords don't work - but these IMO should be disabled immediately as part of a baseline security package in regards to Windows - so no harm there).
  Now to the minor exception I noted earlier. When using smbclient to actually connect and transfer files, I get:
  ld.so.1: smbclient: fatal: relocation error: file /usr/lib/libreadline.so.5: symbol tgetent: referenced symbol not found
  As far as I know, tgetent is part of libtermcap.so, so I guess when building smbclient or libreadline.so, the link reference to termcap was left out? (or something like that). Anyway, that's another issue...

• "Event code: 3008 Event message: A configuration error has occurred" while accessing the sharepoint site.

  Hello All,
  Wish You Happy New Year to All in advance.
  while accessing the share point site i got the error message
  Server Error in '/' Application.
  Configuration Error
  Description: An error occurred during the processing of a configuration file required to service this request. Please review the specific error details below and modify your configuration file appropriately.
  Parser Error Message: The element <forms> may only appear once in this section.
  Source Error:
  Line 104: <!--<forms loginUrl="/_layouts/log-in.aspx" />-->
  Line 105: <forms loginUrl="/_layouts/log-in.aspx" />
  Line 106: <forms loginUrl="/_layouts/log-in.aspx" />
  Line 107: <forms loginUrl="/_layouts/log-in.aspx" />
  Line 108: </authentication>
  Source File: C:\Inetpub\wwwroot\wss\VirtualDirectories\4545\web.config    Line:
  106
  Version Information: Microsoft .NET Framework Version:2.0.50727.3662; ASP.NET Version:2.0.50727.3658
  i have found event message in the event log
  Event code: 3008
  Event message: A configuration error has occurred.
  Event ID: 523cefee6a0943948cf01b4e9f476fff
  Event sequence: 77
  Event occurrence: 76
  Event detail code: 0
  Exception information:
      Exception type: ConfigurationErrorsException
      Exception message: The element <forms> may only appear once in this section. (C:\Inetpub\wwwroot\wss\VirtualDirectories\4545\web.config line 106)
  Request information:
      Request URL: http://beesppesxapp70:4545/_vti_bin/sitedata.asmx
      Request path: /_vti_bin/sitedata.asmx
      User host address: 172.16.20.80
      User:  
      Is authenticated: False
      Authentication Type:  
      Thread account name: abc\wss_setup
  Thread information:
      Thread ID: 1
      Thread account name: abc\wss_setup
      Is impersonating: False
      Stack trace:    at System.Configuration.BaseConfigurationRecord.EvaluateOne(String[] keys, SectionInput input, Boolean isTrusted, FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult)
     at System.Configuration.BaseConfigurationRecord.Evaluate(FactoryRecord factoryRecord, SectionRecord sectionRecord, Object parentResult, Boolean getLkg, Boolean getRuntimeObject, Object& result, Object& resultRuntimeObject)
     at System.Configuration.BaseConfigurationRecord.GetSectionRecursive(String configKey, Boolean getLkg, Boolean checkPermission, Boolean getRuntimeObject, Boolean requestIsHere, Object& result, Object& resultRuntimeObject)
     at System.Configuration.BaseConfigurationRecord.GetSection(String configKey)
     at System.Web.Configuration.RuntimeConfig.GetSectionObject(String sectionName)
     at System.Web.Configuration.RuntimeConfig.GetSection(String sectionName, Type type, ResultsIndex index)
     at System.Web.Configuration.RuntimeConfig.get_Authentication()
     at System.Web.Security.FormsAuthenticationModule.Init(HttpApplication app)
     at System.Web.HttpApplication.InitModulesCommon()
     at System.Web.HttpApplication.InitInternal(HttpContext context, HttpApplicationState state, MethodInfo[] handlers)
     at System.Web.HttpApplicationFactory.GetNormalApplicationInstance(HttpContext context)
     at System.Web.HttpApplicationFactory.GetApplicationInstance(HttpContext context)
     at System.Web.HttpRuntime.ProcessRequestInternal(HttpWorkerRequest wr)
   kindly advise me
  Thank a lot in advance

  Hi,
  As per the error logs it seems you have the Form element twice in your web config file.  Just take one or the other one out. if you did any changes in web. config file please share and elaborate little more about the changes if you have made recently before
  the error.
  Krishana Kumar http://www.mosstechnet-kk.com
  Please mark the replies and Proposed as answer if they help and solve your issue

• Windows XP users can't access SMB/CIFS shares on MAC OSX10.4.4 Xserve bug?

