WEBVPN trouble accessing CIF shares

Similar Messages

• Unable to access CIFS shares using SSL Web portal

  Hello,
  i have deployed Cisco Clientless Web VPN on my ASA5515.
  I'm having an issue when I try to browse a file server (access CIFS shares) from the WEB VPN portal.   I am prompted for login, and after logging in  I get the "Error contacting host" immediately. it's seem like a bug on ASA ? i saw that on Cisco Web site : bug CSCsl94183
  I already DONE those things :
  1- reload the ASA
  2- upgrade to the latest software release
  3- test different web browser ( Firefox, IE, Chrome)
  1- ASA Platform is 5515 running  latest software release (9.1.4)
  2- File  server running Windows 2008 R2
  3- Clients is using Firefox.
  4- When I establish SSL VPN connection using Cisco AnyConnect I  have no problems accessing files or folders on the same server.
  NOTE :  I have 2 other CIFS server running  Window 2003 and there is no issue.  the issue is happening ONLY  with the server running Window 2008 R2

  I've also seen this exact problem. We have several Windows 2008 R2 servers, one of our Domain controllers has been migrated to 2008 R2. I can access shares on the Windows 2008 R2 domain controller, but not a deicated (member) file share server. 

• Cannot access CIFS shares from Windows 2008R2 on NSS3000

  Hi,
  I am trying to upgrade our 2008 domain to 2008R2 but with that last version we cannot access to cifs shares on the NSS3000. Access from all other clients are OK. It was 100% OK under 2008...
  Whether I use the IP or the FQDN, I got an error from Windows 2008R2. From IP, I got "No process is on the other end of pipe." and from network Gui, I got "Windows cannot access \\nas0026CB647BC6. Check the spelling of the name...blabla. Details : Error Code : 0x80070035, The network path was not found".
  On the NAS, I got this errors in the cifs logs :
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: rpc_api_pipe: Remote machine WIN2008-PDC.bluemoon.holywell.leics pipe \NETLOGON fnum 0x4002returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED 
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: [2011/02/24 14:12:45, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) 
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: rpc_api_pipe: Remote machine WIN2008-PDC.bluemoon.holywell.leics pipe \NETLOGON fnum 0x4002returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED 
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: [2011/02/24 14:12:45, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) 
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: rpc_api_pipe: Remote machine WIN2008-PDC.bluemoon.holywell.leics pipe \NETLOGON fnum 0x4002returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED 
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: [2011/02/24 14:12:45, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) 
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: rpc_api_pipe: Remote machine WIN2008-PDC.bluemoon.holywell.leics pipe \NETLOGON fnum 0x4002returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED 
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: [2011/02/24 14:12:45, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) 
  Feb 24 14:12:45 NAS0026cb647bc6 winbindd[28457]: rpc_api_pipe: Remote machine WIN2008-PDC.bluemoon.holywell.leics pipe \NETLOGON fnum 0x4002returned critical error. Error was NT_STATUS_PIPE_DISCONNECTED 
  Feb 24 14:12:48 NAS0026cb647bc6 winbindd[28457]: [2011/02/24 14:12:48, 0] rpc_client/cli_pipe.c:rpc_api_pipe(790) 
  It is likely to be an incompatibility between Windows 2008R2 smbv2 and the NSS3000 smbd but I can't find any firmware update and I can't find the process to allow in the registry.
  I can ping it, I can connect on the web interface, I can connect on FTP but no CIFS at all.
  Firmware version running is 1.20.1. Hardware rev : V03.
  Any idea?

  Hi SpaceBass, have you looked into sharepoints or into Netinfo manager. I have been playing around with sharepoints and it does let me enter non local users into the sharing prefs- albeit manually. Only thing is , depending on the number of macs you have, it could be a long and tedious job entering it all by hand. Netinfo may have an easier way, I'll do some more digging and post back.
  Cheers.

• Random error accessing CIFS shares from Windows

  I am setting up some CIFS shares to be used from Windows clients and in the process I had some random problems accessing the shares.
  In hope of finding the answer I checked the CIFS Service and the Active Directory Service, and while watching the screen for Active Directory Service I saw that the "Selected Domain Controller" changed from one to another. I now stayed within this screen and noticed that the "Selected Domain Controller" continued to change and then I found the problem, because an unknown Domain Controller appeared. The IP was 216.150.17.8
  I found that when ever this Domain Controller was the selected one, all access to CIFS shares from Windows clients failed! This is correct, because the 216.150.17.8 of course is unaware of all users in Our Domain
  So the Questions are:
  - what is happening?
  - and how to solve this?
  - why is a Domain Controller 216.150.17.8 sometimes the Selected Controller?
  - where does this 216.150.17.8 come from?
  Have You seen anything like this?

