here's the
normal process of having a netapp filer join an nt4-style samba domain:
vfiler*> cifs terminate
filer@vfiler*> cifs setup
This process will enable CIFS access to the filer from a Windows(R) system.
Use "?" for help at any prompt and Ctrl-C to exit without committing changes.
Your filer does not have WINS configured and is visible only to
clients on the same subnet.
Do you want to make the system visible via WINS? [n]: y
You can enter up to 4 IPv4 WINS server addresses.
IPv4 address(es) of your WINS name server(s) []: IP.OF.WINS.SERVER
A filer can be configured for multiprotocol access, or as an NTFS-only
filer. Since multiple protocols are currently licensed on this filer,
we recommend that you configure this filer as a multiprotocol filer
(1) Multiprotocol filer
(2) NTFS-only filer
Selection (1-2)? [1]: 1
The default name for this CIFS server is 'FILER'.
Would you like to change this name? [n]:
Data ONTAP CIFS services support four styles of user authentication.
Choose the one from the list below that best suits your situation.
(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication
Selection (1-4)? [1]: 2
What is the name of the Windows NT 4 domain? []: SAMBADOMAIN
*** CIFS Setup was unable to discover the address of the Primary Domain
*** Controller (PDC) for the SAMBADOMAIN domain using WINS or broadcasts.
*** In order to join the domain, you must supply the IPv4 address of the
*** PDC. After CIFS Setup has completed, you can use the 'cifs prefdc'
*** command to specify a complete set of preferred PDC and BDC addresses.
Enter the IPv4 address of the Primary Domain Controller []: 10.10.10.10
CIFS - Starting SMB protocol...
Welcome to the SAMBADOMAIN Windows(R) NT domain
filer@vfiler*> Wed Mar 30 10:55:09 EST [filer@auth.dc.trace.DCConnection.statusMsg:info]:
AUTH: TraceDC- the machine password changed on domain controller \\PDC.
Wed Mar 30 10:55:09 EST [filer@cifs.startup.local.succeeded:info]: CIFS: CIFS local server is running.
Wed Mar 30 10:55:16 EST [filer@nbt.nbns.registrationComplete:info]: NBT: All CIFS name registrations
have completed for the local server.
filer@vfiler*>
filer@vfiler*> cifs domaininfo
NetBios Domain: SAMBADOMAIN
Type: NT4
Current Connected DCs: \\PDC
Total DC addresses found: 3
Preferred Addresses:
10.10.10.10 PDC PDC
Favored Addresses:
None
Other Addresses:
10.10.10.11 BDC
10.10.10.12 BDC2
however. sometimes things do not work out for you.
vfiler> vfiler context filer
filer@vfiler> Thu Aug 1 09:02:39 EDT [filer@cmds.vfiler.console.switch:notice]:
Console context was switched to a vFiler(tm) unit filer.
filer@vfiler> cifs domaininfo
NetBios Domain: SAMBADOMAIN
Type: NT4
Not currently connected to any DCs
Preferred Addresses:
10.10.10.10 PDC PDCBROKEN
Favored Addresses:
None
Other Addresses:
10.10.10.11 BDC BDCBROKEN
10.10.10.12 BDC2 BDCBROKEN
filer@vfiler> cifs testdc
Using Established configuration
Current Mode of NBT is H Mode
Netbios scope ""
Registered names...
FILER < 0> WINS Broadcast
FILER < 3> WINS Broadcast
FILER <20> WINS Broadcast
SAMBADOMAIN < 0> WINS Broadcast
Testing all Primary Domain Controllers
found 1 unique addresses
Thu Aug 1 09:05:54 EDT [filer@auth.dc.DCPasswdChange.failed:error]:
AUTH: The filer's attempt to change the shared password with filer's domain controller
failed with status 0xc000005e: Scheduled automatic password change failed. The filer
will retry in 1 hour.
Not able to communicate with PDC 10.10.10.10
trying 10.10.10.10...10.10.10.10 is alive
Testing all Domain Controllers
found 3 unique addresses
Not able to communicate with DC 10.10.10.10
trying 10.10.10.10...10.10.10.10 is alive
found DC BDC at 10.10.10.11
found DC BDC2 at 10.10.10.12
well
crud. let's try to re-add.
filer@vfiler> cifs terminate
CIFS local server on vfiler filer is shutting down...
waiting for CIFS shut down (^C aborts)...