  The Xserves are new for us. This problem involves two of the 10.4 xerserves.
  1 serves as an Open Directory System Master(10.4.3). 2 Serves as a file share & backup (10.4.4).
  Both are production machines and cannot easily be restarted.
  There is no Windows network, Active Directory or Windows domain in our network.
  We created a SMB and AFP share on the file server which is a member of the Open Directory. (It is bound and kerberized to server 1).
  The users all have accounts in the OD system and all passwords are Open Directory. Our users can ssh into the various xserves (including the file share server 2) and authenticate against OD.
  We made the shares available via smb under Protocols --> Windows File Settings. We turned the Windows Service on in Server Admin. I'ts a standalone server and all the authentication types are checked under access.
  The MAC (powerbook) users can access the share fine. The Windows users can't. The Windows laptops can see the file share server (through search - not visable is Network Neighborhood) but when they try and connect they are presented by an authentication box that just keeps cycling over and over regardless of what the user types as user name & passwd.
  I tried to access the smb share with my powerbook(10.4.4) and have the same issue. I'm presented with an authentication box but authentication fails.
  The Windows File Service Log shows:
  auth.c:checkntlmpassword(312)
  checkntlmpassword: Authentication for user [csmith] -> [csmith] FAILED with error NTSTATUS_WRONGPASSWORD
  [2006/02/24 21:52:03, 1] authods.c:opendirectory_authuser(212)
  User "csmith" failed to authenticate with "dsAuthMethodStandard:dsAuthSMBNTKey" (-14090)
  [2006/02/24 21:52:03, 1] authods.c:opendirectory_smb_pwd_checkntlmv1(427)
  opendirectorysmb_pwd_checkntlmv1: [-14090]opendirectoryauthuser
  [2006/02/24 21:52:03, 2] /SourceCache/samba/samba-92.15/samba/source/auth/auth.c:checkntlmpassword(312)
  checkntlmpassword: Authentication for user [csmith] -> [csmith] FAILED with error NTSTATUS_WRONGPASSWORD
  [2006/02/24 21:52:03, 1] authods.c:opendirectory_authuser(212)
  User "csmith" failed to authenticate with "dsAuthMethodStandard:dsAuthSMBNTKey" (-14090)
  [2006/02/24 21:52:03, 1] authods.c:opendirectory_smb_pwd_checkntlmv1(427)
  opendirectorysmb_pwd_checkntlmv1: [-14090]opendirectoryauthuser
  [2006/02/24 21:52:03, 2] /SourceCache/samba/samba-92.15/samba/source/auth/auth.c:checkntlmpassword(312)
  checkntlmpassword: Authentication for user [csmith] -> [csmith] FAILED with error NTSTATUS_WRONGPASSWORD
  [2006/02/24 21:52:03, 2] /SourceCache/samba/samba-92.15/samba/source/smbd/server.c:exit_server(595)
  Closing connections
  I've googled this error and it seems that there a lot of engineers out there with the same problem but no answers. Could this be a bug with Apple's SMB process? Is there something I've missed? (I've looked at the smb.conf and have even turned off deny clear text passwords - I've even tried granting guest access) Anyone have any ideas?

