Thursday, August 1, 2013

well flies on my eyes! or netapp and samba domain excitement

here's the normal process of having a netapp filer join an nt4-style samba domain:
vfiler*> cifs terminate

filer@vfiler*> cifs setup              

This process will enable CIFS access to the filer from a Windows(R) system.
Use "?" for help at any prompt and Ctrl-C to exit without committing changes.

        Your filer does not have WINS configured and is visible only to
        clients on the same subnet.
Do you want to make the system visible via WINS? [n]: y
        You can enter up to 4 IPv4 WINS server addresses.
IPv4 address(es) of your WINS name server(s) []: IP.OF.WINS.SERVER
        A filer can be configured for multiprotocol access, or as an NTFS-only
        filer. Since multiple protocols are currently licensed on this filer,
        we recommend that you configure this filer as a multiprotocol filer

(1) Multiprotocol filer
(2) NTFS-only filer

Selection (1-2)? [1]: 1
        The default name for this CIFS server is 'FILER'.
Would you like to change this name? [n]: 
        Data ONTAP CIFS services support four styles of user authentication.
        Choose the one from the list below that best suits your situation.

(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication

Selection (1-4)? [1]: 2
What is the name of the Windows NT 4 domain? []: SAMBADOMAIN
***     CIFS Setup was unable to discover the address of the Primary Domain
***     Controller (PDC) for the SAMBADOMAIN domain using WINS or broadcasts.
***     In order to join the domain, you must supply the IPv4 address of the
***     PDC. After CIFS Setup has completed, you can use the 'cifs prefdc'
***     command to specify a complete set of preferred PDC and BDC addresses.

Enter the IPv4 address of the Primary Domain Controller []: 10.10.10.10
CIFS - Starting SMB protocol...
Welcome to the SAMBADOMAIN Windows(R) NT domain
filer@vfiler*> Wed Mar 30 10:55:09 EST [filer@auth.dc.trace.DCConnection.statusMsg:info]: 
AUTH: TraceDC- the machine password changed on domain controller \\PDC.
Wed Mar 30 10:55:09 EST [filer@cifs.startup.local.succeeded:info]: CIFS: CIFS local server is running.
Wed Mar 30 10:55:16 EST [filer@nbt.nbns.registrationComplete:info]: NBT: All CIFS name registrations 
have completed for the local server.

filer@vfiler*> 

filer@vfiler*> cifs domaininfo

NetBios Domain:           SAMBADOMAIN
Type:                     NT4

Current Connected DCs:    \\PDC
Total DC addresses found: 3
Preferred Addresses:
                          10.10.10.10    PDC              PDC
Favored Addresses:
                          None
Other Addresses:
                          10.10.10.11                     BDC
                          10.10.10.12                     BDC2

however. sometimes things do not work out for you.
vfiler> vfiler context filer                                                 
filer@vfiler> Thu Aug  1 09:02:39 EDT [filer@cmds.vfiler.console.switch:notice]: 
Console context was switched to a vFiler(tm) unit filer.

filer@vfiler> cifs domaininfo             

NetBios Domain:           SAMBADOMAIN
Type:                     NT4

Not currently connected to any DCs
Preferred Addresses:
                          10.10.10.10    PDC              PDCBROKEN
Favored Addresses:
                          None
Other Addresses:
                          10.10.10.11    BDC               BDCBROKEN
                          10.10.10.12    BDC2              BDCBROKEN

filer@vfiler> cifs testdc

Using Established configuration
Current Mode of NBT is H Mode

Netbios scope "" 
Registered names...
        FILER  < 0> WINS  Broadcast 
        FILER  < 3> WINS  Broadcast 
        FILER  <20> WINS  Broadcast 
        SAMBADOMAIN    < 0> WINS  Broadcast 

Testing all Primary Domain Controllers
found 1 unique addresses

Thu Aug  1 09:05:54 EDT [filer@auth.dc.DCPasswdChange.failed:error]: 
AUTH: The filer's attempt to change the shared password with filer's domain controller 
failed with status 0xc000005e: Scheduled automatic password change failed. The filer 
will retry in 1 hour.
Not able to communicate with PDC 10.10.10.10
trying 10.10.10.10...10.10.10.10 is alive

Testing all Domain Controllers
found 3 unique addresses

Not able to communicate with DC 10.10.10.10
trying 10.10.10.10...10.10.10.10 is alive
found DC BDC at 10.10.10.11
found DC BDC2 at 10.10.10.12
well crud. let's try to re-add.
filer@vfiler> cifs terminate

CIFS local server on vfiler filer is shutting down...

waiting for CIFS shut down (^C aborts)...

