読者です 読者をやめる 読者になる 読者になる

めもぶろぐ

お勉強したこと、趣味なんかを適当に書いてます。。。

ontapのAD参加 参考ログ

検証の途中でなんども動かしていたので、一度止めます。WORKGROPでの設定をしていて、後からドメイン参加する場合も、とめます。

filer> cifs terminate

CIFS local server is shutting down...

CIFS local server has shut down...
filer>


ドメイン参加のために、再セットアップをします。

filer> cifs setup
This process will enable CIFS access to the filer from a Windows(R) system.
Use "?" for help at any prompt and Ctrl-C to exit without committing changes.

        This filer is currently a member of the Active Directory domain
        'hogehoge.CO.JP'.
Do you want to continue and change the current filer account information? [n]: yes
        Your filer does not have WINS configured and is visible only to
        clients on the same subnet.
Do you want to make the system visible via WINS? [n]: no
        This filer is currently configured as an NTFS-only filer.
Would you like to reconfigure this filer to be a multiprotocol filer? [n]: yes
        The default name for this CIFS server is 'FILER'.
Would you like to change this name? [n]:
        Data ONTAP CIFS services support four styles of user authentication.
        Choose the one from the list below that best suits your situation.

(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication

Selection (1-4)? [1]: 1
What is the name of the Active Directory domain? [hogehoge.CO.JP]:
        In Active Directory-based domains, it is essential that the filer's
        time match the domain's internal time so that the Kerberos-based
        authentication system works correctly. If the time difference between
        the filer and the domain controllers is more than 5 minutes,
        authentication will fail. Time services are currently not configured
        on this filer.
Would you like to configure time services? [y]:
        CIFS Setup will configure basic time services. To continue, you must
        specify one or more time servers. Specify values as a comma or space
        separated list of server names or IPv4 addresses. In Active
        Directory-based domains, you can also specify the fully qualified
        domain name of the domain being joined (for example: "hogehoge.CO.JP"),
        and time services will use those domain controllers as time servers.
Enter the time server host(s) and/or address(es) [hogehoge.CO.JP]:
Would you like to specify additional time servers? [n]:
1 entry was deleted.


        In order to create an Active Directory machine account for the filer,
        you must supply the name and password of a Windows account with
        sufficient privileges to add computers to the hogehoge.CO.JP domain.
Enter the name of the Windows user [Administrator@hogehoge.CO.JP]:
Password for Administrator@hogehoge.CO.JP:
CIFS - Logged in as Administrator@hogehoge.CO.JP.
        An account that matches the name 'FILER' already exists in Active
        Directory: 'cn=filer,cn=computers,dc=hogehoge,dc=co,dc=jp'. This is
        normal if you are re-running CIFS Setup. You may continue by using
        this account or changing the name of this CIFS server.
Do you want to re-use this machine account? [y]: n
Enter the CIFS server name for the filer [FILER]: filer02
        The user that you specified has permission to create the filer's
        machine account in several (2) containers. Please choose where you
        would like this account to be created.

(1) CN=computers
(2) OU=Domain Controllers
(3) None of the above

Selection (1-3)? [1]: 1
CIFS - Starting SMB protocol...
Welcome to the hogehoge.CO.JP (hogehoge) Active Directory(R) domain.

CIFS local server is running.
filer>
ここまでが、セットアップ。あとは、各コマンドでアクセス権の設定だとか、ユーザーの確認、ドメイン情報を見たりしていきます。


filer>
filer> cifs shares
Name         Mount Point                       Description
----         -----------                       -----------
ETC$         /etc                              Remote Administration
                        BUILTIN\Administrators / Full Control
HOME         /vol/vol0/home                    Default Share
                        everyone / Full Control
C$           /                                 Remote Administration
                        BUILTIN\Administrators / Full Control
vol          /vol/vol
                        everyone / Full Control
                        BUILTIN\Users / Full Control
                        hogehoge\guest / Full Control
                        hogehoge\hogehoge / Full Control
                        hogehoge\ac-admin / Full Control
                        FILER02\administrator / Full Control
                        BUILTIN\Administrators / Full Control
                        hogehoge\administrator / Full Control
filer>
filer> Thu Dec 12 01:25:23 JST [filer:nbt.nbns.registrationComplete:info]: NBT: All CIFS name registrations have completed for the local server.

