Forums

Home / Forums

You need to log in to create posts and topics. Login · Register

Unable to use CIFS/SMB Share

I am new here and welcome any guidance you can provide. I have three HP DL380 servers that each have 25 SSD in them and 2 x 10G NICs. I've setup the cluster and CEPH is in good health. So far so good. I am trying to setup a CIFS share to use as an endpoint for my backup software. I created a CIFS share did not select AD and the share was created. Then I was able to mount the share on my Mac by using smb://petasan.domain-name.com/. When it asked me for user name I selected Guest and was able to connect and mount the share. But when I try to connect from my backup software (Acronis Cyber Protect if it matters) it always presents me with a user name and password login and I don't get a guest/anonymous option in their software.

So I need to setup a share that has a user name and password that I can pass through from the backup software. But I haven't been able to figure out how to do that. There are some mentions of joining an AD domain. In fact if I click on the AD Settings button, I get the first dialog that asks for the domain name and the domain AD DNS server. Then I get the second dialog that asks for AD Admin User and AD Admin Password. I've tried every combination of user name <domain short name>\administartor or just administrator or administrator@<domain long name> but none of them actually give any feed back to indicate that the domain join was successful.

Is there any way to create local accounts that are not AD bound just for testing? If we need to join the domain to get protected shares, are there any logs that can be looked at to determine if the join is happening or if it is failing where it is going wrong.

Thank you for any help you can provide.

If you enter just administrator name it should work, no need to enter the qualifying domain and not sure if the later works or not.

If the join is successful, the "join" button in the ui will be replaced by an "unjoin" button, typically it takes like 3-5 sec. You can also look at the log file, /opt/petasan/log/PetaSAN.log and search for join_ad which is the function name to join active directory, and see if it reports success or failure and if it reports any error info, the log file will be located on one of the CIFS servers but just search on all servers for this.

Earlier we had a bug in if the password contained empty spaces, we did not support that but it was fixed a long time ago, i am just saying it here in case it could be back.

Also just make sure you did not edit any DNS settings manually on the CIFS servers manually yourself, as they are automatically adjusted to include the new domain.

Else i would just state the obvious, make sure the active domain machine is reachable, and is set up correctly ( other Windows clients can join).

Also if all you care about is connecting you new client which does not provide anonymous login ui, you may just enter any username/password and it will be ignored if the share is public and allowed as anonymous on the PetaSAN side without need to join active directory.

One additional check, make sure the servers are time synced, at least within 5 min

https://wiki.samba.org/index.php/Time_Synchronisation

I think I discovered the issue and unfortunately I don't think I can work around it. Here is our setup. Our domain name is paiindustries.com but the short name or workgroup name is PAI not PAIINDUSTRIES. Your code asks for the domain name which I enter as paiindustries.com and DNS IP which I enter. The next dialog box asks for authentication credentials. Which I enter without the Workgroup prefix.

The following is found in the log:

14/01/2022 08:02:01 INFO join_ad : Failure
14/01/2022 08:02:16 INFO -----------------------------------
14/01/2022 08:02:16 INFO join_ad : try number 1
14/01/2022 08:02:16 INFO -----------------------------------
14/01/2022 08:02:16 INFO Joining AD ---> Failed to join domain: Invalid configuration ("workgroup" set to 'PAIINDUSTRIES', should be 'PAI') and configuration modification was not requested

14/01/2022 08:02:16 INFO -----------------------------------
14/01/2022 08:02:16 ERROR Error joining AD : Failed to join domain: Invalid configuration ("workgroup" set to 'PAIINDUSTRIES', should be 'PAI') and configuration modification was not request

It appears that you are taking the leading portion of the domain name and using that as the workgroup name instead of asking the user to enter the workgroup name as well. I think 9 times out of 10 your code and logic is valid. But in our case I inherited this domain that was setup 30+ years ago and this is how they set it up.

It would be great if the first dialog asked for both the domain name and the workgroup or short version or perhaps even better allow the user to enter the domain name and calculate the workgroup name with your logic but allow the user to overwrite it themselves if their configuration warrants it. It would also be nice to be able to add multiple DNS servers. We have four in our environment for instance.

