Wednesday 2 May 2012

Cifs troubleshooting (NetApp)


Cifs troubleshooting:
Cifs client access
The flow of communications from cifs client to a storage appliance in a multiprotocol environment.
1.       PC request access to the data.
2.       Storage appliance check with DC for the authentication.
3..   DC reply: authentication or guest.
4.       If guest access is denied unless cifs. guest-account is set.
5.       Storage appliance maps the NT account to unix username.
6.       Storage appliance compares NT account info with share ACL.
7.       Storage appliance compare NT account info with file ACL or UNIX username with file permissions.
8.       If users have access to the share and the file, the storage appliance grants the access.

Phase 1: PC request access to the data.
Potential issue
1.       Network failed or slow.
2.       Client not authenticated to DC.
3.       Client not able to find the storage appliance.
The below are the cmd by which you can figure it out.
Filer>ifstat
Filer>netdiag
Filer> ping the DNS or by username.
Client>tracert
Filer>nbtstat(if using WINS(windows internet name services)).
Phase 2: Storage appliance check with DC for the authentication.
Potential issue:
Domain controller communicates and trust across multiple domains can fail.
Cmd:
Filer> cifs testdc
Filer>options cifs.trace_login  is set to on.(note: to prevent the deluge of the console and log messages , Netapp recommend the toggling this options off after the troubleshooting is complete.)
Phase 3: DC reply:  authentication or guest
Potential issue:
Authenticated result is not what was expected, Need to check the details of mapping.
Cmd:
      Filer> wcc  -s  username
     Filer>  options cifs.trace_login on
Phase 4:if guest account is denied unless
Potential issue
Guest access is denied
Cmd:
Filer>options cifs .guest_account
Phase 5:stoeage appliance maps NT account to unix username
Potential issue:
Account does not map, or UNIX username does not exit.
Cmd:
Check /etc/psswd file
Check /etc/usermap.cfg file
nis info (if using nis)
filer>options nis.group_update_schedule
Phase6: Storage appliance compare NT account info with share ACL.
Potential issue:
User does not have access to the share.
Cmd:
Filer> cifs shares
Client>computer management(wind 2000)
Phase7: storage appliance compare NT account info with file ACL, or unix username with file permission.
Potential issue:
User does not have access to file.
Cmd:
Filer> qtree status( check security style)
Win clent> Explorer
Unix client >ls –l




Posted by at

4 comments:

Subscribe to: Post Comments (Atom)