filer> useradmin domainuser list -g Administrators
List of SIDS in Administrators
S-1-5-21-566600022-1970368624-1386761716-500
S-1-5-21-473926273-954487227-3379319696-512
S-1-5-21-473926273-954487227-3379319696-500
For more information about a user, use the 'cifs lookup' and 'useradmin user list' commands.
filer>
filer>
filer> cifs lookup S-1-5-21-566600022-1970368624-1386761716-500
name = FILER02\administrator
filer> cifs lookup S-1-5-21-473926273-954487227-3379319696-512
name = hogehoge\Domain Admins
filer> cifs lookup S-1-5-21-473926273-954487227-3379319696-500p
lookup failed
filer> cifs lookup S-1-5-21-473926273-954487227-3379319696-500
name = hogehoge\administrator
filer>
filer>
filer>
filer>
filer> cifs
The following commands are available; for more information
type "cifs help "
access              domaininfo          nbalias             shares
adupdate            gpresult            prefdc              sidcache
audit               gpupdate            resetdc             stat
broadcast           help                restart             terminate
changefilerpwd      homedir             sessions            testdc
comment             lookup              setup               top
filer> cifs sessions
Server Registers as 'FILER02' in Windows 2000 domain 'hogehoge'
Root volume language is not set. Use vol lang.
Selected domain controller \\AD-SERVER for authentication
====================================================
PC IP(PC Name) (user)           #shares   #files
filer> cifs stat
                        reject        0  0%
                         mkdir        0  0%
                         rmdir        0  0%
                          open        0  0%
                        create        0  0%
                         close        0  0%
                       X&close;        0  0%
                         flush        0  0%
                       X&flush;        0  0%
                        delete        0  0%
                        rename        0  0%
                      NTRename        0  0%
                        getatr        0  0%
                        setatr        0  0%
                          read        0  0%
                        X&read;        0  0%
                         write        0  0%
                       X&write;        0  0%
                          lock        0  0%
                        unlock        0  0%
                         mknew        0  0%
                        chkpth        0  0%
                          exit        0  0%
                         lseek        0  0%
                      lockread        0  0%
                    X&lockread;        0  0%
                   writeunlock        0  0%
                      readbraw        0  0%
                     writebraw        0  0%
                        writec        0  0%
                     gettattre        0  0%
                     settattre        0  0%
                      lockingX        0  0%
                           IPC        0  0%
                         open2        0  0%
                   find_first2        0  0%
                    find_next2        0  0%
                 query_fs_info        0  0%
               query_path_info        0  0%
                 set_path_info        0  0%
               query_file_info        0  0%
                 set_file_info        0  0%
                   create_dir2        0  0%
                  Dfs_referral        0  0%
                    Dfs_report        0  0%
                          echo        0  0%
                    writeclose        0  0%
                         openX        0  0%
                         readX        0  0%
                        writeX        0  0%
                     findclose        0  0%
                          tcon        0  0%
                          tdis        9  6%
                       negprot        3  2%
                         login        0  0%
                        logout        0  0%
                         tconX        0  0%
                       dskattr        0  0%
                        search        0  0%
                        fclose        0  0%
                     NTCreateX        0  0%
                 NTTransCreate        0  0%
                  NTTransIoctl        0  0%
                 NTTransNotify        0  0%
                 NTTransSetSec        0  0%
               NTTransQuerySec        0  0%
              NTNamedPipeMulti        0  0%
                   NTCancel CN        0  0%
                NTCancel Other        0  0%
                      SMB2Echo        0  0%
                   SMB2Negprot        0  0%
              SMB2TreeConnnect       16 11%
            SMB2TreeDisconnect        9  6%
                     SMB2Login        6  4%
                    SMB2Create       15 10%
                      SMB2Read        0  0%
                     SMB2Write        0  0%
                      SMB2Lock        0  0%
                    SMB2Unlock        0  0%
                SMB2OplkBrkAck        0  0%
                    SMB2ChgNfy        4  3%
                     SMB2CLose       18 13%
                     SMB2Flush        0  0%
                    SMB2Logout        2  1%
                    SMB2Cancel        3  2%
                 SMB2IPCCreate       11  8%
                   SMB2IPCRead       11  8%
                  SMB2IPCWrite       11  8%
                  SMB2QueryDir        8  6%
        SMB2QueryFileBasicInfo        0  0%
         SMB2QueryFileStndInfo        0  0%
          SMB2QueryFileIntInfo        0  0%
           SMB2QueryFileEAInfo        0  0%
          SMB2QueryFileFEAInfo        0  0%
         SMB2QueryFileModeInfo        0  0%
          SMB2QueryAltNameInfo        0  0%
       SMB2QueryFileStreamInfo        0  0%
          SMB2QueryNetOpenInfo        0  0%
          SMB2QueryAttrTagInfo        0  0%
           SMB2QueryAccessInfo        0  0%
      SMB2QueryFileUnsupported        0  0%
          SMB2QueryFileInvalid        0  0%
            SMB2QueryFSVolInfo        0  0%
           SMB2QueryFSSizeInfo        0  0%
            SMB2QueryFSDevInfo        0  0%
           SMB2QueryFSAttrInfo        0  0%
         SMB2QueryFSFullSzInfo        0  0%
          SMB2QueryFSObjIdInfo        0  0%
            SMB2QueryFSInvalid        0  0%
         SMB2QuerySecurityInfo        0  0%