  On the server itself, run the following in the Terminal:
  (from a few different sources):
  run ps -auxw | grep Password
  to see if Password service is running
  Also check the logs in /Library/Logs/PasswordService
  Try: id username
  and see if you get some info returned.
  Ex: id jimguy
  You should get some info about uid, gid, groups.
  sudo killall -USR1 DirectoryService
  Then try to login from a client machine.
  Be sure to re-issue
  sudo killall -USR1 DirectoryService
  in order to stop the (far more) verbose logging.
  Then check the logs in /Library/Logs/DirectoryService
  In Open Directory, you might want to revert to standalone (this will destory the existing OD setup) and then re-promote to OD Master. You'll lose all OD users however when doing so. If you don't have many, this may be best.
  You'll want to verify the hostname, and forward & reverse DNS lookups before re-promoting, and watch for any errors when promoting to OD master
  See, when you say "The real clue is that I'm unable to access the shares from my Powerbook G4 with my Open Directory account. I can log in to the file share as the local admin though and that's why I'm thinking there is a bug in the samba/OD relationship. " - that's the real clue indeed.
  The local admin account, the first admin account you setup on the server, is indeed local, and resides in NetInfo, not Open Directory.
  So something is afoul in your OD.

• Error while accessing E2E Change Analysis via SMD

  Hi All,
  I am having below mentioned error while accessing E2E Change Analysis via SMD.
  Error loading template 0TPL_0SMD_CA01_Q0001 
  Notification Number BRAIN 276 
  Let me know if you are aware about the solution.
  Regards,
  Vinit Pagaria

  Is the Queries and templates activated completely in BI-content/Client?
  Please check the same and if needed activate the queries again by running report :CCMSBI_SETUP_E2E
  Also refer to the SAP Note 1342231 - ST: Manual actvtn. of BI Content for E2E diagnostics SP18-22.
  Revert for any issues pls.
  Thanks,
  Jagan

• Samba/cifs shares using AD for Authentication

  Hi,
  I am trying to make use of the internal cifs shares in Solaris 11.1 but I am running into road blocks - can anyone shed light on this for me?
  I won't bore you with my first and abortive attempt at configuring auth with native kerperos and simply say that have decided to go with the third party product PBIS Open for the authentication.
  setup is a breeze and I can see the shares from elsewhere but for the life of me I cannot mount the shares. For the record the setup that was most successful went in this order:
  SAMBA
  pkg install service/file-system/smb
  zpool create xpool /var/tmp/xpool
  zfs set sharesmb=on xpool
  zfs create -o nbmand=on xpool/fs1
  zfs get -r share xpool
  svcadm enable -r smb/server
  smbadm show-shares host
  smbadm enable-user AD.DOMAIN\\user
  WORKAROUND to point to a working test DC:
  xx.xx.xx.xx      AD.DOMAIN >> /etc/hosts
  smbadm join -u user AD.Domain
  PBIS:
  cd /var/tmp/pbis-open-7.5.3.1536.solaris.sparcv9.pkg/
  ./install.sh
  svccfg -s system/name-service/switch
  setprop config/password = astring: "files lsass"
  setprop config/group = astring: "files lsass"
  setprop config/host = astring: "files dns mdns4_minimal [NOTFOUND=return] mdns4"
  svcadm refresh name-service/switch
  domainjoin-cli join AD.DOMAIN user
  After which I can ssh into the host as an ad user but I can't mount  (get permission denied).
  /var/adm/messages shows:
  Jan 22 15:52:14 host smbd[1635]: [ID 649633 daemon.notice] ndr_rpc_bind[tid=8]: \\ADDC.fqdn\PIPE\srvsvc: smb/client authentication failed (114)
  Jan 22 15:52:14 host smbd[1635]: [ID 649633 daemon.notice] ndr_rpc_bind[tid=8]: \\ADDC.fqdn\PIPE\lsarpc: smb/client authentication failed (114)
  Jan 22 15:52:14 host smbd[1635]: [ID 649633 daemon.notice] ndr_rpc_bind[tid=8]: \\ADDC.fqdn\PIPE\srvsvc: smb/client authentication failed (114)
  Jan 22 15:52:14 host smbd[1635]: [ID 649633 daemon.notice] ndr_rpc_bind[tid=8]: \\ADDC.fqdn\PIPE\lsarpc: smb/client authentication failed (114)
  Jan 22 15:52:14 host smbd[1635]: [ID 702911 daemon.notice] smbd_dc_monitor: domain service not responding
  and the DC logs show:
  Log Name:      System
  Source:        Microsoft-Windows-Security-Kerberos
  Date:          22/01/2014 3:46:54 PM
  Event ID:      3
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:      ADDC.fqdn
  Description:
  A Kerberos Error Message was received:
  on logon session
  Client Time:
  Server Time: 5:46:54.0000 1/22/2014 Z
  Error Code: 0xd KDC_ERR_BADOPTION
  Extended Error: 0xc00000bb KLIN(0)
  Client Realm:
  Client Name:
  Server Realm: AD.DOMAIN
  Server Name: [email protected]
  Target Name: [email protected]@AD.DOMAIN
  Error Text:
  File: 9
  Line: f09
  Error Data is in record data.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-Security-Kerberos" Guid="{98E6CFCB-EE0A-41E0-A57B-622D4E1B30B1}" EventSourceName="Kerberos" />
      <EventID Qualifiers="32768">3</EventID>
      <Version>0</Version>
      <Level>2</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2014-01-22T05:46:54.000000000Z" />
      <EventRecordID>476941</EventRecordID>
      <Correlation />
      <Execution ProcessID="0" ThreadID="0" />
      <Channel>System</Channel>
      <Computer>ADDC.fqdn</Computer>
      <Security />
    </System>
    <EventData>
      <Data Name="LogonSession">
      </Data>
      <Data Name="ClientTime">
      </Data>
      <Data Name="ServerTime">5:46:54.0000 1/22/2014 Z</Data>
      <Data Name="ErrorCode">0xd</Data>
      <Data Name="ErrorMessage">KDC_ERR_BADOPTION</Data>
      <Data Name="ExtendedError">0xc00000bb KLIN(0)</Data>
      <Data Name="ClientRealm">
      </Data>
      <Data Name="ClientName">
      </Data>
      <Data Name="ServerRealm">STAFF-TEST.AD.GRIFFITH.EDU.AU</Data>
      <Data Name="ServerName">[email protected]</Data>
      <Data Name="TargetName">[email protected]@AD.DOMAIN</Data>
      <Data Name="ErrorText">
      </Data>
      <Data Name="File">9</Data>
      <Data Name="Line">f09</Data>
      <Binary>3015A103020103A20E040CBB0000C00000000003000000</Binary>
    </EventData>
  </Event>

