1 Rookie
•
52 Posts
0
875
Simulator Access Denied on smb
We have a production Isilon which has been fine for ages, and have setup a Simulator for a safer testing environment.
The logic is exactly the same between the two and have just setup the delegated DNS to point to the simulator, however no matter what I do, I am always hit with an Access Denied pop up window when attempting to access the share via the correct access zone.
it almost appears the cluster is not doing lookups in AD correctly, SPN are set, DNS deletion is set, pinging results in correct round robin responses for the pool, Authenticator providers are set for the access zone as i can lookup groups for the SMB share permissions etc..
NFS mounts work fine, as we use NFSv3 so no authentication requirement. we are wanting to test specific NFS+SMB sharing of the same directories, however we always get 'Access is deinied' pop ups
Are there any known bugs in the Simulator? or have i missed something this is 9.4.0.0 (on the simulator), we run 9.4.0.4 in our production cluster.
storageSysAdmin
1 Rookie
1 Rookie
•
52 Posts
0
March 20th, 2023 04:00
Incase anyone has this issue in the future, I managed to resolve this by fixing the permissions at the root of the access zone, they were far too restrictive and didn't allow execute / transfers permissions
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
February 8th, 2023 10:00
Hi,
Thanks for your question. Does it work properly on the production system or have you not done it there yet because it isn’t working in the simulator? Can you run isi smb settings global view and see if reject unencrypted access is enabled? I am not aware of any bugs with this in the simulator.
Let us know if you have any additional questions.
dynamox
2 Intern
2 Intern
•
20.4K Posts
0
February 8th, 2023 20:00
so is this test share already being used for concurrent CIFS/NFS access? You could be getting into POSIX ACL/WIndows permissions issues. On the SMB share, give your Windows account "run as root" privileges, disconnect/reconnect from the share and see if that works.
storageSysAdmin
1 Rookie
1 Rookie
•
52 Posts
0
February 9th, 2023 06:00
So I am wondering if I created some folders and structure on the simulator before I setup the specfic access zone for our domain, basically removing all the folders and recreating another one has not fixed the issue (removed the AZ all together)
this is the output I get when running ls -led on the top AZ DIR
sim01-1% ls -led /ifs/path/AZ
OWNER: user:DOMAIN\domainadmin
GROUP: group:DOMAIN\domain users
SYNTHETIC ACL
0: user:DOMAIN\domainadmin allow dir_gen_read,dir_gen_write,dir_gen_execute,std_write_dac,delete_child
1: group:DOMAIN\domain users allow std_read_dac,std_synchronize,dir_read_attr
I was wondering if I am missing some additional parameters here to grant correct access for windows domain account, and NFS (v3) access.
Our main production isilon has the below set of permissions on the AZ, is there meant to be a 'standard default' POSIX set applied when you create a fresh access zone?, or do you manually have to set the correct permissions for your AZ?
Main production Isilon: all shares are subfolders of the below which in inherit these before we start to add in NTFS
OWNER: user:root
GROUP: group:wheel
CONTROL:dacl_auto_inherited,dacl_protected
0: group:Administrators allow dir_gen_all,object_inherit,container_inherit
1: creator_owner allow dir_gen_all,object_inherit,container_inherit,inherit_only
2: everyone allow dir_gen_read,dir_gen_execute
3: group:Users allow dir_gen_read,dir_gen_execute,object_inherit,container_inherit
4: group:Users allow std_synchronize,add_file,add_subdir,container_inherit
aledor09
1 Rookie
1 Rookie
•
1 Message
0
August 22nd, 2024 22:50
@storageSysAdmin Hello, running into the same issue basically, do you recall what directory permission you added to the root AZ?