filer> cifs terminate
CIFS local server is shutting down...
CIFS local server has shut down...
filer>
ドメイン参加のために、再セットアップをします。
ここまでが、セットアップ。あとは、各コマンドでアクセス権の設定だとか、ユーザーの確認、ドメイン情報を見たりしていきます。
filer> cifs setup
This process will enable CIFS access to the filer from a Windows(R) system.
Use "?" for help at any prompt and Ctrl-C to exit without committing changes.
This filer is currently a member of the Active Directory domain
'hogehoge.CO.JP'.
Do you want to continue and change the current filer account information? [n]: yes
Your filer does not have WINS configured and is visible only to
clients on the same subnet.
Do you want to make the system visible via WINS? [n]: no
This filer is currently configured as an NTFS-only filer.
Would you like to reconfigure this filer to be a multiprotocol filer? [n]: yes
The default name for this CIFS server is 'FILER'.
Would you like to change this name? [n]:
Data ONTAP CIFS services support four styles of user authentication.
Choose the one from the list below that best suits your situation.
(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication
Selection (1-4)? [1]: 1
What is the name of the Active Directory domain? [hogehoge.CO.JP]:
In Active Directory-based domains, it is essential that the filer's
time match the domain's internal time so that the Kerberos-based
authentication system works correctly. If the time difference between
the filer and the domain controllers is more than 5 minutes,
authentication will fail. Time services are currently not configured
on this filer.
Would you like to configure time services? [y]:
CIFS Setup will configure basic time services. To continue, you must
specify one or more time servers. Specify values as a comma or space
separated list of server names or IPv4 addresses. In Active
Directory-based domains, you can also specify the fully qualified
domain name of the domain being joined (for example: "hogehoge.CO.JP"),
and time services will use those domain controllers as time servers.
Enter the time server host(s) and/or address(es) [hogehoge.CO.JP]:
Would you like to specify additional time servers? [n]:
1 entry was deleted.
In order to create an Active Directory machine account for the filer,
you must supply the name and password of a Windows account with
sufficient privileges to add computers to the hogehoge.CO.JP domain.
Enter the name of the Windows user [Administrator@hogehoge.CO.JP]:
Password for Administrator@hogehoge.CO.JP:
CIFS - Logged in as Administrator@hogehoge.CO.JP.
An account that matches the name 'FILER' already exists in Active
Directory: 'cn=filer,cn=computers,dc=hogehoge,dc=co,dc=jp'. This is
normal if you are re-running CIFS Setup. You may continue by using
this account or changing the name of this CIFS server.
Do you want to re-use this machine account? [y]: n
Enter the CIFS server name for the filer [FILER]: filer02
The user that you specified has permission to create the filer's
machine account in several (2) containers. Please choose where you
would like this account to be created.
(1) CN=computers
(2) OU=Domain Controllers
(3) None of the above
Selection (1-3)? [1]: 1
CIFS - Starting SMB protocol...
Welcome to the hogehoge.CO.JP (hogehoge) Active Directory(R) domain.
CIFS local server is running.
filer>
filer>
filer> cifs shares
Name Mount Point Description
---- ----------- -----------
ETC$ /etc Remote Administration
BUILTIN\Administrators / Full Control
HOME /vol/vol0/home Default Share
everyone / Full Control
C$ / Remote Administration
BUILTIN\Administrators / Full Control
vol /vol/vol
everyone / Full Control
BUILTIN\Users / Full Control
hogehoge\guest / Full Control
hogehoge\hogehoge / Full Control
hogehoge\ac-admin / Full Control
FILER02\administrator / Full Control
BUILTIN\Administrators / Full Control
hogehoge\administrator / Full Control
filer>
filer> Thu Dec 12 01:25:23 JST [filer:nbt.nbns.registrationComplete:info]: NBT: All CIFS name registrations have completed for the local server.
filer> useradmin domainuser list -g Administrators
List of SIDS in Administrators
S-1-5-21-566600022-1970368624-1386761716-500
S-1-5-21-473926273-954487227-3379319696-512
S-1-5-21-473926273-954487227-3379319696-500
For more information about a user, use the 'cifs lookup' and 'useradmin user list' commands.
