Context Navigation

Back to Ticket #193

Ticket #193: cifs_checkup_antes_add_cif.sal

File cifs_checkup_antes_add_cif.sal, 6.9 KB (added by tonin, 7 weeks ago)
Antes de meter los SPN cifs/ en AD

Line
1	[SVC:service@JG8LVB4-A user]$ svc_nas_cifssupport --server pscifs --args="-checkup -full"
2	pscifs :
3
4	------------------------------------Checks--------------------------------------
5
6
7	Component SMB :
8
9	ACL : Checking the number of ACLs per file system. ........................ Pass
10	Connection: Checking the load of SMB TCP connections. ........................... Pass
11	Credential: Checking the validity of credentials. ............................... FAILURE
12	DC : Checking the connectivity and configuration of Domain Controllers. .. FAILURE
13	DFS : DFS check in svc_nas service script is deprecated. .................. Pass
14	DNS : Checking the DNS configuration and connectivity to DNS servers. ..... Pass
15	EventLog : Checking the configuration of Windows Event Logs. ................... FAILURE
16	GPO : Checking the GPO configuration. ..................................... FAILURE
17	HomeDir : Checking the configuration of home directory shares. ................ Pass
18	I18N : Checking the I18N mode and the Unicode/UTF8 translation tables. ..... Pass
19	Kerberos : Checking password updates and AES for Kerberos. ..................... FAILURE
20	LDAP : Checking the LDAP configuration. .................................... Pass
21	LocalGrp : Checking the database configuration of local groups. ................ Pass
22	NIS : Checking the connectivity to the NIS servers. ....................... Pass
23	Ntxmap : Checking the ntxmap configuration file. ............................. Pass
24	Secmap : Checking the SECMAP database. ....................................... Pass
25	Security : Checking the SMB security settings. ................................. Pass
26	Server : Checking the SMB file servers configuration. ........................ FAILURE
27	Share : Checking the network shares database. ............................... Pass
28	SmbList : Checking the range availability of SMB IDs. ......................... FAILURE
29	Threads : Checking for SMB blocked threads. ................................... Pass
30	UnsupOS : Checking for unsupported client network operating systems. .......... Pass
31	UnsupProto: Checking for unsupported client network protocols. .................. Pass
32	VC : Checking the configuration of Virus Checker servers. ................ Pass
33	VDM : Checking the NAS server configuration. .............................. Pass
34	WINS : Checking the connectivity to WINS servers. .......................... Pass
35	--------------------------------------------------------------------------------
36
37	----------------------------SMB : Credential Warnings---------------------------
38
39	Warning 17456169011: pscifs : The user 'UCO\\\\\\\\administrador' has some unmapped SIDs, indicating that the NAS server has not found a Unix user/group associated with the SID for this user credential. This might cause permission issues in an environment that is not purely SMB.
40	--> Check the mapping of the users/groups. You can set up the mapping by using a local passwd/group file, NIS, or Active Directory, depending on the mapping model you choose. Use the 'svc_nas_cifssupport -cred' command to check the credential.
41
42	-----------------------------SMB : EventLog Warnings----------------------------
43
44	Warning 17456169068: pscifs : A new value for the maximum size of the 'application' event log of the NAS server has been defined. This value is not yet effective.
45	--> On the Windows host, start the Microsoft event viewer. Connect to a SMB server of this NAS server and clear the corresponding event logs.
46
47	-------------------------------SMB : GPO Warnings-------------------------------
48
49	Warning 17456169033: pscifs : The GPO parameters of server 'PSCIFS' have not been updated. The update period is not applied. This is important as you run the risk of missing important security settings applied at OU or Domain level by your administrator.
50	--> If necessary, run the svc_nas_cifssupport -gpo command to manually update the GPO settings for the server, then look in the NAS server logs to determine (based on error messages) why the GPO updates fail.
51
52	-----------------------------SMB : Kerberos Warnings----------------------------
53
54	Warning 86171451394: pscifs : There is a Service Principal Name (SPN) mismatch possible for server '${serverName0}', where NTLM authentication was used instead of Kerberos for share mounts. This could result in an increased load on the domain controller and loss of access when the domain controller is not available. Incoming clients connecting to server '${serverName0}' have use the server name '${requestServerName1}'. This mismatch has occurred ${countSinceEvent2} times since the last event logging, and ${totalCount3} times since the last Data Mover reboot.
55	--> Use the svc_nas_cifssupport command from the NAS container with the -setspn option to list the SPNs for the specified server, then use the command to add or delete SPNs until there is no longer a mismatch. If the mismatch is expected, the cifs.spnCheck parameter should be used to disable the mismatch detection and event logging.
56
57	-----------------------------SMB : SmbList Warnings-----------------------------
58
59	Warning 17456169011: pscifs : The user 'UCO\\\\\\\\administrador' has some unmapped SIDs, indicating that the NAS server has not found a Unix user/group associated with the SID for this user credential. This might cause permission issues in an environment that is not purely SMB.
60	--> Check the mapping of the users/groups. You can set up the mapping by using a local passwd/group file, NIS, or Active Directory, depending on the mapping model you choose. Use the 'svc_nas_cifssupport -cred' command to check the credential.
61
62	--------------------------------------------------------------------------------
63
64	---------------------------------SMB : DC Errors--------------------------------
65
66	Error 13160939579: pscifs : PingDC failure: The compname 'pscifs' could not successfully contact the DC 'DOCAD01'. Failed to access the pipe at step Logon IPC$: DC cannot use NETLOGON pipe: status=DOMAIN_CONTROLLER_NOT_FOUND
67	--> Check domain or Domain Controller access policies. For NetBIOS servers, ensure that 'allow pre-Windows 2000 computers to use this account' checkbox is selected when joining the server to the Windows 2000 domain.
68
69
70	--------------------------------------------------------------------------------
71
72	-------------------------------SMB : Server Errors------------------------------
73
74	Error 13157007401: pscifs : The SMB server 'pscifs.uco.es' has not been registered in the DNS. Its status is: Update of \"A\" record failed. If the computer name is not registered in the DNS database, the SMB clients will not be able to access this computer name across the network.
75	--> Check the dynamic update set-up policy on the DNS domain and then manually add the computer name in DNS.
76
77	--------------------------------------------------------------------------------
78
79	Total : 2 errors, 5 warnings

Download in other formats:

Original Format