This service script enables you to view information for troubleshooting CIFS-related issues. It displays information about network connectivity to domain controllers, access rights, credentials, access logs, and other related items for a specific NAS server or all NAS servers.
NOTE:Ensure that you run this script on the primary node of the appliance.
NOTE:Arguments must be preceded by hyphens. For example:
svc_nas_cifssupport --args="<>"
Positional arguments
Qualifier
Description
--server
Specify the name of the NAS server that you want to run the specific action on.
Options
Use the
--args argument to specify additional options.
[-h | -help | --help | <no option>]
Display help and exit. Use this option with
svc_nas_cifssupport to view the top-level options for the command. To view the options and parameters for a top-level option, use the
-help option after the top-level option. For example, the output of
svc_nas_cifssupport --server nas 1 --args="-setspn -help" provides detailed usage information about the
-setspn option.
-accessright
Compute the effective access rights for a user on a file system resource.
Display the ACL of the symbolic link, instead of the target of the link.
-verbose
Display more information about the ACL.
-aclext
Dump additional details about conditional ACEs and resource attributes that are present.
-fs <filesystem_name>
Name of the file system.
-printstats
Get the ACL statistics on the file system.
-resetall
Reset all ACL on the file system (set everyone with full control).
-path <path>
Copy ACL of the given path to all the other files of the file system. If you specify one of the following options (-owner,
-group,
-dacl, and
-sacl), copy only the relevant items. You can use these options together or combine them as you need.
-owner
Reset owners.
-group
Reset groups.
-dacl
Reset DACL.
-sacl
Reset SACL.
-audit
Audit the current CIFS (clients) connections on the SMB server.
The UNIX name or numerical ID (using the convention @uid=xxxx,gid=yyyy@, with xxxx and yyyy the decimal numerical value of the uid and the primary gid, respecitively) of the user.
NOTE:Setting the default UID to 0, or to a user which will be resolved at UID 0, will grant that user full root access. Ensure that this value is not set to 0 for users who should not have full access.
-build
Build the credential for a user that has not yet connected the SMB server.
NOTE:This option requires a domain administrator ID/ password.
-credext
Include additional details of the claims that are present in the Kerberos ticket. This is only for Dynamic Access Control (DAC).
-gpo
List (-info) or force update (-update) the Windows global policy objects (GPOs) that are applied to the SMB server.
Usage:
svc_nas_cifssupport --server <server name> | ALL --args="-gpo [-info] [-update]"
-homedir
Enable or disable the SMB home directories. Once the feature is enabled, a homedir file containing the name of the SMB users and their related home dirctory must be uploaded to the NAS server using the
uemcli /net/nas/server CLI command. Once this is done, SMB users can connect to the SMB HOME share.
Usage:
svc_nas_cifssupport --server <server name> | ALL --args="-homedir [-enable] | [-disable]"
[-enable]
Enables the home directories feature.
[-disable]
Disables the home directories feature.
-Join
Join the specified server to a Windows Active Directory (AD) domain, move it to another organizational unit (OU), or collect information about it from the Domain Controller (DC).
Allow the specified computer to join the server by taking ownership of an existing computer account in the Windows AD domain that matches the computer name that is specified in the command.
resetserverpasswd
Reset the server password on the DC.
-addservice=nfs
Add an NFS SPN for the specified server in Active Directory for secure NFS.
-logontrace
Log user or machine logon attempts for the specified IP address or for all clients when no IP address is specified.
Specify if the SID is given in decimal (0) or hexadecimal (1) format.
-priv
List all available privileges on the domain. This can be used to resolve foreign language issues.
-nltest
Simulate an NTLM user authentication on the server by specifying a domain user name and password pair. Use this command to troubleshoot connection issues or test DC connections. This command only applies to servers that are joined to a Windows domain.
Optionally set a workstation name in the NTLM request.
-pdcdump
Display information about every SMB server DC in use at the NAS server level. This command only applies to servers that are joined to a Windows domain.
Usage:
svc_nas_cifssupport --server <server name> | ALL --args="-pdcdump"
-pingdc
Check the network connectivity of the CIFS server that is specified by the NetBIOS name or computer name with a domain controller. Once connectivity is established, the command verifies that a CIFS server can access and use the domain controller services. This command only applies to servers that are joined to a Windows domain.
Delete a mapping entry from the Secure Mapping database.
-export [-file <filename>]
Export Secure Mapping database to the specified file.
-import -file <filename>
Import Secure Mapping database from the specified file.
-report
Display Secure Mapping database health and content.
-setspn
Manage Windows security principals (SPNs) of the specified computer that is joined to AD.
NOTE:SPNs are required for domain configurations in which the DNS domain is different than authentication domain (Kerberos realm). For example, if the DNS server zone includes a DNS CNAME record that maps
compname.<domain1 FQDN> to
compname.<server's domain FQDN>, then the SPN host
compname.<domain1 FQDN> must be added for the compname.
Clean up the SMB hash files for the specified file system.
-Unjoin
Unjoin the specified machine from its AD domain. If dynamic DNS is employed, the entry is removed from AD and DNS. The password for the specified account with domain administrator privileges must be provided when prompted.