filer>
filer>
filer> cifs lookup S-1-5-21-566600022-1970368624-1386761716-500
name = FILER02\administrator
filer> cifs lookup S-1-5-21-473926273-954487227-3379319696-512
name = hogehoge\Domain Admins
filer> cifs lookup S-1-5-21-473926273-954487227-3379319696-500p
lookup failed
filer> cifs lookup S-1-5-21-473926273-954487227-3379319696-500
name = hogehoge\administrator
filer>
filer>
filer>
filer>
filer> cifs
The following commands are available; for more information
type "cifs help <command>"
access domaininfo nbalias shares
adupdate gpresult prefdc sidcache
audit gpupdate resetdc stat
broadcast help restart terminate
changefilerpwd homedir sessions testdc
comment lookup setup top
filer> cifs sessions
Server Registers as 'FILER02' in Windows 2000 domain 'hogehoge'
Root volume language is not set. Use vol lang.
Selected domain controller \\AD-SERVER for authentication
====================================================
PC IP(PC Name) (user) #shares #files
filer> cifs stat
reject 0 0%
mkdir 0 0%
rmdir 0 0%
open 0 0%
create 0 0%
close 0 0%
X&close 0 0%
flush 0 0%
X&flush 0 0%
delete 0 0%
rename 0 0%
NTRename 0 0%
getatr 0 0%
setatr 0 0%
read 0 0%
X&read 0 0%
write 0 0%
X&write 0 0%
lock 0 0%
unlock 0 0%
mknew 0 0%
chkpth 0 0%
exit 0 0%
lseek 0 0%
lockread 0 0%
X&lockread 0 0%
writeunlock 0 0%
readbraw 0 0%
writebraw 0 0%
writec 0 0%
gettattre 0 0%
settattre 0 0%
lockingX 0 0%
IPC 0 0%
open2 0 0%
find_first2 0 0%
find_next2 0 0%
query_fs_info 0 0%
query_path_info 0 0%
set_path_info 0 0%
query_file_info 0 0%
set_file_info 0 0%
create_dir2 0 0%
Dfs_referral 0 0%
Dfs_report 0 0%
echo 0 0%
writeclose 0 0%
openX 0 0%
readX 0 0%
writeX 0 0%
findclose 0 0%
tcon 0 0%
tdis 9 6%
negprot 3 2%
login 0 0%
logout 0 0%
tconX 0 0%
dskattr 0 0%
search 0 0%
fclose 0 0%
NTCreateX 0 0%
NTTransCreate 0 0%
NTTransIoctl 0 0%
NTTransNotify 0 0%
NTTransSetSec 0 0%
NTTransQuerySec 0 0%
NTNamedPipeMulti 0 0%
NTCancel CN 0 0%
NTCancel Other 0 0%
SMB2Echo 0 0%
SMB2Negprot 0 0%
SMB2TreeConnnect 16 11%
SMB2TreeDisconnect 9 6%
SMB2Login 6 4%
SMB2Create 15 10%
SMB2Read 0 0%
SMB2Write 0 0%
SMB2Lock 0 0%
SMB2Unlock 0 0%
SMB2OplkBrkAck 0 0%
SMB2ChgNfy 4 3%
SMB2CLose 18 13%
SMB2Flush 0 0%
SMB2Logout 2 1%
SMB2Cancel 3 2%
SMB2IPCCreate 11 8%
SMB2IPCRead 11 8%
SMB2IPCWrite 11 8%
SMB2QueryDir 8 6%
SMB2QueryFileBasicInfo 0 0%
SMB2QueryFileStndInfo 0 0%
SMB2QueryFileIntInfo 0 0%
SMB2QueryFileEAInfo 0 0%
SMB2QueryFileFEAInfo 0 0%
SMB2QueryFileModeInfo 0 0%
SMB2QueryAltNameInfo 0 0%
SMB2QueryFileStreamInfo 0 0%
SMB2QueryNetOpenInfo 0 0%
SMB2QueryAttrTagInfo 0 0%
SMB2QueryAccessInfo 0 0%
SMB2QueryFileUnsupported 0 0%
SMB2QueryFileInvalid 0 0%
SMB2QueryFSVolInfo 0 0%
