Mailing List Archive

cDOT CIFS setup
Has anyone seen the error listed below while setting up CIFS in cDOT? The filer is running 8.2P3. This has been a very straightforward process in the past for me, but with the newness of cDOT, I'm not finding a lot of information when I search. Thanks!

netapp::vserver cifs> create -cifs-server "testcifs" -domain " XXXXXX.local"

In order to create an Active Directory machine account for the CIFS server, you
must supply the name and password of a Windows account with sufficient
privileges to add computers to the "CN=Computers" container within the
" XXXXXX.local" domain.

Enter the user name: XXXXXX

Enter the password:

Error: CIFS server creation procedure failed
[ 27] Loaded the preliminary configuration.
[ 62] Created a machine account for the Cifs server in the
domain
[ 62] SID to name translations of Domain Users and Admins
completed successfully
**[ 23082] FAILURE: Kerberos password set for
** 'TESTCIFS$@XXXXXX.LOCAL' failed with Cannot contact any
** KDC for requested realm
[ 23104] Deleted existing account
'CN=TESTCIFS,CN=Computers,DC=xxxxxxx,DC=local'

Error: command failed: Failed to create CIFS server TESTCIFS. Reason: Kerberos
Error: KDC Unreachable.

netapp::vserver cifs>

Regards,
Aaron
RE: cDOT CIFS setup [ In reply to ]
Check for mismatches in MTU with your data LIFs. (are they using 9000 MTU?)

Also, is the user being used to add the CIFS server account a member of the domain you're adding the account to?

From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Aaron Lewis
Sent: Thursday, October 24, 2013 5:29 PM
To: toasters@teaparty.net
Subject: cDOT CIFS setup

Has anyone seen the error listed below while setting up CIFS in cDOT? The filer is running 8.2P3. This has been a very straightforward process in the past for me, but with the newness of cDOT, I'm not finding a lot of information when I search. Thanks!

netapp::vserver cifs> create -cifs-server "testcifs" -domain " XXXXXX.local"

In order to create an Active Directory machine account for the CIFS server, you
must supply the name and password of a Windows account with sufficient
privileges to add computers to the "CN=Computers" container within the
" XXXXXX.local" domain.

Enter the user name: XXXXXX

Enter the password:

Error: CIFS server creation procedure failed
[ 27] Loaded the preliminary configuration.
[ 62] Created a machine account for the Cifs server in the
domain
[ 62] SID to name translations of Domain Users and Admins
completed successfully
**[ 23082] FAILURE: Kerberos password set for
** 'TESTCIFS$@XXXXXX.LOCAL' failed with Cannot contact any
** KDC for requested realm
[ 23104] Deleted existing account
'CN=TESTCIFS,CN=Computers,DC=xxxxxxx,DC=local'

Error: command failed: Failed to create CIFS server TESTCIFS. Reason: Kerberos
Error: KDC Unreachable.

netapp::vserver cifs>

Regards,
Aaron
Re: cDOT CIFS setup [ In reply to ]
Make sure your time is good, and you can resolve the domain..


On Oct 24, 2013, at 2:38 PM, Parisi, Justin <Justin.Parisi@netapp.com> wrote:

> Check for mismatches in MTU with your data LIFs. (are they using 9000 MTU?)
>
> Also, is the user being used to add the CIFS server account a member of the domain you’re adding the account to?
>
> From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Aaron Lewis
> Sent: Thursday, October 24, 2013 5:29 PM
> To: toasters@teaparty.net
> Subject: cDOT CIFS setup
>
> Has anyone seen the error listed below while setting up CIFS in cDOT? The filer is running 8.2P3. This has been a very straightforward process in the past for me, but with the newness of cDOT, I’m not finding a lot of information when I search. Thanks!
>
> netapp::vserver cifs> create -cifs-server "testcifs" -domain " XXXXXX.local"
>
> In order to create an Active Directory machine account for the CIFS server, you
> must supply the name and password of a Windows account with sufficient
> privileges to add computers to the "CN=Computers" container within the
> " XXXXXX.local" domain.
>
> Enter the user name: XXXXXX
>
> Enter the password:
>
> Error: CIFS server creation procedure failed
> [ 27] Loaded the preliminary configuration.
> [ 62] Created a machine account for the Cifs server in the
> domain
> [ 62] SID to name translations of Domain Users and Admins
> completed successfully
> **[ 23082] FAILURE: Kerberos password set for
> ** 'TESTCIFS$@XXXXXX.LOCAL' failed with Cannot contact any
> ** KDC for requested realm
> [ 23104] Deleted existing account
> 'CN=TESTCIFS,CN=Computers,DC=xxxxxxx,DC=local'
>
> Error: command failed: Failed to create CIFS server TESTCIFS. Reason: Kerberos
> Error: KDC Unreachable.
>
> netapp::vserver cifs>
>
> Regards,
> Aaron
>
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> http://www.teaparty.net/mailman/listinfo/toasters
Re: cDOT CIFS setup [ In reply to ]
And, note that cDOT LIFS have "protocol" as one of their
characteristics. make sure the lif has CIFS as a valid protocol:

vcluster::*> net inte show data01 -inst
(network interface show)

