No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Data collision leading errors when windows client using DNS server resolving N8000 hostname

Publication Date:  2012-09-18 Views:  47 Downloads:  0
Issue Description
Product edition information: applied for N8000 of all editions
After configured CIFS share, error reports of no authorization when client in domain controller access to CIFS share in the way of DNS resolving.

1. Examine CIFS configuration and share information in N8000.
n83.CIFS> show
Name Value
---- -----
netbios name n83
ntlm auth yes
allow trusted domains no
homedirfs fs20g
quota 0
idmap backend rid:10000-20000
workgroup OCEANSTOR
security ads
Domain OCEANSTOR.COM
Domain user Administrator
Domain Controller 129.22.48.237
n83.CIFS> share show
ShareName FileSystem ShareOptions
share1g fs1gone owner=root,group=root,rw,noguest
n83.CIFS> share show share1g
ShareName VIP Address
share1g 129.22.20.88
2. Create new host in DNS server, hostname is n83 the same as the name of cluster, IP address is 129.22.20.88 used by CIFS share.
3. Add DNS server address to local link property of a client in domain controller, execute ping command to connect with the new host.

C:\Documents and Settings\cifs2>ping n83
Pinging n83.oceanstor.com [129.22.20.88] with 32 bytes of data:
Reply from 129.22.20.88: bytes=32 time=1ms TTL=64
Reply from 129.22.20.88: bytes=32 time<1ms TTL=64
Ping statistics for 129.22.20.88:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
Control-C
^C
C:\Documents and Settings\cifs2>ping n83.oceanstor.com
Pinging n83.oceanstor.com [129.22.20.80] with 32 bytes of data:
Reply from 129.22.20.80: bytes=32 time<1ms TTL=64
Reply from 129.22.20.80: bytes=32 time<1ms TTL=64
Ping statistics for 129.22.20.80:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
^C
C:\Documents and Settings\cifs2>
4. Open the run program from windows start menu; use the new hostname as part of CIFS share path to access to CIFS like: \\n83\sharelg
5. Click OK, input domain username and password, error reports that system cannot provide network path.
6. Directly use \\n83\ as path and input domain username and password, the CIFS share is visible but inaccessible.
Alarm Information
None
Handling Process
Step 1 when add hostname access to CIFS share in DNS, do not use the name of cluster in case of collision. Name it n83share.
Step2 access to CIFS thorough DNS resolving in the client which is already added to domain. Successful
Using \\n83share.oceanstor.com\share1g as access path to CIFS is also OK. 
Root Cause
1. Use linux as client and configure DNS address, then access to CIFS share with domain username and password successful and own read-write authorization after mounting. Screen print like this.

N8000:/ # ls -al cifs
total 1
drwxrwxrwx 2 root root 48 Sep 7 15:58 .
drwxr-xr-x 22 root root 536 Oct 8 22:53 ..
N8000:/ # ping n83
ping: unknown host n83
N8000:/ # ping n83.oceanstor.com
PING n83.oceanstor.com (129.22.20.88) 56(84) bytes of data.
64 bytes from 129.22.20.88: icmp_seq=1 ttl=64 time=3.32 ms
64 bytes from 129.22.20.88: icmp_seq=2 ttl=64 time=1.57 ms
--- n83.oceanstor.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 15006ms
rtt min/avg/max/mdev = 1.573/2.447/3.322/0.875 ms
N8000:/ # mount -t cifs //n83.oceanstor.com/_share1g$ /cifs --verbose -o user=cifs1
parsing options: rw,user=cifs1
Password:
mount.cifs kernel mount options unc=//n83.oceanstor.com\_share1g
$,ip=129.22.20.88,pass=huaWEI123,ver=1,rw,user=cifs1
N8000:/ # mount
/dev/hda2 on / type reiserfs (rw,acl,user_xattr)
proc on /proc type proc (rw)
sysfs on /sys type sysfs (rw)
debugfs on /sys/kernel/debug type debugfs (rw)
udev on /dev type tmpfs (rw)
devpts on /dev/pts type devpts (rw,mode=0620,gid=5)
shm on /dev/shm type tmpfs (rw,size=2g)
securityfs on /sys/kernel/security type securityfs (rw)
//n83.oceanstor.com/_share1g$ on /cifs type cifs (rw,mand)
N8000:/ # cd /cifs
N8000:/cifs # ls
1.dat 3.dat dirone dirtwo file.txt lost+found
N8000:/cifs # touch 2.dat
N8000:/cifs # ls
1.dat 2.dat 3.dat dirone dirtwo file.txt lost+found
N8000:/cifs #
2. Do the same operation in a Windows client which is not in domain. It turns out access is available without username and password. The screen prints like this:

C:\Documents and Settings\Administrator>ping n83
Ping request could not find host n83. Please check the name and try again.
C:\Documents and Settings\Administrator>ping n83.oceanstor.com
Pinging n83.oceanstor.com [129.22.20.88] with 32 bytes of data:
Reply from 129.22.20.88: bytes=32 time=1ms TTL=64
Reply from 129.22.20.88: bytes=32 time<1ms TTL=64
Ping statistics for 129.22.20.88:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
Control-C
^C
C:\Documents and Settings\Administrator>
3. Check information on a domain controller, there is also a host named n83 in domain computer. According to the analysis before: CIFS module of N8000 should be added to an ad domain when using ads certification, so there is a host called n83 in domain computer. Data resolved by DNS and data feedback from domain controller conflicts, so during resolving in client, n83 in domain computer is founded instead of n83 in DNS host, so the client cannot access to CIFS in the way of DNS resolve.

Suggestions
1. When ads authentication is used by CIFS module of cluster, if client use DNS resolve way to access to CIFS share, the host added to DNS server cannot be nominated the name of cluster, or the access wound fail because of collision. It is recommended that use the cluster name plus share name. 
2. When ads authentication mode is used by CIFS module of cluster, if client is not added to domain, username and password is not needed when access to CIFS with DNS resolving, but there are unsafe factors exists. It is recommended that clients are added to domain in this situation.
3. When user authentication mode is used by CIFS module of cluster, if client use DNS resolve to access to CIFS share, problem of data collision when windows client using DNS server resolving N8000 hostname won’t emerge.

END