No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

An AD Domain User Has No Permission to Write Data onto a CIFS Homedir Web Disk

Publication Date:  2013-07-23 Views:  114 Downloads:  0
Issue Description
Product name and version: N8500 V200R001
When trying to write file data into storage space in CIFS homedire mode, user 00002398 is prompted with a write failure due to no such write permission.
Alarm Information
None
Handling Process
Change the UID of user 00002398 to be the up-to-date one.
Root Cause
Run the following commands to check the directory permission of user 00002398:
CCTVN8500_01:/var/lib/nfs/sm/links/DOMAIN_VDESKTOP/00002398 # ls -al
total 16
drwxrwx--x+ 6 VDESKTOP\00002398 VDESKTOP\domain users 8192 Jan 15 10:51 My Documents
drwxrwx--x+ 3 VDESKTOP\00002398 VDESKTOP\domain users 8192 Jan 15 11:09 Desktop
drwxr-xr-x  2 VDESKTOP\00002398 VDESKTOP\domain users   96 Jan  9 14:49 Web disk
No exceptions are found. Then, check for the logs generated by the client on the N8500.
Use client cctv025 as an example. The log file is /var/log/samba/log.cctv025 and includes the following message:
[2013/01/15 10:56:52.053790,  1] smbd/service.c:1070(make_connection_snum)
  cctv025 (10.103.219.65) connect to service 00002398 initially as user VDESKTOP\00002398 (uid=11259, gid=10513) (pid 27775)
Use client cctv336 as an example. The log file is /var/log/samba/log.cctv336 and includes the following message:
[2013/04/24 09:08:17.132162,  1] smbd/service.c:1070(make_connection_snum)
  cctv336 (10.103.215.97) connect to service 00002398 initially as user VDESKTOP\00002398 (uid=17002, gid=10513) (pid 3872)
The preceding logs show that user 00002398 tried to access the storage space on 2013/01/15 and 2013/04/24, and the UID of user 00002398 was changed. The UID of a user can change only when user 00002398 in the AD domain is re-created after being deleted. Therefore, we can determine that user 00002398 was re-created after being deleted by an administrator in the AD domain. Linux records user permission based on user UIDs rather than user names. In this case, the re-created user 0002398 cannot write data to the storage space of the original user 00002398 because the UID has changed.
Suggestions
None

END