  I now have found out why the DC changes - it is because the CIFS service is restarting ;-(
  This is a log snip
  2009-5-14 09:24:53 Executing start method ("exec /usr/lib/smbsrv/smbd start").
  2009-5-14 09:24:53 Executing stop method (:kill).
  2009-5-14 09:24:53 Stopping because all processes in service exited.
  2009-5-14 09:24:39 Method "start" exited with status 0.
  2009-5-14 09:23:48 Executing start method ("exec /usr/lib/smbsrv/smbd start").
  smbd: NetBIOS services started
  2009-5-14 09:23:48 Executing stop method (:kill).
  2009-5-14 09:23:48 Stopping because all processes in service exited.
  2009-5-14 09:23:34 Method "start" exited with status 0.
  It seems to happen when I access the share and thereby force a uservalidation
  Any ideas?

• Mapped GID is changing while accessing CIFS share

  Hi guys
  We're seening a strange issue on our AD-bound macs that the mapped GIDs of files on a CIFS share are changing without any change on the filesystem.
  First of all let me explain our setup:
  1. All macs are joined to our active directory domain. The output of "dsconfigad -show" for the uid/gid mapping looks as follows:
  <snip>
  Advanced Options - Mappings
    Mapping UID to attribute       = not set
    Mapping user GID to attribute  = not set
    Mapping group GID to attribute = not set
    Generate Kerberos authority    = Enabled
  <snap>
  2. Macs access a cifs share on a netapp filer.
  3. Username and groupnames are mapped correctly. The output of "id rth" for my user looks as follows:
  uid=1973125731(rth) gid=2108864217(OSAG\corp) groups=2108864217(OSAG\corp),....
  Problem:
  When I mount the netapp CIFS share and enter it, everything looks good:
  <snip>
  rth@mac-rth:~$ ls -l /Volumes/os/it
  total 696
  drwx------+ 1 rth  OSAG\corp  16384 Nov 29 11:48 admin
  drwx------+ 1 rth  OSAG\corp  16384 Mar 29  2004 corphtmlstats
  <snap>
  However when I execute a second ls a few seconds later, it can't map the group anymore:
  <snip>
  rth@mac-rth:~$ ls -l /Volumes/os/it
  total 696
  drwx------+ 1 rth  2181038096  16384 Nov 29 11:48 admin
  drwx------+ 1 rth  2181038096  16384 Mar 29  2004 corphtmlstats
  <snap>
  It seems that the mapping doesn't work anymore even tough nothing has changed in the meantime. The same behaviour can be seen on any folders on this share. With the first ls everything seems to be OK and with the 2nd execution the mapping is not correct anymore.
  From time to time it happens, that the mapping is correct again for single files or folders for a short period of time.
  Has anyone seen a similar behaviour so far?
  Thanks for your help.
  Cheers
  Raphi

  Sounds like an issue that has to do with JavaScript Origin policy. You'll have to use Domain Relaxing for this. Read all about it here:
  http://help.sap.com/saphelp_nw04/helpdata/en/59/87b54064c2742ae10000000a155106/frameset.htm
  here:
  http://help.sap.com/saphelp_nw04/helpdata/en/5e/473d4124b08739e10000000a1550b0/frameset.htm
  and here:
  http://help.sap.com/saphelp_nw04/helpdata/en/cb/f8751d8c6b254dac189f4029c76112/frameset.htm

• Finder cannot access CIFS share but Terminal can

  Hello,
  when I connect to a Samba share of my university for which the folder permissions are set via NFS ACLs, Finder gives an error: The folder FOLDER cannot be opened because you don't have permission to see its contents.
  Access via Terminal to the folder FOLDER works fine though.
  The behavior is identical to the following post
  https://discussions.apple.com/message/8398410#8398410
  But no solution was given.
  Any ideas?
  Thanks,
  To

