akiffe Absent Member.
Absent Member.
3012 views

CIFS Lookup Problems

Hello,

since yesterday we have problems with our Netwareservers running
CIFS Domainmode. Always when clients lookup groupnames, we get
no answer from our Domaincontrollers. Lookingup usernames runs fine.

While looking up groupnames we did the following nmas-trace.

The groupobject stuser is in user.hq.hls (is in cifsctxs.cfg)
but it seams that nmas did not find the object.

The servers are on NW65sp7.
NMAS-Methods are up to date.
SDIDIAG (check -A -n TREE) shows no errors.

Does anyone has an idea?

Regards

Alexander Kiffe

----
Here is the DSTRACE -all +nmas
----
58: Destroy NMAS Session for reuse
58: Create NMAS Session
58: CheckIfLocalUser: client supplied user DN stuser.user.hq.hls
ERROR: -16049 GetXKey: dal_readAttributeValues (key)
ERROR: -608 createDALSession:GetXKey
58: ERROR: -1697 CheckIfLocalUser: DALCreateLoginSession
58: CheckIfLocalUser: checking actual user DN CN=stuser.OU=User.OU=HQ.O=HLS
openRemoteSession: entry address is a local address
58: No NMAS 2.0 Server Found
58: ERROR: -1673 NMAS_CanDo OpenConnection
58: Client Session Destroy Request
58: Remote Session Destroyed
58: Destroy NMAS Session
58: Aborted Session Destroyed (with MAF)
59: Create NMAS Session
59: CheckIfLocalUser: client supplied user DN stuser.user.hq.hls
ERROR: -16049 GetXKey: dal_readAttributeValues (key)
ERROR: -608 createDALSession:GetXKey
59: ERROR: -1697 CheckIfLocalUser: DALCreateLoginSession
59: CheckIfLocalUser: checking actual user DN CN=stuser.OU=User.OU=HQ.O=HLS
openRemoteSession: entry address is a local address
59: No NMAS 2.0 Server Found
59: ERROR: -1673 NMAS_CanDo OpenConnection
59: Client Session Destroy Request
59: Remote Session Destroyed
59: Destroy NMAS Session
59: Aborted Session Destroyed (with MAF)
60: Create NMAS Session
60: CheckIfLocalUser: client supplied user DN stuser.hlsdom.hq.hls
ERROR: -601 resolveFilteredReplica: Resolving .stuser.hlsdom.hq.hls.HLS_TREE.
ERROR: -601 dal_createUserContext: resolveFilteredReplica for stuser.hlsdom.hq.hls
ERROR: -16049 createDALSession:createUserContext
60: ERROR: -16049 CheckIfLocalUser: DALCreateLoginSession
60: CheckIfLocalUser failed -16049
60: Client Session Destroy Request
60: Destroy NMAS Session
60: Aborted Session Destroyed (with MAF)
61: Create NMAS Session
61: CheckIfLocalUser: client supplied user DN stuser.hls
ERROR: -601 resolveFilteredReplica: Resolving .stuser.hls.HLS_TREE.
ERROR: -601 dal_createUserContext: resolveFilteredReplica for stuser.hls
ERROR: -16049 createDALSession:createUserContext
61: ERROR: -16049 CheckIfLocalUser: DALCreateLoginSession
61: CheckIfLocalUser failed -16049
61: Client Session Destroy Request
61: Destroy NMAS Session
61: Aborted Session Destroyed (with MAF)
62: Create NMAS Session
62: CheckIfLocalUser: client supplied user DN stuser.OU=Server.OU=HQ.O=HLS
ERROR: -601 resolveFilteredReplica: Resolving .stuser.OU=Server.OU=HQ.O=HLS.HLS_TREE.
ERROR: -601 dal_createUserContext: resolveFilteredReplica for stuser.OU=Server.OU=HQ.O=HLS
ERROR: -16049 createDALSession:createUserContext
62: ERROR: -16049 CheckIfLocalUser: DALCreateLoginSession
62: CheckIfLocalUser failed -16049
62: Client Session Destroy Request
62: Destroy NMAS Session
62: Aborted Session Destroyed (with MAF)

Alexander Kiffe Sysadmin
Labels (1)
0 Likes
4 Replies
Knowledge Partner
Knowledge Partner

Re: CIFS Lookup Problems

Hi,

akiffe wrote:
>
> Hello,
>
> since yesterday we have problems with our Netwareservers running
> CIFS Domainmode. Always when clients lookup groupnames, we get
> no answer from our Domaincontrollers. Lookingup usernames runs fine.
>
> While looking up groupnames we did the following nmas-trace.