Vserver Name: vs0
Logical Interface Name: data01
Role: data
Data Protocol: nfs, cifs, fcache

...

"data protocol" is set at LIF creation time, and can't
be changed with a "net inte modify..."

-skottie

On 10/24/2013 06:12 PM, Klise, Steve wrote:
> Make sure your time is good, and you can resolve the domain..
>
>
> On Oct 24, 2013, at 2:38 PM, Parisi, Justin <Justin.Parisi@netapp.com
> <mailto:Justin.Parisi@netapp.com>> wrote:
>
>> Check for mismatches in MTU with your data LIFs. (are they using 9000
>> MTU?)
>> Also, is the user being used to add the CIFS server account a member
>> of the domain you’re adding the account to?
>> *From:*toasters-bounces@teaparty.net
>> <mailto:toasters-bounces@teaparty.net>[mailto:toasters-bounces@teaparty.net]*On
>> Behalf Of*Aaron Lewis
>> *Sent:*Thursday, October 24, 2013 5:29 PM
>> *To:*toasters@teaparty.net <mailto:toasters@teaparty.net>
>> *Subject:*cDOT CIFS setup
>> Has anyone seen the error listed below while setting up CIFS in cDOT?
>> The filer is running 8.2P3. This has been a very straightforward
>> process in the past for me, but with the newness of cDOT, I’m not
>> finding a lot of information when I search. Thanks!
>> netapp::vserver cifs> create -cifs-server "testcifs" -domain "
>> XXXXXX.local"
>> In order to create an Active Directory machine account for the CIFS
>> server, you
>> must supply the name and password of a Windows account with sufficient
>> privileges to add computers to the "CN=Computers" container within the
>> " XXXXXX.local" domain.
>> Enter the user name: XXXXXX
>> Enter the password:
>> Error: CIFS server creation procedure failed
>> [ 27] Loaded the preliminary configuration.
>> [ 62] Created a machine account for the Cifs server in the
>> domain
>> [ 62] SID to name translations of Domain Users and Admins
>> completed successfully
>> **[ 23082] FAILURE: Kerberos password set for
>> ** 'TESTCIFS$@XXXXXX.LOCAL <mailto:TESTCIFS$@XXXXXX.LOCAL>'
>> failed with Cannot contact any
>> ** KDC for requested realm
>> [ 23104] Deleted existing account
>> 'CN=TESTCIFS,CN=Computers,DC=xxxxxxx,DC=local'
>> Error: command failed: Failed to create CIFS server TESTCIFS. Reason:
>> Kerberos
>> Error: KDC Unreachable.
>> netapp::vserver cifs>
>> Regards,
>> Aaron
>> _______________________________________________
>> Toasters mailing list
>> Toasters@teaparty.net <mailto:Toasters@teaparty.net>
>> http://www.teaparty.net/mailman/listinfo/toasters
>
>
>
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> http://www.teaparty.net/mailman/listinfo/toasters
>
_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters
Re: cDOT CIFS setup [ In reply to ]
Hello Aaron:

A few things to try.

1. Could be a simple typo when typing in the username/password.  It is unlikely to be this easy but it could be.
2. You might have a DNS problem.  You can use the vserver show command and check to see if you DNS information is correct.
3. Try pinging your active directory server.  Use both IP addresses and DNS names.

That would eliminate the easier problems.  If that isn't enough, you might need to send more information.  

--April



On Thursday, October 24, 2013 9:29 PM, Scott Miller <Scott.Miller@dreamworks.com> wrote:


And, note that cDOT LIFS have "protocol" as one of their
characteristics.  make sure the lif has CIFS as a valid protocol:

vcluster::*> net inte show data01 -inst
  (network interface show)

                      Vserver Name: vs0
            Logical Interface Name: data01
                              Role: data
                    Data Protocol: nfs, cifs, fcache

...

"data protocol" is set at LIF creation time, and can't
be changed with a "net inte modify..."