  Hi nvpurk,
  Have you accessed to the shared folder in the Linux from the Windows machine before ?
  Have you configured the permissions of the shared folder and add the permissions for the specific user ?
  Considering you are using the Linux system as a shared host .We can refer to the following link to configure it .
  How to Share Folders in Ubuntu & Access them from Windows 7
  http://www.7tutorials.com/how-access-ubuntu-shared-folders-windows-7
  How to Share Files Between Windows and Linux
  http://www.howtogeek.com/176471/how-to-share-files-between-windows-and-linux/
  According to the error message ,we can run "icacls path to the network share folder" to check whether the present user has the permission to access the folder .
  NOTE: This response contains a reference to a third party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites.
  Considering you are using the Linux as a shared and we are not familiar with configuring it .We also can try to ask for help from the Linux Forum.
  Best regards
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Accessing Windows CIFS Shares via Nautilus

  Hi,
  I've recently installed and configured Solaris 11, am having problems accessing Windows CIFS shares via Nautilus.
  I've installed both samba (needed for CUPS to print to printers connect to a windows pc) and smb/client. The smb/client and samba services are running. The smb/server service is not installed.
  I can print to any printer on the windows PC I'm trying to access via Nautilus, so I know my username/password for accessing the pc are correct.
  I can also manually mount any share on the windows PC via the cli (eg mount -F smfs -o user=elin //elink/users /mnt), and browse the files directly that way, except the file permisssions don't seem to align with any unix user. Again this just shows that the username/password combination is ok.
  For Samba, I'm using the default smb.conf file as /etc/samba/samba.conf. Workgroup is set to WORKGROUP in smb.conf.
  On the Windows pc, in the security event viewer, I can see the auth request, however is failing with bad password (event ID 4776, error code 0x006a). In the default group policy object for networking, I've set to accept "LM & NT, NTLMv2 when neogiatated", as this allows legacy clients to connect. (Legacy meaning NT4, Win95, etc, and also has the benefit of allowing other OSes to connect as well).
  I'm also able to access the WIndows PC CIFS shares from an Arch Linux based setup (running GNOME 3.2 w/ Nautilus 3.2), so I doubt it's the Windows side of things causing the problems. Additionally, when I was running Solaris 10u9 (just before upgrading to Sol11), I was able to access the shares via Nautilus as well.
  So my question is:
  1. Does Nautilus use Samba or the Oracle smb/client service to handle mount windows CIFS shares?
  2. What log files or configuration files do I need to looking at to help with this error?
  As a side question,
  I've found that on a clean installation running the "Print Manager" accesses CUPS fine, but once you install a printer, it'll no longer connect to CUPS, unless run from the cli "sudo system-config-printers". So this is a permissions issue, where's the best place to fix/handle that one.

  Replying to my own thread, as I have a possible but very-hackish solution.
  To add some further details to my original post.
  There are 4 PCs on the LAN.
  1. Hellfire - OS = Solaris 11 11/11
  2. Brimstone - OS = Arch Linux
  3. Elink - OS = Win7 Pro x64 SP1
  4. IsaacPC - OS = WinXP Home SP3
  Attempting to connect to Elink from Hellfire, accessing CIFS shares via Nautulis fails. (Mounting shares via Nautulis fails, but works fine from CLI using 'mount' command which to my understanding uses the smb/client service to work). Elink also hosts all the printers on the LAN, a HP LJ1200 and an Epson Fax/Printer/Scanner.
  Helfire does attempt to authenticate, as listed in the event logs on the Win7 PC (elink), but is returning bad password when using Nautulis. (but printing from hellfire to either printer on elink works fine, as does mounting CIFS shares using 'mount').
  Booting the live CD of Solaris 11, also exhibits the same non-working behaviour when attempting to mount CIFS shares in Nautulis.
  Attempting to access CIFS shares on elink from Brimstone (via Nautulis 3.2 within GNOME 3.2), or from IsaacPC works fine.
  Hellfire configuration.
  Samba is installed, but NOT running (samba is needed for accessing the printers on elink, as CUPS needs smbspool which is part of the samba package), and the native smb/client service is also running.
  smb.conf is a direct copy of the default *.conf file, except the WORKGROUP is set to 'WORKGORUP'. There is a symlink to smb.conf in /etc/sfw/smb.conf -> /etc/samba/smb.conf
  Onto the hackish-fix.
  I've noticed that there are 2 copies of libsmbclient.so installed on the system, one in /usr/sfw/lib (part of the "libsmbclient" package) and another in /usr/lib/samba (part of the "samba" package).
  "libsmbclient" appears to be based on samba 3.5.8 codebase, and is linked to the gvfsd-smb daemon (this is the software that Nautulis uses to talk SMB to access CIFS shares).
  "samba" is based on the samba 3.5.10 codebase, and it's installation has nothing to do with GNOME or Nautulis in any manner.
  Using any of the samba included tools to test SMB/CIFS functions, work with 1 minor exception (which I'll list below). eg, using smbclient I can list all shares on any PC on the LAN, etc.
  So as a hunch, I renamed the libsmbclient.so.0 in /usr/sfw/lib, and symlinked /usr/sfw/lib/libsmbclient.so.0 -> /usr/lib/samba/libsmbclient.so.0 (so that gvfsd-smb is linked against the slightly newer version of the libsmbclient.so as included in the samba package located in /usr/lib/samba).
  I rebooted Hellfire, and now I'm able to access CIFS shares via Nautulis, provided that some form of authentication is needed (that is a username and password is needed - guest access and blanks passwords don't work - but these IMO should be disabled immediately as part of a baseline security package in regards to Windows - so no harm there).
  Now to the minor exception I noted earlier. When using smbclient to actually connect and transfer files, I get:
  ld.so.1: smbclient: fatal: relocation error: file /usr/lib/libreadline.so.5: symbol tgetent: referenced symbol not found
  As far as I know, tgetent is part of libtermcap.so, so I guess when building smbclient or libreadline.so, the link reference to termcap was left out? (or something like that). Anyway, that's another issue...