I was able to go into the Advance section and change the Global Secure section. In there I changed "workgroup = @@DOMAIN_SLD@@" to "workgroup = PAI" This allowed me to join the domain. So I'm good to continue.

Thanks for the feedback and happy you made it work.

The @@DOMAIN_SLD@@ placeholder gets replaced in code by the domain you enter when joining, to be more specific it is the domain part before any '.'  dot if any.

We took note of the lack of failure info on return which make things harder to fix, and we are changing the code already.

I'm still not able to mount a share as a domain user. I created a share and set PAI\administrator as the ACL Owner. That's the domain admin account. I can mount the share from a Mac using smb://path/to/share with the credentials pai\administrator and password but trying to mount the share from a windows box at \\path\to\share presents the credentials dialog but it will not succeed. I get the following error "You don't have permission to access \\petasan.paiindustries.com\acronis".

 

Is there a specific log I could look at to see why the share is not able to be mounted on a Windows box but works on a Mac.

 

 

Not really sure how it happened. But I did two things. One was to setup an NTP server on the Cluster General Settings page. I had noticed that node one was reporting Jan 14th when it should have been Feb 7th. That corrected the date on node 1 which presumably corrected the dates on the other nodes. I also closed the Active Directory Users & Computers manager on the AD server I was using. (I highly doubt this had anything to do with it and most like fixing the data was it issue) Anyway, now the share works and I can log into it from both a Mac and Windows box.

I ran into a problem when joining an Active Directory:

I join the AD using windows and it works fine so not sure what is causing it...:

FYI Domain Controller is as follow but it didn't work. I figure I didn't understand the issue above any maybe my is similar to the one above. PetaSAN version 3.2.1

zentyal-dc000p00000n001.lan.arpa
dc000p00000n001

 

17/05/2024 12:58:46 INFO join_ad : Failure

17/05/2024 12:58:46 ERROR Error joining AD : Failed to join domain: Invalid configuration ("workgroup" set to 'ZENTYAL-DC000P00000N001', should be 'Z000P00000N001') and configuration modification was not requested

17/05/2024 12:58:46 INFO -----------------------------------

17/05/2024 12:58:46 INFO Joining AD ---> Failed to join domain: Invalid configuration ("workgroup" set to 'ZENTYAL-DC000P00000N001', should be 'Z000P00000N001') and configuration modification was not requested

17/05/2024 12:58:46 INFO -----------------------------------

17/05/2024 12:58:46 INFO join_ad : try number 2

17/05/2024 12:58:46 INFO -----------------------------------

17/05/2024 12:58:34 INFO join_ad : Failure

17/05/2024 12:58:34 ERROR Error joining AD : Failed to join domain: Invalid configuration ("workgroup" set to 'ZENTYAL-DC000P00000N001', should be 'Z000P00000N001') and configuration modification was not requested

17/05/2024 12:58:34 INFO -----------------------------------

17/05/2024 12:58:34 INFO Joining AD ---> Failed to join domain: Invalid configuration ("workgroup" set to 'ZENTYAL-DC000P00000N001', should be 'Z000P00000N001') and configuration modification was not requested

17/05/2024 12:58:34 INFO -----------------------------------

17/05/2024 12:58:34 INFO join_ad : try number 1

17/05/2024 12:58:34 INFO -----------------------------------

17/05/2024 12:58:22 INFO join_ad : Failure

17/05/2024 12:58:22 ERROR Error joining AD : Failed to join domain: Invalid configuration ("workgroup" set to 'ZENTYAL-DC000P00000N001', should be 'Z000P00000N001') and configuration modification was not requested

17/05/2024 12:58:22 INFO -----------------------------------

17/05/2024 12:58:22 INFO Joining AD ---> Failed to join domain: Invalid configuration ("workgroup" set to 'ZENTYAL-DC000P00000N001', should be 'Z000P00000N001') and configuration modification was not requested

17/05/2024 12:58:22 INFO -----------------------------------

17/05/2024 12:58:21 INFO join_ad : try number 0