  -skottie

On 10/24/2013 06:12 PM, Klise, Steve wrote:
> Make sure your time is good, and you can resolve the domain..
>
>
> On Oct 24, 2013, at 2:38 PM, Parisi, Justin <Justin.Parisi@netapp.com
> <mailto:Justin.Parisi@netapp.com>> wrote:
>
>> Check for mismatches in MTU with your data LIFs. (are they using 9000
>> MTU?)
>> Also, is the user being used to add the CIFS server account a member
>> of the domain you’re adding the account to?
>> *From:*toasters-bounces@teaparty.net
>> <mailto:toasters-bounces@teaparty.net>[mailto:toasters-bounces@teaparty.net]*On
>> Behalf Of*Aaron Lewis
>> *Sent:*Thursday, October 24, 2013 5:29 PM
>> *To:*toasters@teaparty.net <mailto:toasters@teaparty.net>
>> *Subject:*cDOT CIFS setup
>> Has anyone seen the error listed below while setting up CIFS in cDOT?
>> The filer is running 8.2P3.  This has been a very straightforward
>> process in the past for me, but with the newness of cDOT, I’m not
>> finding a lot of information when I search.  Thanks!
>> netapp::vserver cifs> create  -cifs-server "testcifs" -domain "
>> XXXXXX.local"
>> In order to create an Active Directory machine account for the CIFS
>> server, you
>> must supply the name and password of a Windows account with sufficient
>> privileges to add computers to the "CN=Computers" container within the
>> " XXXXXX.local" domain.
>> Enter the user name: XXXXXX
>> Enter the password:
>> Error: CIFS server creation procedure failed
>>  [    27] Loaded the preliminary configuration.
>>  [    62] Created a machine account for the Cifs server in the
>>            domain
>>  [    62] SID to name translations of Domain Users and Admins
>>            completed successfully
>> **[ 23082] FAILURE: Kerberos password set for
>> **        'TESTCIFS$@XXXXXX.LOCAL <mailto:TESTCIFS$@XXXXXX.LOCAL>'
>> failed with Cannot contact any
>> **        KDC for requested realm
>>  [ 23104] Deleted existing account
>>            'CN=TESTCIFS,CN=Computers,DC=xxxxxxx,DC=local'
>> Error: command failed: Failed to create CIFS server TESTCIFS. Reason:
>> Kerberos
>>        Error: KDC Unreachable.
>> netapp::vserver cifs>
>> Regards,
>> Aaron
>> _______________________________________________
>> Toasters mailing list
>> Toasters@teaparty.net <mailto:Toasters@teaparty.net>
>> http://www.teaparty.net/mailman/listinfo/toasters

>
>
>
> _______________________________________________
> Toasters mailing list
> Toasters@teaparty.net
> http://www.teaparty.net/mailman/listinfo/toasters
>
_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters
Re: cDOT CIFS setup [ In reply to ]
It wasn't on cDOT but I think it still applies and I had the same error when
adding a Filer to a domain with an RODC, you don't have RODCs do you?

347303
Creation of CIFS server may fail if the storage system ends up contacting
Windows 2008R2 RODC first.

463398
Feature request: add support for LDAP referrals

If the Filer attempts to contact an RODC first it gets an LDAP referral
which it doesn't understand and you get that error.



--
View this message in context: http://network-appliance-toasters.10978.n7.nabble.com/cDOT-CIFS-setup-tp25336p25341.html
Sent from the Network Appliance - Toasters mailing list archive at Nabble.com.
_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters
Re: cDOT CIFS setup [ In reply to ]
Thanks. It was an MTU mismatch. Ping was working which is what threw me off.


Aaron Lewis

M: 503-957-7014



IVOXY Consulting
the data availability people

www.ivoxy.com<http://www.ivoxy.com/>



* Learn more about our training classes: http://www.ivoxy.com/training


From: <Parisi>, Justin <Justin.Parisi@netapp.com<mailto:Justin.Parisi@netapp.com>>
Date: Thursday, October 24, 2013 at 2:38 PM
To: Aaron Lewis <aaron@ivoxy.com<mailto:aaron@ivoxy.com>>, "toasters@teaparty.net<mailto:toasters@teaparty.net>" <toasters@teaparty.net<mailto:toasters@teaparty.net>>
Subject: RE: cDOT CIFS setup

Check for mismatches in MTU with your data LIFs. (are they using 9000 MTU?)

Also, is the user being used to add the CIFS server account a member of the domain you’re adding the account to?