• [SOLVED]Setting up Arch to read CIFS shares but no smb.conf

  I am trying to ACCESS CIFS shares from another computer. Other clients can access these shares without issue. I am NOT trying to host files from Arch.
  Reading I have done: wiki pages on SAMBA and SMBCLIENT.
  Reading the SMBCLIENT wiki page, it apparently states that only the package smbclient should be installed, which I did.
  But, following the SMBCLIENT wiki, it shows to issue:
  #smbclient -L
  #smbclient
  both error saying smb.conf can not be read. BTW, is the -L to just list the shares available from any place?
  Questions:
  1. So, should smb.conf be created to use smbclient? This package evidently does not install smb.conf in any form.
  2. Does the SAMBA package need to be installed to use smbclient? Samba does install a smb.conf.something.
  Any tips you have so I can read CIFS shares will be appreciated.
  Thanks
  steve.
  Last edited by stevepa (2012-11-30 03:22:49)

  Reporting my results at resolving my issues
  1. installing smbclient provides the described ftp-like environment while accessing CIFS shares. It works fine. I used
  $smbclient //OMV/steve -Usteve%omv
  to access my share on the OMV server. I could list, get and put files. I still get the message about no smb.conf file but it works.
  2. Installing gvfs-smb package allowed Thunar to display the shares. In my case, I do a Ctrl-L and then smb://OMV/steve and I can display the shared content perfectly! Click to remember password or it apparently does not work.
  Hope this helps someone.
  Steve.

• SBS 2008 - Windows 8.1+ clients trouble accessing file server shares

  I have now upgraded 1 Windows 8 machine to Windows 8.1, and also clean installed another with Win 8.1 update 1 today, and both machines have trouble accessing the SBS2008 file server shares by UNC. If I browse by IP address of the server it seems to work
  flawlessly. The odd thing is that it's sporadic. So if I browse in explorer to "\\*netbiosname*\share" the Win8.1 machine will sometimes be able to access the share, and other times it will fail with a "network unable to reach location etc.."
  error. When it does work, it can take up to 5-10 minutes while explorer is frozen before the share is accessed. We're running quite a few Windows 8 machines without a problem, but it seems to be a specific problem with 8.1. Any idea?