CIFS local server on vfiler filer has shut down...
filer@vfiler> cifs setup filer
Invalid arguments to CIFS Setup.
filer@vfiler> cifs setup
This process will enable CIFS access to the filer from a Windows(R) system.
Use "?" for help at any prompt and Ctrl-C to exit without committing changes.
This filer is currently a member of the Windows NT 4 domain
'SAMBADOMAIN'.
Do you want to continue and change the current filer account information? [n]: y
Your filer is currently visible to all systems using WINS. The WINS
name servers currently configured are: [ 10.10.10.10 ].
(1) Keep the current WINS configuration
(2) Change the current WINS name server address(es)
(3) Disable WINS
Selection (1-3)? [1]: 1
This filer is currently configured as a multiprotocol filer.
Would you like to reconfigure this filer to be an NTFS-only filer? [n]: n
The default name for this CIFS server is 'FILER'.
Would you like to change this name? [n]: n
Data ONTAP CIFS services support four styles of user authentication.
Choose the one from the list below that best suits your situation.
(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication
Selection (1-4)? [1]: 2
What is the name of the Windows NT 4 domain? [SAMBADOMAIN]:
CIFS - Starting SMB protocol...
Thu Aug 1 09:18:35 EDT [filer@nbt.nbns.registrationComplete:info]: NBT: All CIFS name
registrations have completed for the local server.
*** CIFS Setup could not establish a connection with the Primary Domain
*** Controller (PDC). Usually this happens when the 'FILER'
*** account does not exist in the domain or must have it's password reset.
crud.
exit from cifs setup. and go over to your Samba PDC.
root@pdc:~# smbpasswd -x FILER$
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SAMBADOMAIN))]
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
init_sam_from_ldap: Entry found for user: FILER$
init_group_from_ldap: Entry found for group: 2771
ldapsam_delete_sam_account: Deleting user FILER$ from LDAP.
sh: 1: /usr/local/sbin/ldap_delete_user: not found
smb_delete_user: Running the command `/usr/local/sbin/ldap_delete_user "filer$"' gave 127
Deleted user FILER$.
root@pdc:~# smbpasswd -a -m FILER$
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SAMBADOMAIN))]
smbldap_open_connection: connection opened
ldap_connect_system: successful connection to the LDAP server
smbldap_search_domain_info: Searching for:[(&(objectClass=sambaDomain)(sambaDomainName=SAMBADOMAIN))]
ldapsam_add_sam_account: User exists without samba attributes: adding them
init_ldap_from_sam: Setting entry for user: FILER$
ldapsam_add_sam_account: added: uid == FILER$ in the LDAP database
init_sam_from_ldap: Entry found for user: FILER$
init_group_from_ldap: Entry found for group: 2771
init_ldap_from_sam: Setting entry for user: FILER$
ldapsam_update_sam_account: successfully modified uid = FILER$ in the LDAP database
Added user FILER$.
root@pdc:~# id FILER$
uid=15345(FILER$) gid=1301(Domain Computers) groups=1301(Domain Computers)
now, go back to the netapp filer. start the process again. when you get past the authentication section, you should see this:
Selection (1-4)? [2]: 2
What is the name of the Windows NT 4 domain? [SAMBADOMAIN]:
CIFS - Starting SMB protocol...
Thu Aug 1 09:34:29 EDT [filer@nbt.nbns.registrationComplete:info]: NBT: All CIFS name registrations have completed for the local server.
Thu Aug 1 09:34:32 EDT [filer@auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- the machine password changed on domain controller \\BDC.
Welcome to the SAMBADOMAIN Windows(R) NT domain
filer@vfiler> Thu Aug 1 09:34:32 EDT [filer@auth.dc.trace.DCConnection.statusMsg:info]: AUTH: TraceDC- the machine password changed on domain controller \\BDC.
Thu Aug 1 09:34:32 EDT [filer@cifs.startup.local.succeeded:info]: CIFS: CIFS local server is running.
hot damn.
No comments:
Post a Comment