No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Unable to create shares and add permissions on users

Publication Date:  2018-02-06 Views:  61 Downloads:  0
Issue Description

Failed to create CIFS domain users.

Failed to add share permissions to CIFS AD users.

For Windows 2012.

Alarm Information

Alarm message: the AD user does not exist.

Handling Process

Firmware version V300R006C00 does not support SMB version 2 or 3. If SMB v2 or v3 are used on AD server the CIFS permissions won't be able to be set for AD users.

Root Cause

OceanStor firmware does not support SMB v2 yet. SMB v1 is disabled in Windows 2012 by default.

AD domain servers run Windows 2003/2008/2012. Windows 2003 supports SMBv1 only and does not support SMBv2 or SMBv3. 

Solution

1. Before enabling the SMBv1 service of the AD domain, install the patches repairing Windows security vulnerabilities to prevent network attacks. Windows patches have resolved known SMBv1 security vulnerabilities. In addition, do not connect devices involving this risk to insecure networks. 

Install Windows upgrade for AD server: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

 

2. Log in to the AD domain server using an account with administrator rights(administrator is recommended).


3. Open the registry editor. Check whether the DependOnService field in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer is SamSS Srv.


If no, double-click the field to change the value to SamSS and Srv and then click OK, as shown in the following figure.



  
  

4. In Windows PowerShell, run Set-SmbServerConfiguration -EnableSMB1Protocol $true to enable the SMBv1 service.




R5. un SmbServerConfiguration to check whether the SMBv1 service has been enabled.

 

 

 

(6. Restart the AD domain server to make the modification effective. The method for restarting the AD domain server is the same as that for restarting a Windows host.


During the restart of the AD domain server, AD domain–related services are affected.

END