jwhitson Absent Member.
Absent Member.
3690 views

CIFS on SLES 10 SP3 and OES 2 SP2

I have read ever piece of documentation and forum post on this issue with no solution.

Environment
4 x SLES 10 SP3/OES 2 SP2 servers
4 x Netware 6.5 SP8 servers

The master replica is on 1 of the Netware 6.5 boxes and all the SLES/OES boxes have an unfiltered R/W replica. I am in the middle of migrating data/users from the Netware servers to the SLES/OES and need CIFS for some other tasks.

I have been managing CIFS for the SLES/OES boxes via iManager and everything appears to be setup correctly. I have the user contexts listed under the "Context" tab in iManager, OpLocks are not enabled, DFS is not enabled, SMB Sigs are set to optional.

In troubleshooting this CIFS issue I noticed that CIFS stopped working on my Netware boxes where it had worked before. I ran a DSTrace (on the Netware box) and noticed the following:


39: Create NMAS Session
39: CheckIfLocalUser: client supplied user DN Administrator.O=IT
ERROR: -601 resolveFilteredReplica: Resolving .Administrator.O=IT.TRINET.
ERROR: -601 dal_createUserContext: resolveFilteredReplica for Administrator.O=IT
ERROR: -16049 DALCreateLoginSession:createUserContext
39: ERROR: -16049 CheckIfLocalUser: DALCreateLoginSession
39: CheckIfLocalUser failed -16049
39: Client Session Destroy Request
39: Destroy NMAS Session
39: Aborted Session Destroyed (with MAF)
40: Destroy NMAS Session for reuse


So it's trying to automatically login as my current user on that Windows box (Administrator). Once that fails, it prompts me for a username/password and I try my network user/pass in all types of different ways (.username.context, username, cn=..., etc) but it fails. The DSTrace on my login attempt looks a little different:


40: Create NMAS Session
40: CheckIfLocalUser: client supplied user DN jlw\.it.O=INTERNATIONAL
ERROR: -601 resolveFilteredReplica: Resolving .jlw\.it.O=INTERNATIONAL.TRINET.
ERROR: -601 dal_createUserContext: resolveFilteredReplica for jlw\.it.O=INTERNATIONAL
ERROR: -16049 DALCreateLoginSession:createUserContext
40: ERROR: -16049 CheckIfLocalUser: DALCreateLoginSession
40: CheckIfLocalUser failed -16049
40: Client Session Destroy Request
40: Destroy NMAS Session
40: Aborted Session Destroyed (with MAF)
41: Destroy NMAS Session for reuse


Notice the "IT" and "INTERNATIONAL". Those are two separate Organizational Units in my tree that are not over/under each other. Why it is adding one to the other is beyond me but I suspect it is the problem.

Any tips? Pointers?

Jason
Labels (1)
0 Likes
8 Replies
ataubman Absent Member.
Absent Member.

Re: CIFS on SLES 10 SP3 and OES 2 SP2

Let's see your cifsctxt.cfg file please. Also do CIFS INFO on the console and post that too pls.

Andrew C Taubman (Sorry, support is not provided via e-mail) Opinions expressed above are not necessarily those of Micro Focus.
0 Likes
jwhitson Absent Member.
Absent Member.

Re: CIFS on SLES 10 SP3 and OES 2 SP2

Andrew,

Correct me if I'm wrong but don't both of those apply to Netware? CIFS INFO does nothing from a terminal and that file doesn't exist anywhere on the server.

Or, perhaps this is the problem 🙂

Jason
0 Likes
Knowledge Partner
Knowledge Partner

Re: CIFS on SLES 10 SP3 and OES 2 SP2

On 06/07/2010 15:56, jwhitson wrote:

> Correct me if I'm wrong but don't both of those apply to Netware? CIFS
> INFO does nothing from a terminal and that file doesn't exist anywhere
> on the server.


I think in the context Andrew is asking then yes.

> Or, perhaps this is the problem 🙂


cifsctxs.cfg (to correct Andrew's typo) does actually exist on OES2
SP1/2 Linux in /etc/opt/novell/cifs but is not intended to be modified
directly since all changes should be done through iManager.