              SMB2SetBasicInfo        0  0%
             SMB2SetRenameInfo        0  0%
           SMB2SetFileLinkInfo        0  0%
           SMB2SetFileDispInfo        0  0%
             SMB2SetFullEAInfo        0  0%
               SMB2SetModeInfo        0  0%
              SMB2SetAllocInfo        0  0%
                SMB2SetEOFInfo        0  0%
            SMB2SetUnsupported        0  0%
            SMB2SetInfoInvalid        0  0%
           SMB2SetSecurityInfo        0  0%
       SMB2FsctlPipeTransceive       11  8%
             SMB2FsctlPipePeek        0  0%
        SMB2FsctlEnumSnapshots        0  0%
         SMB2FsctlDfsReferrals        7  5%
            SMB2FsctlSetSparse        0  0%
          SMB2FsctlSecureShare        0  0%
      SMB2FsctlFileUnsupported        0  0%
       SMB2FsctlIpcUnsupported        0  0%
                   cancel lock        0
                     wait lock        0
                 copy to align        0
                  alignedSmall       43
                  alignedLarge       27
               alignedSmallRel        0
               alignedLargeRel        0
                 FidHashAllocs        0
                 TidHashAllocs        0
                 UidHashAllocs        0
                      mbufWait        0
                       nbtWait        0
                      pBlkWait        0
              BackToBackCPWait        0
                       cwaWait        0
             short msg prevent        0
                   multipleVCs        0
                   SMB signing        0
              mapped null user        0
                    PDCupcalls        0
                     nosupport        0
                read pipe busy        0
               write pipe busy        0
               trans pipe busy        0
              read pipe broken        0
             write pipe broken        0
             trans pipe broken        0
               queued writeraw        0
                nbt disconnect        2
                smb disconnect        1
                dup disconnect        0
            OpLkBkXorBatchToL2        0
          OpLkBkXorBatchToNone        0
                OpLkBkL2ToNone        0
              OpLkBkNoBreakAck        0
            OpLkBkNoBreakAck95        0
            OpLkBkNoBreakAckNT        0
              OpLkBkIgnoredAck        0
          OpLkBkWaiterTimedOut        0
            OpLkBkDelayedBreak        0
           SharingErrorRetries        0
                  FoldAttempts        0
                   FoldRenames        0
            FoldRenameFailures        0
                 FoldOverflows        0
                FoldDuplicates        0
               FoldWAFLTooBusy        0
               NoAllocCredStat        0
             RetryRPCcollision        0
                  TconCloseTID        0
               GetNTAPExtAttrs        0
               SetNTAPExtAttrs        0
                    SearchBusy        0
                ChgNfyNoMemory        0
                ChgNfyNewWatch        4
               ChgNfyLastWatch        4
             UsedMIDTblCreated        0
           UnusedMIDTblCreated        0
             InvalidMIDRejects        0
          SMB2InvalidSignature        0
     SMB2DurableCreateReceived       15
    SMB2DurableCreateSucceeded        0
    SMB2DurableReclaimReceived        0
   SMB2DurableReclaimSucceeded        0
    SMB2DurableHandlePreserved        0
       SMB2DurableHandlePurged        0
      SMB2DurableHandleExpired        0
               SMB2FileDirInfo        0
           SMB2FileFullDirInfo        0
         SMB2FileIdFullDirInfo        0
           SMB2FileBothDirInfo        0
         SMB2FileIdBothDirInfo        4
             SMB2FileNamesInfo        0
        SMB2FileDirUnsupported        0
                 SMB2QueryInfo        0
                   SMB2SetInfo        0
                     SMB2Ioctl       18
        SMB2RelatedCompRequest        8
      SMB2UnRelatedCompRequest        0
               SMB2FileRequest       38
               SMB2PipeRequest       67
                 SMB2nosupport        0
Max Multiplex = 0, Max pBlk Exhaust = 0, Max pBlk Reserve Exhaust = 0
Max FIDs = 3, Max FIDs on one tree = 3
Max Searches on one tree = 0, Max Core Searches on one tree = 0
Max sessions = 2
Max trees = 3
Max shares = 6
Max session UIDs = 1, Max session TIDs = 3
Max locks = 3
Max credentials = 1
Max group SIDs per credential = 9
Max pBlks = 874 Current pBlks = 874 Num Logons = 0
Max reserved pBlks = 32 Current reserved pBlks = 32
Max gAuthQueue depth         = 2
Max gSMBBlockingQueue depth  = 1
Max gSMBTimerQueue depth     = 3
Max gSMBAlfQueue depth       = 1
Max gSMBRPCWorkerQueue depth = 1
Max gOffloadQueue depth      = 2
Local groups: builtins = 6, user-defined = 1, SIDs = 5
RPC group count = 10, RPC group active count = 0
Max Watched Directories = 1, Current Watched Directories = 0
Max Pending ChangeNotify Requests = 0, Current Pending ChangeNotify Requests = 0
Max Pending DeleteOnClose Requests = 2622, Current Pending DeleteOnClose Requests = 0
filer>
filer>
filer> cifs
The following commands are available; for more information
type "cifs help
"
access              domaininfo          nbalias             shares
adupdate            gpresult            prefdc              sidcache
audit               gpupdate            resetdc             stat
broadcast           help                restart             terminate
changefilerpwd      homedir             sessions            testdc
comment             lookup              setup               top
filer> cifs top
The cifs.per_client_stats.enable option must be on to use "cifs top"
filer> options cifs.per_client_stats.enable on
filer> cifs top
No active clients.
filer> cifs top
 ops/s  reads(n, KB/s) writes(n, KB/s) suspect/s   IP              Name
     5 |      0     0 |       0     0 |        0 | 192.168.11.100  hogehoge\administrator
filer> cifs sessions
Server Registers as 'FILER02' in Windows 2000 domain 'hogehoge'
Root volume language is not set. Use vol lang.
Selected domain controller \\AD-SERVER for authentication
====================================================
PC IP(PC Name) (user)           #shares   #files
192.168.11.100(AD-SERVER) (hogehoge\administrator - pcuser)
                                      1         0
filer> cifs gpresult

