Hello, everyone!
Do you know how to solve no permission to open a folder after a CIFS share is mounted to a domain name? Don't worry, the post will share with you!
Symptoms
After a Windows client added to the AD domain mounts a CIFS share using the domain name, an error message is displayed indicating that the user does not have the permission to open the folder. The folder has the read and write permissions of the local AD domain group. When the share is mounted, the domain user who logs in to the folder has been added to the local AD domain group.
Cause
Resource SID Compression in Windows Server 2012 may cause Authorization problems on devices that don't support Resource SID compression. For details, see. https://support.microsoft.com/en-us/kb/2774190
Analysis
1. The AD domain controller runs Windows 2012 R2.
2. The storage version is V300R006C00SPC100 or earlier.
3. Check whether the AD domain user joins a local AD domain group as shown in the following figure.
Solution
Method 1:
After OceanStor V3 is added to the AD domain, log in to the AD domain controller.
1. Open Task Manager on the taskbar and click ADSI Edit in Tools.
2. Find the organization unit that stores the OceanStor V3 machine account and clicks the properties of the machine account.
3. In the attribute list of the machine account, find the msDS-SupportedEncryptionTypes field, set the field value to 524319, and confirm the setting.
4. After the properties are modified, run the klist purge command in the Windows client CLI to refresh the Kerberos authentication cache. Then, mount the share again. The corresponding folder is opened successfully.
Method 2:
Install the V300R006C00SPH102 hot patch or upgrade the V300R006C00SPH102 version.
This is my solution, how about yours? Go ahead and share it with us!