HTH.
--
Simon
Novell Knowledge Partner (NKP)

------------------------------------------------------------------------
Do you work with Novell technologies at a university, college or school?
If so, your campus could benefit from joining the Novell Technology
Transfer Partners (TTP) group. See www.novell.com/ttp for more details.
------------------------------------------------------------------------
0 Likes
ataubman Absent Member.
Absent Member.

Re: CIFS on SLES 10 SP3 and OES 2 SP2

jwhitson;1995490 wrote:
Andrew,

Correct me if I'm wrong but don't both of those apply to Netware? CIFS INFO does nothing from a terminal and that file doesn't exist anywhere on the server.

Or, perhaps this is the problem 🙂

That's correct. You said
CIFS stopped working on my Netware boxes where it had worked before

so I was presuming that was the problem you were attempting to fix. No?

Andrew C Taubman (Sorry, support is not provided via e-mail) Opinions expressed above are not necessarily those of Micro Focus.
0 Likes
jwhitson Absent Member.
Absent Member.

Re: CIFS on SLES 10 SP3 and OES 2 SP2

Hi Andrew,

I had added that bit of information just in case it would help solve the problem. Since we're migrating from Netware to SLES/OES I am not too concerned with CIFS working on the Netware boxes.

Jason
0 Likes
jwhitson Absent Member.
Absent Member.

Re: CIFS on SLES 10 SP3 and OES 2 SP2

So I STILL haven't fixed this and it's driving me insane. I do, however, have more information to share.

After watching the logs live (Splunk) while attempting to connect to my SLES 10 SP3/OES SP2 server, I got some clues as to what is going on. With those log entries I searched the forums and docs and was directed to reinstall CIFS on the server. I did that and CIFS access still doesn't work but the errors changed.

WARNING: CODIR: Failed to authenticate User (followed by my username)


CRITICAL: AUTH: Credentials do not match - User (followed by my username)


I did make sure I am using the correct password and even went as far to try and set the universal password only to be told "password is not unique" which tells me it's already set to my current password. I also tried another user with no luck.

Any pointers?

Jason
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: CIFS on SLES 10 SP3 and OES 2 SP2

Just a quick question

You have allowed the cifsproxy user for each OES server to retrieve
passwords from you Universal Password Policy?

on Netware this was NOT required, currently on OES Linux it is.

So basically if you goto you Uni Password Policy, there is an option to
allow users to retrieve passwords, you must enable this for the proxy user.

I find DSTRACE is the best screen to watch when troubleshooting CIFS
problems

ALSO... You must define a share for the CIFS volume. So as an admin, I
find I can mount CIFS volumes without the share being present, however
end users can't. This can be done from the CLI using novcifs command,
although I always use iManager

Hope this helps

On 5/08/10 2:56 AM, jwhitson wrote:
>
> So I STILL haven't fixed this and it's driving me insane. I do, however,
> have more information to share.
>
> After watching the logs live (Splunk) while attempting to connect to my
> SLES 10 SP3/OES SP2 server, I got some clues as to what is going on.
> With those log entries I searched the forums and docs and was directed
> to reinstall CIFS on the server. I did that and CIFS access still
> doesn't work but the errors changed.
>
>
> Code:
> --------------------
> WARNING: CODIR: Failed to authenticate User (followed by my username)
> --------------------
>
>
>
> Code:
> --------------------
> CRITICAL: AUTH: Credentials do not match - User (followed by my username)
> --------------------
>
>
> I did make sure I am using the correct password and even went as far to
> try and set the universal password only to be told "password is not
> unique" which tells me it's already set to my current password. I also
> tried another user with no luck.
>
> Any pointers?
>
>


0 Likes
jwhitson Absent Member.
Absent Member.

Re: CIFS on SLES 10 SP3 and OES 2 SP2

Hi Peter,

Thanks for the reply.

I have checked all of the above with the exception of watching a DSTRACE. I opened a ticket on Friday and hope to have a Novell tech look at the system today.

Jason

Jason
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.