The Samba-Bugzilla – Bug 13274
Netapp CDOT 9.1/9.2 cifs missing Domain Users
Last modified: 2018-02-16 09:32:01 UTC
we are going to migrate our old 7 mode to a new CDOT 9.2 and for the cifs service we are setting up a new AD domain with Samba (4.6.7).
The cifs svm, joins the domain and can see users and groups.
But when i create a share with "Domain Users" full control, no one is able to access.
If I create another domain group and give to this goupt tyhe full control the users are able to use the share.
It seems that cifs svm ignores the fact that the user is member of the "Domain Users" group.
c21-filer::*> diag secd authentication show-creds -node c21-filer-node2 -vserver cifs-node1-sata -win-name testuser
UNIX UID: pcuser <> Windows User: MODIANOAD\testuser (Windows Domain User)
MODIANOAD\test_share (Windows Domain group)
MODIANOAD\noc (Windows Domain group)
User is also a member of Everyone, Authenticated Users, and Network Users
If I remove the user from "Domain Users" and assign him another primary group, this group disappears from "Windows Membership" section.
net group /domain "Domain Users" doesn't list users if is defines as primary group, tried with native AD, and users are reportes correctly,
It could be the issue?
Same problem here!
Obiouvsly with Windows 2016 DC it works as expected.
I think someone needs to let a Samba-Developer access those boxes to be able to poke around a bit. No Samba Developer I know has direct access to a NetApp box, so there's no way we can diagnose this properly given that all relevant communication is encrypted.
Exactly what do you need, If you want I can to collect information or try to help to debug
If you would like to play with Netapp ONTAP there is also a simulator available:
Actually I'm a little busy and I do not have the time nor the hardware to set you up a testing environment, but if you do not want/have the time to test the simulator yourself, in April I think I could set you up a full testing environment.
(In reply to Giuseppe Ravasio from comment #4)
> If you would like to play with Netapp ONTAP there is also a simulator
The simulator is only available to existing customers, not to the world. At least that was the case when I last looked.
(In reply to trenta from comment #3)
> Exactly what do you need, If you want I can to collect information or try to
> help to debug
root access to the DC.