  This doesn't seem to fix this specific problem. I had a few days of "luck", but now it's back. I just upgraded another co-workers machine to Win8.1 and he advised me that he's been having the same problem even with the above fix applied. His issue
  is when opening an office document that's located on the file server using location "\\servername\filename.xlsx", it takes a very long time (minutes) to open the excel file. This was happening to me as well, and if I tried to browse the network during
  this period, Windows Explorer would sometimes give me path not found, and unspecified error. I will try and capture a screen of the error when it occurs. Any ideas??
  edit: I have also noticed an unresponsive Windows Explorer for a few seconds to a minute over the last few days, which is a pretty good indicator that it's still happening on my machine.
  The odd thing is, if I use the IP address of the file server, everything is fine. I changed all of my links to use the IP since October when Win8.1 was released to combat this problem, and only changed them back to the server name for testing since I want
  to start deploying Win8.1 to others in the office. Unless I can fix this bug, they'll have to be stuck on Win8.
  Thanks,
  kk

• Windows XP users can't access SMB/CIFS shares on MAC OSX10.4.4 Xserve bug?

  The Xserves are new for us. This problem involves two of the 10.4 xerserves.
  1 serves as an Open Directory System Master(10.4.3). 2 Serves as a file share & backup (10.4.4).
  Both are production machines and cannot easily be restarted.
  There is no Windows network, Active Directory or Windows domain in our network.
  We created a SMB and AFP share on the file server which is a member of the Open Directory. (It is bound and kerberized to server 1).
  The users all have accounts in the OD system and all passwords are Open Directory. Our users can ssh into the various xserves (including the file share server 2) and authenticate against OD.
  We made the shares available via smb under Protocols --> Windows File Settings. We turned the Windows Service on in Server Admin. I'ts a standalone server and all the authentication types are checked under access.
  The MAC (powerbook) users can access the share fine. The Windows users can't. The Windows laptops can see the file share server (through search - not visable is Network Neighborhood) but when they try and connect they are presented by an authentication box that just keeps cycling over and over regardless of what the user types as user name & passwd.
  I tried to access the smb share with my powerbook(10.4.4) and have the same issue. I'm presented with an authentication box but authentication fails.
  The Windows File Service Log shows:
  auth.c:checkntlmpassword(312)
  checkntlmpassword: Authentication for user [csmith] -> [csmith] FAILED with error NTSTATUS_WRONGPASSWORD
  [2006/02/24 21:52:03, 1] authods.c:opendirectory_authuser(212)
  User "csmith" failed to authenticate with "dsAuthMethodStandard:dsAuthSMBNTKey" (-14090)
  [2006/02/24 21:52:03, 1] authods.c:opendirectory_smb_pwd_checkntlmv1(427)
  opendirectorysmb_pwd_checkntlmv1: [-14090]opendirectoryauthuser
  [2006/02/24 21:52:03, 2] /SourceCache/samba/samba-92.15/samba/source/auth/auth.c:checkntlmpassword(312)
  checkntlmpassword: Authentication for user [csmith] -> [csmith] FAILED with error NTSTATUS_WRONGPASSWORD
  [2006/02/24 21:52:03, 1] authods.c:opendirectory_authuser(212)
  User "csmith" failed to authenticate with "dsAuthMethodStandard:dsAuthSMBNTKey" (-14090)
  [2006/02/24 21:52:03, 1] authods.c:opendirectory_smb_pwd_checkntlmv1(427)
  opendirectorysmb_pwd_checkntlmv1: [-14090]opendirectoryauthuser
  [2006/02/24 21:52:03, 2] /SourceCache/samba/samba-92.15/samba/source/auth/auth.c:checkntlmpassword(312)
  checkntlmpassword: Authentication for user [csmith] -> [csmith] FAILED with error NTSTATUS_WRONGPASSWORD
  [2006/02/24 21:52:03, 2] /SourceCache/samba/samba-92.15/samba/source/smbd/server.c:exit_server(595)
  Closing connections
  I've googled this error and it seems that there a lot of engineers out there with the same problem but no answers. Could this be a bug with Apple's SMB process? Is there something I've missed? (I've looked at the smb.conf and have even turned off deny clear text passwords - I've even tried granting guest access) Anyone have any ideas?