From: toasters-bounces@teaparty.net<mailto:toasters-bounces@teaparty.net> [mailto:toasters-bounces@teaparty.net] On Behalf Of Aaron Lewis
Sent: Thursday, October 24, 2013 5:29 PM
To: toasters@teaparty.net<mailto:toasters@teaparty.net>
Subject: cDOT CIFS setup

Has anyone seen the error listed below while setting up CIFS in cDOT? The filer is running 8.2P3. This has been a very straightforward process in the past for me, but with the newness of cDOT, I’m not finding a lot of information when I search. Thanks!

netapp::vserver cifs> create -cifs-server "testcifs" -domain " XXXXXX.local"

In order to create an Active Directory machine account for the CIFS server, you
must supply the name and password of a Windows account with sufficient
privileges to add computers to the "CN=Computers" container within the
" XXXXXX.local" domain.

Enter the user name: XXXXXX

Enter the password:

Error: CIFS server creation procedure failed
[ 27] Loaded the preliminary configuration.
[ 62] Created a machine account for the Cifs server in the
domain
[ 62] SID to name translations of Domain Users and Admins
completed successfully
**[ 23082] FAILURE: Kerberos password set for
** 'TESTCIFS$@XXXXXX.LOCAL<mailto:'TESTCIFS$@XXXXXX.LOCAL>' failed with Cannot contact any
** KDC for requested realm
[ 23104] Deleted existing account
'CN=TESTCIFS,CN=Computers,DC=xxxxxxx,DC=local'

Error: command failed: Failed to create CIFS server TESTCIFS. Reason: Kerberos
Error: KDC Unreachable.

netapp::vserver cifs>

Regards,
Aaron
RE: cDOT CIFS setup [ In reply to ]
When you ping to check MTU you have to use the right packet size and set the do not fragment flag. For example:
ping -s 8972 -d 192.168.42.91

Without -d, it will work, except the packets are being broken up to get there.

Not sure if that's really what you're trying to do, but it is probably the most common mistake in setting up and testing jumbo frames configs.

Share and enjoy!

Peter

From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Aaron Lewis
Sent: Friday, October 25, 2013 10:29 AM
To: Parisi, Justin; toasters@teaparty.net
Subject: Re: cDOT CIFS setup

Thanks. It was an MTU mismatch. Ping was working which is what threw me off.


Aaron Lewis

M: 503-957-7014



IVOXY Consulting
the data availability people

www.ivoxy.com<http://www.ivoxy.com/>



* Learn more about our training classes: http://www.ivoxy.com/training


From: <Parisi>, Justin <Justin.Parisi@netapp.com<mailto:Justin.Parisi@netapp.com>>
Date: Thursday, October 24, 2013 at 2:38 PM
To: Aaron Lewis <aaron@ivoxy.com<mailto:aaron@ivoxy.com>>, "toasters@teaparty.net<mailto:toasters@teaparty.net>" <toasters@teaparty.net<mailto:toasters@teaparty.net>>
Subject: RE: cDOT CIFS setup

Check for mismatches in MTU with your data LIFs. (are they using 9000 MTU?)

Also, is the user being used to add the CIFS server account a member of the domain you're adding the account to?

From: toasters-bounces@teaparty.net<mailto:toasters-bounces@teaparty.net> [mailto:toasters-bounces@teaparty.net] On Behalf Of Aaron Lewis
Sent: Thursday, October 24, 2013 5:29 PM
To: toasters@teaparty.net<mailto:toasters@teaparty.net>
Subject: cDOT CIFS setup

Has anyone seen the error listed below while setting up CIFS in cDOT? The filer is running 8.2P3. This has been a very straightforward process in the past for me, but with the newness of cDOT, I'm not finding a lot of information when I search. Thanks!

netapp::vserver cifs> create -cifs-server "testcifs" -domain " XXXXXX.local"

In order to create an Active Directory machine account for the CIFS server, you
must supply the name and password of a Windows account with sufficient
privileges to add computers to the "CN=Computers" container within the
" XXXXXX.local" domain.

Enter the user name: XXXXXX

Enter the password:

Error: CIFS server creation procedure failed
[ 27] Loaded the preliminary configuration.
[ 62] Created a machine account for the Cifs server in the
domain
[ 62] SID to name translations of Domain Users and Admins
completed successfully
**[ 23082] FAILURE: Kerberos password set for
** 'TESTCIFS$@XXXXXX.LOCAL<mailto:'TESTCIFS$@XXXXXX.LOCAL>' failed with Cannot contact any
** KDC for requested realm
[ 23104] Deleted existing account
'CN=TESTCIFS,CN=Computers,DC=xxxxxxx,DC=local'

Error: command failed: Failed to create CIFS server TESTCIFS. Reason: Kerberos
Error: KDC Unreachable.

netapp::vserver cifs>

Regards,
Aaron