The NMAS Trace suggests that that server doesn't have a local replica of
the partition asked for, *and* that it couldn't find nmas running (with
a proper version) on any of the server that do have a replica.

CU,
--
Massimo Rosen
Novell Product Support Forum Sysop
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
akiffe Absent Member.
Absent Member.

Re: CIFS Lookup Problems

Hello Massimo,

the server runs a local replica of the partition where the group resides. And nmas 3.2.0.0 is running. If we do lookups of usernames we always get correct answers an theire are no errors in the trace.

But I found a new variant in which the groupname lookup runs fine. In this variant asks the server an older NW6 server which looksup the groupname (see trace).


133: Destroy NMAS Session for reuse
133: Create NMAS Session
133: CheckIfLocalUser: client supplied user DN stadmin.user.hq.hls
ERROR: -16049 GetXKey: dal_readAttributeValues (key)
ERROR: -608 createDALSession:GetXKey
133: ERROR: -1697 CheckIfLocalUser: DALCreateLoginSession
133: CheckIfLocalUser: checking actual user DN CN=stadmin.OU=User.OU=HQ.O=HLS
133: Connected to .CN=BM1.OU=Bastion.OU=Server.OU=HQ.O=HLS.T=HLS_TREE. for remote login
133: .CN=BM1.OU=Bastion.OU=Server.OU=HQ.O=HLS.T=HLS_TREE. NMAS Protocol Version 2.3
openRemoteSession: entry address is a local address
133: Remote login will use .CN=BM1.OU=Bastion.OU=Server.OU=HQ.O=HLS.T=HLS_TREE. (NMAS 2.3)
133: sendProxyClientInfo: NMAS Server not 2.3.5 or later
133: NMAS_CanDo sendMessage 0
133: NMAS_CanDo getMessage 0
133: NMAS_CanDo disassembleDoPacket 0
133: MAF_Begin LCM 0x00000000
133: MAF_Write LCM 0x00000000
133: MAF_End LCM 0x00000000
133: Client Session Destroy Request
133: Remote Session Destroyed
133: Destroy NMAS Session
133: Aborted Session Destroyed (with MAF)


Do you know if theire are known issues about NMAS 3.2.0.0 and cifs in domainmode?

Regards

Alexander Kiffe

Alexander Kiffe Sysadmin
0 Likes
akiffe Absent Member.
Absent Member.

Re: CIFS Lookup Problems

Hi,

here are some new informations.

We did a new testinstallation on a new machine with a new tree of netware 6.5 sp7 from the overlay-CD.
After configuration of the CIFS in DOMAINMODE we saw the same error as in our active network.
Allways on cifs-lookups of domain-usergroups, which are done on giving or reading rights to or from folders,
we get errors (see dstrace.log in previous threads). The Message "NO NMAS 2.0 SERVER FOUND" forced us to try downgradeing the nmas.nlm on this server.
We tried Versions 3.2.0.0, 3.2.0.1, 3.1.2.0 without success. But after we downgraded nmas.nlm to version 2.4.0.0 (NW6.5SP5 release) we solved the problem.
After this change the dstrace.log shows no errors and the groupname-lookups running fine. For diagnostic we used the getsid.exe tool from microsoft technet.

Here are the results of an unsuccessful request

getsid \\hlstest-w stadmin \\hlstest-w stadmin
The SID for account HLSDOM2\stadmin matches account HLSDOM2\stadmin
The SID for account HLSDOM2\stadmin is S-1-5-21-892753742-1363087872-3342727336-2428356760
The SID for account HLSDOM2\stadmin is S-1-5-21-892753742-1363087872-3342727336-2428356760


Here are the results of a successful request with NMAS.nlm 2.4.0.0
The SID for account HLSDOM2\stadmin matches account HLSDOM2\stadmin
The SID for account HLSDOM2\stadmin is S-1-5-21-892753742-1363087872-3342727336-1003
The SID for account HLSDOM2\stadmin is S-1-5-21-892753742-1363087872-3342727336-1003

The nfapCIFSRID of the usergroup stadmin is 1003 (the last four characters in the SID).


I think about opening a case with novell-support.

Does anybody has additional informations about this problem?

Alexander Kiffe Sysadmin
0 Likes
bbgesedv Absent Member.
Absent Member.

Re: CIFS Lookup Problems

I have the same problem. I've just made an update from NW5.1 to NW6.5 SP7. One important reason for this update was the feature to use Netware as a domain controller.

I've tried the workaround with the older nma.nlm (form SP5) and it works, but iManager didn't work anymore.

Is there an official solution (patch) ?
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.