CIFS local server on vfiler filer has shut down...
filer@vfiler> cifs setup filer  
Invalid arguments to CIFS Setup.
filer@vfiler> cifs setup                
This process will enable CIFS access to the filer from a Windows(R) system.
Use "?" for help at any prompt and Ctrl-C to exit without committing changes.

        This filer is currently a member of the Windows NT 4 domain
        'SAMBADOMAIN'.
Do you want to continue and change the current filer account information? [n]: y
        Your filer is currently visible to all systems using WINS. The WINS
        name servers currently configured are: [ 10.10.10.10 ].

(1) Keep the current WINS configuration
(2) Change the current WINS name server address(es)
(3) Disable WINS

Selection (1-3)? [1]: 1
        This filer is currently configured as a multiprotocol filer.
Would you like to reconfigure this filer to be an NTFS-only filer? [n]: n
        The default name for this CIFS server is 'FILER'.
Would you like to change this name? [n]: n
        Data ONTAP CIFS services support four styles of user authentication.
        Choose the one from the list below that best suits your situation.

(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication

Selection (1-4)? [1]: 2
What is the name of the Windows NT 4 domain? [SAMBADOMAIN]: 
CIFS - Starting SMB protocol...
Thu Aug  1 09:18:35 EDT [filer@nbt.nbns.registrationComplete:info]: NBT: All CIFS name 
registrations have completed for the local server.
***     CIFS Setup could not establish a connection with the Primary Domain
***     Controller (PDC). Usually this happens when the 'FILER'
***     account does not exist in the domain or must have it's password reset.
crud. exit from cifs setup. and go over to your Samba PDC.
root@pdc:~# smbpasswd -x FILER$

smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SAMBADOMAIN))]
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
init_sam_from_ldap: Entry found for user: FILER$
init_group_from_ldap: Entry found for group: 2771
ldapsam_delete_sam_account: Deleting user FILER$ from LDAP.
sh: 1: /usr/local/sbin/ldap_delete_user: not found
smb_delete_user: Running the command `/usr/local/sbin/ldap_delete_user "filer$"' gave 127
Deleted user FILER$.

root@pdc:~# smbpasswd -a -m FILER$

smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SAMBADOMAIN))]
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SAMBADOMAIN))]
ldapsam_add_sam_account: User exists without samba attributes: adding them
init_ldap_from_sam: Setting entry for user: FILER$
ldapsam_add_sam_account: added: uid == FILER$ in the LDAP database
init_sam_from_ldap: Entry found for user: FILER$
init_group_from_ldap: Entry found for group: 2771
init_ldap_from_sam: Setting entry for user: FILER$
ldapsam_update_sam_account: successfully modified uid = FILER$ in the LDAP database
Added user FILER$.

root@pdc:~# id FILER$
uid=15345(FILER$) gid=1301(Domain Computers) groups=1301(Domain Computers)
now, go back to the netapp filer. start the process again. when you get past the authentication section, you should see this:
Selection (1-4)? [2]: 2
What is the name of the Windows NT 4 domain? [SAMBADOMAIN]: 

CIFS - Starting SMB protocol...
Thu Aug  1 09:34:29 EDT [filer@nbt.nbns.registrationComplete:info]: NBT: All CIFS name registrations have completed for the local server.
Thu Aug  1 09:34:32 EDT [filer@auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- the machine password changed on domain controller \\BDC.
Welcome to the SAMBADOMAIN Windows(R) NT domain
filer@vfiler> Thu Aug  1 09:34:32 EDT [filer@auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- the machine password changed on domain controller \\BDC.
Thu Aug  1 09:34:32 EDT [filer@cifs.startup.local.succeeded:info]: CIFS: CIFS local server is running.
hot damn.
Post a Comment