No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

The rights displays abnormally in the CIFS ctdb mode

Publication Date:  2012-11-24 Views:  42 Downloads:  0
Issue Description
In the N8000 CIFS ctdb mode, the user found the rights of the catalog or file displays abnormally, the symptom including:
1. The user’s name or user group’s name can’t display normally, and it displays as a string of numbers.
2. The catalog or file rights can’t display correctly, and only a part of the rights display as totally controlling.



Alarm Information
None

Handling Process
If the domain users are not too many (not more than 1000), the information about the domain controller’s user and group can be obtained on the engine, the method is as followed:
1. Login via the “support” user, and copy the “wbcache.sh” to each engine’s “/opt/HS/scripts” catalog, and make sure it has the execute permission.
2. Edit “crontab” in each engine, and run the script every two hours:
n8000_01:/opt/HS/scripts # crontab –e
   * */2 * * * /opt/HS/scripts/wbcache.sh (newly added item)
3. Because the problem of the Windows cache, sometimes it can display the user name and resolve as to the Unix User (as the following picture displayed), but the rights displays incorrectly (displaying as the totally controlling). Logoff the Windows client, and then the problem will be settled at once.


Root Cause
The Samba caches the mapping relation between the Windows domain control user’s SID and the Unix UID/GID resolved by the “winbind” via the “winbindd_cache.tdb” file, while the user login via an account or add the rights for an account, the account’s information will be accessed from the domain controller and saved to “winbindd_cache.tdb”. So, it’s not necessary to go through the domain controller for the user querying the rights at the next time, and then the communication traffic between the NAS server and the domain controller reduces much.
In the ctdb mode, multiple N8000 engines work at the same time, and each engine just cache the information of the users who access it, there hasn’t configured the synchronization mechanism between two engines before caching. Then there may appear the above problem: add the user’s rights in the node 1, and then access it in the node 2, while viewing the file’s rights, it displays as “UID” because there hasn’t the user’s information in the cache.
Because the N8000 identifies the user who is can’t be resolved as the UNIX user, and the UNIX file’s common file just has the following three columns: read/write/execute, once the file has configured the three columns rights, it will be considered having all the controlling rights, therefore, there displays as the totally controlling property.
This problem just influence displaying, because the information about the file rights is saved in the N8000, so while the user implementing some file operations the N8000 can authenticate just through the user’s ID.

Suggestions
None

END