  On the server itself, run the following in the Terminal:
  (from a few different sources):
  run ps -auxw | grep Password
  to see if Password service is running
  Also check the logs in /Library/Logs/PasswordService
  Try: id username
  and see if you get some info returned.
  Ex: id jimguy
  You should get some info about uid, gid, groups.
  sudo killall -USR1 DirectoryService
  Then try to login from a client machine.
  Be sure to re-issue
  sudo killall -USR1 DirectoryService
  in order to stop the (far more) verbose logging.
  Then check the logs in /Library/Logs/DirectoryService
  In Open Directory, you might want to revert to standalone (this will destory the existing OD setup) and then re-promote to OD Master. You'll lose all OD users however when doing so. If you don't have many, this may be best.
  You'll want to verify the hostname, and forward & reverse DNS lookups before re-promoting, and watch for any errors when promoting to OD master
  See, when you say "The real clue is that I'm unable to access the shares from my Powerbook G4 with my Open Directory account. I can log in to the file share as the local admin though and that's why I'm thinking there is a bug in the samba/OD relationship. " - that's the real clue indeed.
  The local admin account, the first admin account you setup on the server, is indeed local, and resides in NetInfo, not Open Directory.
  So something is afoul in your OD.

• CIFS share limitation

  I have a problem with the CIFS shares on the 7000-series...
  On our Windows server, I have a directory for the Marketing department, to which they have full access. Inside this is a directory containing all their public documentation, which I share out (read-only) to everyone in the company. I don't seem to be able to replicate this on the Sun simulator - it tells me it's not allowed.
  It appears that in the Sun world, a filesystem is the equivalent of a share and there is no further, finer level of sharing. Every share must be a root share, but why? That's like limiting a Windows server to sharing the root of a drive and no more.
  Other NAS solutions have the ability to nest shares within a filesystem, so why not Sun?
  I could probably use DFS on the Windows server to map shares into the correct structure, but the whole point of us getting a NAS box is to remove the need for the Windows server.
  Any suggestions? :)

  I have the same problem so I think I will try to explain it from my point of view and see if we get any comments.
  I have a Real Strorage 7110 (Try & Buy)
  What my windows guys would like and what they do already on Windows Systems:
  Real Disk Layout = G:\shome\username
  share "shome" => G:\shome (Default ACL)
  User (Owner) = Full Access=rwx+inheritance
  Other = x+inheritance
  Domain Admin = Full Access=rwx+inheritanceshare "username" => G:\shome\username (Default ACL)
  Inherit from above (shome)
  Group Staff = rx+inheritanceBy the looks the Sun way is to setup up every share with all the relevant ACL, since you can not setup ACL on the directory above (project). Am I correct
  Real Disk layout /export/shome/username
  share "username"
  User (Owner) = Full Access=rwx+inheritance
  Other = x+inheritance
  Domain Admin = Full Access=rwx+inheritance
  Group Staff = rx+inheritanceThanks
  Andrew

• Read-only CIFS share--5320 NAS Gateway Cluster

  Is it possible to share CIFS shares read-only using Active Directory authentication, then revert to normal read-write operation? We would like to make information available while we are finishing an incremental copy from an old data source.

  I have the same problem so I think I will try to explain it from my point of view and see if we get any comments.
  I have a Real Strorage 7110 (Try & Buy)
  What my windows guys would like and what they do already on Windows Systems:
  Real Disk Layout = G:\shome\username
  share "shome" => G:\shome (Default ACL)
  User (Owner) = Full Access=rwx+inheritance
  Other = x+inheritance
  Domain Admin = Full Access=rwx+inheritanceshare "username" => G:\shome\username (Default ACL)
  Inherit from above (shome)
  Group Staff = rx+inheritanceBy the looks the Sun way is to setup up every share with all the relevant ACL, since you can not setup ACL on the directory above (project). Am I correct
  Real Disk layout /export/shome/username
  share "username"
  User (Owner) = Full Access=rwx+inheritance
  Other = x+inheritance
  Domain Admin = Full Access=rwx+inheritance
  Group Staff = rx+inheritanceThanks
  Andrew

• Asa 8.2 access files share on outside network from VPN Client.