  Although setting up SMB server in Solaris 11.1 seems to be straight forward, yet there another important part to be completed on the Windows Side. the following link describes what to be done at the windows domain level
  https://social.technet.microsoft.com/wiki/contents/articles/2751.kerberos-interoperability-step-by-step-guide-for-window…
  Now, to be straight forward you have to do the following:
  Use Ktpass on the Windows Server 2003/2008/2012R2 KDC to create the keytab file (a keytab is a file used to store the keys used by a host or service) and set up the account for the UNIX host, and then copy the keytab file to the UNIX system and merge the keytab file into /etc/krb5.keytab (check the documentation for your Kerberos Implementation as the keytab path may be different or configurable).
  1.   From the command line, use the following command to generate the keytab file for the UNIX host, map the principal to the account, and set the host principal password.
  C:> klist
  this command will list the encrption type used by your server
  C:> Ktpass –princ host/hostname@DNS-REALM-NAME –mapuser account -pass password –crypto ENCRYPTION-TYPE –out UNIXmachine.keytab
  where
  hostnameis the fully-qualified name of the host, for example, foobar.reskit.com.
  DNS-REALM-NAME is the uppercase DNS name of the Windows Server 2003 domain; for example, RESKIT.COM.
  account is the user account previously created for the UNIX host as performed in the procedure to create Computer and User Accounts.
  password is a complex password to be set on the account.
  ENCYRYPTION-TYPE is the encryption type used to encrypt the key. Either RC4-HMAC-NT (recommended), DES-CBC-MD5, or DES-CBC-CRC.
  Note
  In order to create a keytab using the RC4-HMAC-NT encryption type you need to use the ktpass.exe from Windows Server 2003 SP1 or later.
  2.   Securely transfer the keytab file (UNIXmachine.keytab from the example above) to the UNIX host. Then, merge the keytab file with any existing keytab file for the UNIX computer.
  The UNIX commands to merge the keytab file are:
  % ktutil
  ktutil: rkt UNIXmachine.keytab
  ktutil: list
  The output should appear similar to the following:
  slot  KVNO  Principal
      1      1   host/[email protected]
  ktutil: wkt /etc/krb5.keytab
  ktutil: q
  rejoin the domain using smbadm command as following
  smbadm join -u username DOAMIN
  where username = username created from step 1
  the second part is where you have the issue \\ADDC.fqdn\PIPE\srvsvc: smb/client authentication failed
  change the following in Domain group policy if you are using domain policy or Local policy is no group policy applied
  GPO_name\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options
  add  lsarpc to the following  policy
  Network access: Named pipes that can be accessed anonymously
  gpupdate /force
  observer your /var/adm/messages and see if these message stops or not