[1]
        Display Name: Default Domain Policy
        GPO DN: CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=hogehoge,DC=co,DC=jp
        Name: {31B2F340-016D-11D2-945F-00C04FB984F9}
        FileSysPath: \\hogehoge.co.jp\sysvol\hogehoge.co.jp\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}
        versionNumber: 3
        Link:Domain
        Extension:
                  Registry (partially supported)
                  Security (partially supported)
                  EFS Recovery (not supported)


filer> cifs domaininfo
Thu Dec 12 01:29:24 JST [filer:auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for hogehoge.CO.JP.
Thu Dec 12 01:29:24 JST [filer:auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using DNS site query (Default-First-Site-Name).
Thu Dec 12 01:29:24 JST [filer:auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using generic DNS query.
Thu Dec 12 01:29:24 JST [filer:auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- AD LDAP server address discovery for hogehoge.CO.JP complete. 1 unique addresses found.
NetBios Domain:           hogehoge
Windows 2003 Domain Name: hogehoge.co.jp
Type:                     Windows 2003
Filer AD Site:            Default-First-Site-Name

Current Connected DCs:    \\AD-SERVER
Total DC addresses found: 1
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.11.100  AD-SERVER        PDC
Other Addresses:
                          None

Connected AD LDAP Server: \\ad-server.hogehoge.co.jp
Preferred Addresses:
                          None
Favored Addresses:
                          192.168.11.100
                           ad-server.hogehoge.co.jp
Other Addresses:
                          None
filer>
filer>
filer>

広告を非表示にする