  please help me
  I have cisco asa 5505 with 8.2
  outside is 111.22.200.51
  inside is 192.168.1.0/24 dhcp
  vpnpool is 192.168.10.1-192.168.10.30
  configured split tunnel to vpn client to access web
  I was able to connect from outside via vpn.
  Goal is access fileserver(on window) on 111.22.200.21 from vpn clients.
  internal client can access the share folder
  vpn client cannot access ther share on 111.22.200.21
  ============================
  names
  name 192.168.1.1 ciscogw
  name 111.21.200.1 umgw
  interface Ethernet0/0
   switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
   switchport access vlan 5
  interface Ethernet0/4
  interface Ethernet0/5
   switchport access vlan 5
  interface Ethernet0/6
   switchport access vlan 5
  interface Ethernet0/7
   switchport access vlan 5
  interface Vlan1
   nameif inside
   security-level 100
   ip address ciscogw 255.255.255.0
  interface Vlan2
   nameif outside
   security-level 0
   ip address 111.22.200.51 255.255.255.0
  interface Vlan5
   no nameif
   security-level 50
   ip address dhcp setroute
  ftp mode passive
  clock timezone MST -7
  clock summer-time MDT recurring
  dns server-group DefaultDNS
   domain-name vpn.nmecsc.org
  access-list RAteam_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
  access-list inside_nat0_outbound extended permit ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.192
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  ip local pool vpnpool 192.168.10.1-192.168.10.30 mask 255.255.255.224
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 0 access-list inside_nat0_outbound
  nat (inside) 1 0.0.0.0 0.0.0.0
  route outside 0.0.0.0 0.0.0.0 111.22.200.1 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
    quit
  crypto isakmp enable outside
  crypto isakmp policy 10
   authentication pre-share
   encryption 3des
   hash sha
   group 2
   lifetime 86400
  telnet timeout 5
  ssh timeout 5
  console timeout 0
  dhcpd auto_config outside
  dhcpd address 192.168.1.5-192.168.1.50 inside
  dhcpd dns 8.8.8.8 8.8.4.4 interface inside
  dhcpd wins 111.22.210.65 111.22.210.61 interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ssl trust-point ASDM_TrustPoint0 outside
  webvpn
   enable outside
  group-policy DfltGrpPolicy attributes
   banner value WARNING: Unauthorized access to this system is forbidden and will be prosecuted by law. By accessing this system, you agree that your actions may be monitored if unauthorized usage is suspected.
  group-policy RA_SSLVPN internal
  group-policy RA_SSLVPN attributes
   vpn-tunnel-protocol webvpn
   webvpn
    url-list value team
  group-policy RAteam internal
  group-policy RAteam attributes
   wins-server value 111.22.210.65
   dns-server value  8.8.8.8 8.8.4.4
   vpn-tunnel-protocol IPSec
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value RAteam_splitTunnelAcl
   default-domain value vpn.nmecsc.org
  username teamssl2 password 5ZBa0qXxwLBPpvoR encrypted privilege 0
  username teamssl2 attributes
   vpn-group-policy RA_SSLVPN
  username team2 password 5ZBa0qXxwLBPpvoR encrypted privilege 0
  username team2 attributes
   vpn-group-policy RAteam
  username teamssl1 password 5ZBa0qXxwLBPpvoR encrypted privilege 0
  username teamssl1 attributes
   vpn-group-policy RA_SSLVPN
  username team1 password 5ZBa0qXxwLBPpvoR encrypted privilege 0
  username team1 attributes
   vpn-group-policy RAteam
  tunnel-group team type remote-access
  tunnel-group team general-attributes
   default-group-policy RA_SSLVPN
  tunnel-group team webvpn-attributes
   group-alias team enable
   group-url https://111.22.200.51/team enable
  tunnel-group RAteam type remote-access
  tunnel-group RAteam general-attributes
   address-pool vpnpool
   default-group-policy RAteam
  tunnel-group RAteam ipsec-attributes
   pre-shared-key *
  class-map inspection_default
   match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
   parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny 
    inspect sunrpc
    inspect xdmcp
    inspect sip 
    inspect netbios
    inspect tftp
    inspect ip-options
  service-policy global_policy global
  prompt hostname context
  call-home reporting anonymous
  Cryptochecksum:680b9059ca6ca6610857bab04d855031