• Can't access Network share from Windows 8 computer

  I have a clean install of Windows 8 x64 running in a workgroup environment. I can access multiple computer/NAS shares except one share off a partifular NAS. This share is accessible from other computers and the other shares on the NAS are accessible from
  this Windows 8 computer. I have cheked the credentials and they are fine, added them under the credential manager, tried to map a drive and selected use other credentials etc but it continually says "Windows cannot access \\ComputerName\ShareName"
  you do not have permission. I have permission and nothing is wrong with the permissions or the server. This is driving me crazy if anyone could help it would be greatly appreciated.
  I have tried:
  1. Mapping drive with ip address e.g. \\ip address\sharename
  2. disabled ipv6, made sure netbios enabled, made sure client for ms networks enabled.
  3. Setup a new account on server, doesn't work either.
  4. All sharing options enabled. I even modified the permissions on the share for "everyone" full access and it still didn't work.
  Has to be something with this windows 8 machine.

  Dear all,
  Hi am using 2012 r2 server and i have created share folder ,and added the user Id in that share folder but while accessing in windows pc (local admin) its opning all share folder , but its not asking password if i click in share folder it shows you do not have
  permission to access . but till lastweek it was worked fine . and if i tried in administrator login its asking password authentication. Please help me ASAp.
  Thanks
  mahamad
  8884209555 

• CIFS share limitation

  I have a problem with the CIFS shares on the 7000-series...
  On our Windows server, I have a directory for the Marketing department, to which they have full access. Inside this is a directory containing all their public documentation, which I share out (read-only) to everyone in the company. I don't seem to be able to replicate this on the Sun simulator - it tells me it's not allowed.
  It appears that in the Sun world, a filesystem is the equivalent of a share and there is no further, finer level of sharing. Every share must be a root share, but why? That's like limiting a Windows server to sharing the root of a drive and no more.
  Other NAS solutions have the ability to nest shares within a filesystem, so why not Sun?
  I could probably use DFS on the Windows server to map shares into the correct structure, but the whole point of us getting a NAS box is to remove the need for the Windows server.
  Any suggestions? :)

  I have the same problem so I think I will try to explain it from my point of view and see if we get any comments.
  I have a Real Strorage 7110 (Try & Buy)
  What my windows guys would like and what they do already on Windows Systems:
  Real Disk Layout = G:\shome\username
  share "shome" => G:\shome (Default ACL)
  User (Owner) = Full Access=rwx+inheritance
  Other = x+inheritance
  Domain Admin = Full Access=rwx+inheritanceshare "username" => G:\shome\username (Default ACL)
  Inherit from above (shome)
  Group Staff = rx+inheritanceBy the looks the Sun way is to setup up every share with all the relevant ACL, since you can not setup ACL on the directory above (project). Am I correct
  Real Disk layout /export/shome/username
  share "username"
  User (Owner) = Full Access=rwx+inheritance
  Other = x+inheritance
  Domain Admin = Full Access=rwx+inheritance
  Group Staff = rx+inheritanceThanks
  Andrew