Sun Microsystems, Inc.  Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-75-1007149.1
Update Date:2010-04-13
Keywords:

Solution Type  Troubleshooting Sure

Solution  1007149.1 :   Sun StorageTek[TM] 5000 Series NAS: Troubleshooting Inability to Access or View CIFS Shares  


Related Items
  • Sun Storage 5210 NAS Appliance
  •  
  • Sun Storage 5220 NAS Appliance
  •  
  • Sun Storage 5310 NAS Appliance
  •  
  • Sun Storage 5320 NAS Gateway/Cluster System
  •  
  • Sun Storage 5320 NAS Appliance
  •  
  • Sun Storage 5310 NAS Gateway System
  •  
Related Categories
  • GCS>Sun Microsystems>Storage - Disk>Network Attached Storage
  •  

PreviouslyPublishedAs
209852


Description
Description
Symptoms:
  • "Cannot access shares"
  • "Cannot see shares"
Purpose/Scope:

This document defines a step-by-step procedure for troubleshooting problems accessing CIFS shares. CIFS shares are generally intended for Windows clients. The document links to several Technical Instructions with the individual procedures for each step. This document also includes some configuration advice.


Steps to Follow
Please follow each troubleshooting step below. The steps will provide instructions or a link to a document to collect data, validate the data and take corrective action as necessary. The steps are ordered in the most appropriate sequence to isolate the issue and identify the proper resolution. Please do not skip a step.
  1.  <Document: 1007154.1> Check the NAS system log for messages immidiately after unsuccessfully attempting to access the share. The NAS system log is the best place to start looking for the cause of this issue.
  2.  <Document: 1005602.1> Use the autohome feature for user home directories. For environments with user home directories, Autohome shares make the NAS easier to use for both administrators and users.
  3.  <Document: 1013073.1> If using Workgroup mode (non-domain), understand the NAS-specific password security. Workgroup mode uses a simpler, password and UID-based system to secure shares. Domain mode is strongly recommended for secure environments.
  4.  <Document: 1008490.1> Understand how the default administrative shares are used. For Windows compatibility, a hidden share is created at the root of every user volume on the NAS, plus the system volumes /cvol and /dvol. Users logged in as members of the Domain Admins group can access these shares without any shares being created. A benefit of this is that it is not necessary to create shares at the root of volumes. Creating root level shares is dangerous, as it relies on administrators to secure every directory with permissions to protect them from unwanted access. With this model, shares are created only at the lower level directories needed for each user or group.
  5.  <Document: 1011364.1> Troubleshoot individual file and directory access issues with the cacls utility. This command line utility shows CIFS permissions, NFS permissions and extended attributes for files and directories. Also, check the file permissions from a Windows client, as a Domain Admin if possible.
  6.  <Document: 1005474.1>  Understand how CIFS access tokens work. If you change group membership or primary group for a CIFS user account, the user must completely disconnect from the NAS in order for the changes to take effect. This is sometimes a challenge. The linked document also describes some useful troubleshooting data that can be collected from the user tokens on the NAS.
  7. Understand that the NAS cannot authenticate to an LDAP server in place of a CIFS doamin controller. The NAS LDAP support is currently limited to NIS+ type lookups; e.g. hostgrps, netgroups, etc. A workaround for this is to use a Samba-based domain controller. The NAS is able to use the Samba server for authentication, and newer Samba versions are able to authenticate users via LDAP.
  8.  <Document: 1005474.1>  Collect the NAS extractor and diagnostic to prepare for a support case or escalation. The diagnostic collection should be done as soon as possible after the attempt to join the domain.
  9.  <Document: 1004130.1> Collect the network trace. Follow the instructions to set up a trace, set the filter to capture traffic between the client attempting to access the share, the NAS and Domain Controller(s). Start the trace, repeat the attempt to access the share, then stop the trace.
  10. At this point, if you not been able to resolve the issue with the troubleshooting steps above, further troubleshooting is required. Contact Sun Support and be prepared to provide the data collected in the above steps.


Product
Sun StorageTek 5310 NAS Gateway/Cluster System
Sun StorageTek 5320 NAS Gateway/Cluster System
Sun StorageTek 5320 NAS Appliance
Sun StorageTek 5320
Sun StorageTek 5310 NAS Gateway System
Sun StorageTek 5310 NAS Appliance
Sun StorageTek 5220 NAS Appliance
Sun StorageTek 5220
Sun StorageTek 5210 NAS Appliance

Internal Comments
This document contains normalized content and is managed by the the Domain Lead(s) of the respective domains. To notify content owners of a knowledge gap contained in this document, and/or prior to updating this document, please contact the domain engineers that are managing this document via the “Document Feedback” alias(es) listed below

storage-nas-domain@sun.com


The NAS extractor can be downloaded from PTS web pages and mailed to customer. If your customer experience trouble with NAS extractor you might collect some debugging information and provide feedback to Wayne Taranto who has developed this data collector.



NAS, normalized, CIFS, shares, access denied
Previously Published As
90531

Change History
Date: 2010-04-13
User Name: 79977
Action: Currency Check
Comment: Verified current by CL, william.harper@oracle.com
Verified Keywords - ok (normalized)
Normalized content - checked status of dependent articles
Date: 2007-10-03
User Name: 31620
Action: Approved
Comment: Verified Metadata - ok
Verified Keywords - ok (normalized)
Normalized content - checked status of dependent articles
90735 - in my KE queue - will be published today
90736 - published
90649 - published
90646 - published
90701- in my KE queue - will be published today
90737- in my KE queue - will be published today
88134 - published
89171 - published
Verified still correct for audience - currently set to contract
Audience left at contract as per FvF at
http://kmo.central/howto/content/voyager-contributor-standards.html
Checked review date - currently set to 2008-09-13
Checked for TM - ok as presented
Also checked all links went to sunsolve.sun.com
Publishing under the current publication rules of 18 Apr 2005:


Change History
ef8d4cb2-9cd6-11da-85b4-080020a9ed93 | Sun StorageTek 5320 NAS Gateway/Cluster System
27ca3082-cb13-11da-857a-080020a9ed93 | Sun StorageTek 5320 NAS Appliance
9d23ea64-a8be-11da-85b4-080020a9ed93 | Sun StorageTek 5320
fb861199-9cd7-11da-85b4-080020a9ed93 | Sun StorageTek 5310 NAS Gateway/Cluster System
8a8b6eeb-092e-11da-99bc-080020a9ed93 | Sun StorageTek 5310 NAS Gateway System
63654ce5-f88d-11d8-ab63-080020a9ed93 | Sun StorageTek 5310 NAS Appliance
a656fa3d-fc97-11da-ac3d-080020a9ed93 | Sun StorageTek 5220 NAS Appliance
d4e4fc3d-7c3f-11d8-9e3a-080020a9ed93 | Sun StorageTek 5210 NAS Appliance


Attachments
This solution has no attachment
  Copyright © 2011 Sun Microsystems, Inc.  All rights reserved.
 Feedback