  I just upgrade asa to 9.3
  add access-list but still no luck. I attached the diagram.
  name 192.168.1.1 ciscogw
  ip local pool vpnpool 192.168.10.1-192.168.10.50 mask 255.255.255.0
  interface Ethernet0/0
   switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/7
  interface Vlan1
   nameif inside
   security-level 100
   ip address ciscogw 255.255.255.0
  interface Vlan2
   nameif outside
   security-level 0
   ip address 111.22.200.51 255.255.255.0
  boot system disk0:/asa923-k8.bin
  ftp mode passive
  object network obj_any
   subnet 0.0.0.0 0.0.0.0
  object network NETWORK_OBJ_192.168.1.0_24
   subnet 192.168.1.0 255.255.255.0
  object network NETWORK_OBJ_192.168.10.0_26
   subnet 192.168.10.0 255.255.255.192
  access-list ipsec_group_splitTunnelAcl standard permit 192.168.1.0 255.255.255.0
  access-list ipsec_group_splitTunnelAcl standard permit host 111.22.200.21
  access-list ipsec_group_splitTunnelAcl standard permit 111.22.200.0 255.255.255.0
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  icmp unreachable rate-limit 1 burst-size 1
  asdm image disk0:/asdm-731-101.bin
  no asdm history enable
  arp timeout 14400
  no arp permit-nonconnected
  nat (inside,outside) source static NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 destination static NETWORK_OBJ_192.168.10.0_26 NETWORK_OBJ_192.168.10.0_26 no-proxy-arp route-lookup
  object network obj_any
   nat (inside,outside) dynamic interface
  route outside 0.0.0.0 0.0.0.0 111.22.200.1 1
  dynamic-access-policy-record DfltAccessPolicy
  user-identity default-domain LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  ssl trust-point ASDM_TrustPoint0 outside
  webvpn
   enable outside
   tunnel-group-list enable
  group-policy ssl_vpn internal
  group-policy ssl_vpn attributes
   vpn-tunnel-protocol ssl-clientless
   webvpn
    url-list value carino
  group-policy DfltGrpPolicy attributes
  group-policy ipsec_group internal
  group-policy ipsec_group attributes
   dns-server value 8.8.8.8 8.8.4.4
   vpn-tunnel-protocol ikev1
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value ipsec_group_splitTunnelAcl

• Failure of ACL setting for CIFS share resource on Windows client logined with administrator account

  Hi,
    We accounter a puzzle of ACL setting for a CIFS share resource. In our application, we use the
  administrator account to login a Windows 7 OS which is used as the CIFS client. We can access the share resource by "\\server_ip" on  this CIFS client,  but we can't add
  a new ACE to the ACL of a CIFS share resource provided by a CIFS server.
  Why dose this hanppen? Note that the CIFS server maybe a Windows OS or a self-developed CIFS server. 
    The operation details as followed:
  1.Access the share resource by "\\server_ip", login the CIFS server by a valid account on the CIFS server.
  2.On the Windows client, select the "Security" panel in the mouse-right-button properties dialog of a cifs share resource.
  3.To add a new ACE for someone eg. user0, we input "user0" in the "Select Users ans Groups" dialog popped up.
  4.Click OK, but the Windows client will not get the user information for user0 from the CIFS server.
  WHY?
  5.By wireshare network trace, we find the Windows client didn't send any SAMR requests to the CIFS server.
  6.Restart the Windows client OS and login again with another account except administrator, carry out the above operations. We find that the Windows client can get the user information, opposite with the step 4 above.
  WHY?
  7.By wireshare network trace, we find that the Windows client has sent SAMR requests to the CIFS server to get user informations. But that is different from step 5,  WHY?
  If the Windows client OS is login with administrator account, is there any configuration on Windows client to decide whether request user information on CIFS server when setting ACL for CIFS share resource?
  Expect your help.Thanks.
  Best wishes.

  The purpose of this forum is to support the Open Specifications documentation. You can read about the Microsoft Open Specifications program here,
  http://www.microsoft.com/openspecifications/en/us/default.aspx
  The library of Open Specification documents is located here,
  http://msdn.microsoft.com/en-us/library/dd208104.aspx
  It doesn’t appear that you are implementing one of the protocols cited.  Your question may be more applicable to Technet's Windows Server Platform Networking forum at
  https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverPN or the File Services and Storage forum at
  https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverfiles.
  If you are working on implementing a protocol using the specifications cidet above, please provide more detail.
  Bryan S. Burgin Senior Escalation Engineer Microsoft Protocol Open Specifications Team

• CIFS share authentication is slow

  The problem I’m having is when accessing a CIFS share authentication is taking several minutes. The Mac OS is LION and I’m connecting via SMB to a share on NetApp storage using a local account on the NetApp. Are there any options I could change in LION that would speed up authentication?

  Hi
  I have similar issue. Ldap 5.1 crashes after upgrade from siteminder 4.61 to 5.5. But if i remove the certain indexes, it does not crash, but LDAP becomes very slow due to unindexed search.
  If you get any solution..pls inform us too.
  Thanks in advance
  [email protected]
  chennai