Hi, we are going to migrate our old 7 mode to a new CDOT 9.2 and for the cifs service we are setting up a new AD domain with Samba (4.6.7). The cifs svm, joins the domain and can see users and groups. But when i create a share with "Domain Users" full control, no one is able to access. If I create another domain group and give to this goupt tyhe full control the users are able to use the share. It seems that cifs svm ignores the fact that the user is member of the "Domain Users" group. In fact: c21-filer::*> diag secd authentication show-creds -node c21-filer-node2 -vserver cifs-node1-sata -win-name testuser UNIX UID: pcuser <> Windows User: MODIANOAD\testuser (Windows Domain User) GID: pcuser Supplementary GIDs: pcuser Windows Membership: MODIANOAD\test_share (Windows Domain group) MODIANOAD\noc (Windows Domain group) User is also a member of Everyone, Authenticated Users, and Network Users Privileges (0x2000): SeChangeNotifyPrivilege If I remove the user from "Domain Users" and assign him another primary group, this group disappears from "Windows Membership" section. net group /domain "Domain Users" doesn't list users if is defines as primary group, tried with native AD, and users are reportes correctly, It could be the issue?
Same problem here! Obiouvsly with Windows 2016 DC it works as expected.
I think someone needs to let a Samba-Developer access those boxes to be able to poke around a bit. No Samba Developer I know has direct access to a NetApp box, so there's no way we can diagnose this properly given that all relevant communication is encrypted.
Exactly what do you need, If you want I can to collect information or try to help to debug Thanks
Hi, If you would like to play with Netapp ONTAP there is also a simulator available: https://mysupport.netapp.com/tools/info/ECMLP2538456I.html?productID=61970 Actually I'm a little busy and I do not have the time nor the hardware to set you up a testing environment, but if you do not want/have the time to test the simulator yourself, in April I think I could set you up a full testing environment. Giuseppe
(In reply to Giuseppe Ravasio from comment #4) > If you would like to play with Netapp ONTAP there is also a simulator > available: > https://mysupport.netapp.com/tools/info/ECMLP2538456I.html?productID=61970 The simulator is only available to existing customers, not to the world. At least that was the case when I last looked.
(In reply to trenta from comment #3) > Exactly what do you need, If you want I can to collect information or try to > help to debug root access to the DC.
Hi, Sorry but now I'm a little busy and my production environment is 4.4.5, I'll try to prepare, but now I don't have availability... Ontap simulator could be asokution for testing... Thanks 2018-02-16 10:32 GMT+01:00 <samba-bugs@samba.org>: > https://bugzilla.samba.org/show_bug.cgi?id=13274 > > --- Comment #6 from Volker Lendecke <vl@samba.org> --- > (In reply to trenta from comment #3) >> Exactly what do you need, If you want I can to collect information or try to >> help to debug > > root access to the DC. > > -- > You are receiving this mail because: > You are on the CC list for the bug. > You reported the bug.
Is this still an issue with the latest Samba releases? Eventually you might want to get this solved with the help of one of those companies listed at https://www.samba.org/samba/support/globalsupport.html
Sorry we moved to Windows DC for compatibility reasons and we cannot test this anymore. Regards Giuseppe
closing as wontfix as there is no way to reproduce this by the reporter or possiblity to work on a contract base on another netapp machine.