SMB2QueryFSSizeInfo 0 0%
SMB2QueryFSDevInfo 0 0%
SMB2QueryFSAttrInfo 0 0%
SMB2QueryFSFullSzInfo 0 0%
SMB2QueryFSObjIdInfo 0 0%
SMB2QueryFSInvalid 0 0%
SMB2QuerySecurityInfo 0 0%
SMB2SetBasicInfo 0 0%
SMB2SetRenameInfo 0 0%
SMB2SetFileLinkInfo 0 0%
SMB2SetFileDispInfo 0 0%
SMB2SetFullEAInfo 0 0%
SMB2SetModeInfo 0 0%
SMB2SetAllocInfo 0 0%
SMB2SetEOFInfo 0 0%
SMB2SetUnsupported 0 0%
SMB2SetInfoInvalid 0 0%
SMB2SetSecurityInfo 0 0%
SMB2FsctlPipeTransceive 11 8%
SMB2FsctlPipePeek 0 0%
SMB2FsctlEnumSnapshots 0 0%
SMB2FsctlDfsReferrals 7 5%
SMB2FsctlSetSparse 0 0%
SMB2FsctlSecureShare 0 0%
SMB2FsctlFileUnsupported 0 0%
SMB2FsctlIpcUnsupported 0 0%
cancel lock 0
wait lock 0
copy to align 0
alignedSmall 43
alignedLarge 27
alignedSmallRel 0
alignedLargeRel 0
FidHashAllocs 0
TidHashAllocs 0
UidHashAllocs 0
mbufWait 0
nbtWait 0
pBlkWait 0
BackToBackCPWait 0
cwaWait 0
short msg prevent 0
multipleVCs 0
SMB signing 0
mapped null user 0
PDCupcalls 0
nosupport 0
read pipe busy 0
write pipe busy 0
trans pipe busy 0
read pipe broken 0
write pipe broken 0
trans pipe broken 0
queued writeraw 0
nbt disconnect 2
smb disconnect 1
dup disconnect 0
OpLkBkXorBatchToL2 0
OpLkBkXorBatchToNone 0
OpLkBkL2ToNone 0
OpLkBkNoBreakAck 0
OpLkBkNoBreakAck95 0
OpLkBkNoBreakAckNT 0
OpLkBkIgnoredAck 0
OpLkBkWaiterTimedOut 0
OpLkBkDelayedBreak 0
SharingErrorRetries 0
FoldAttempts 0
FoldRenames 0
FoldRenameFailures 0
FoldOverflows 0
FoldDuplicates 0
FoldWAFLTooBusy 0
NoAllocCredStat 0
RetryRPCcollision 0
TconCloseTID 0
GetNTAPExtAttrs 0
SetNTAPExtAttrs 0
SearchBusy 0
ChgNfyNoMemory 0
ChgNfyNewWatch 4
ChgNfyLastWatch 4
UsedMIDTblCreated 0
UnusedMIDTblCreated 0
InvalidMIDRejects 0
SMB2InvalidSignature 0
SMB2DurableCreateReceived 15
SMB2DurableCreateSucceeded 0
SMB2DurableReclaimReceived 0
SMB2DurableReclaimSucceeded 0
SMB2DurableHandlePreserved 0
SMB2DurableHandlePurged 0
SMB2DurableHandleExpired 0
SMB2FileDirInfo 0
SMB2FileFullDirInfo 0
SMB2FileIdFullDirInfo 0
SMB2FileBothDirInfo 0
SMB2FileIdBothDirInfo 4
SMB2FileNamesInfo 0
SMB2FileDirUnsupported 0
SMB2QueryInfo 0
SMB2SetInfo 0
SMB2Ioctl 18
SMB2RelatedCompRequest 8
SMB2UnRelatedCompRequest 0
SMB2FileRequest 38
SMB2PipeRequest 67
SMB2nosupport 0
Max Multiplex = 0, Max pBlk Exhaust = 0, Max pBlk Reserve Exhaust = 0
Max FIDs = 3, Max FIDs on one tree = 3
Max Searches on one tree = 0, Max Core Searches on one tree = 0
Max sessions = 2
Max trees = 3
Max shares = 6
Max session UIDs = 1, Max session TIDs = 3
Max locks = 3
Max credentials = 1
Max group SIDs per credential = 9
Max pBlks = 874 Current pBlks = 874 Num Logons = 0
Max reserved pBlks = 32 Current reserved pBlks = 32
Max gAuthQueue depth = 2
Max gSMBBlockingQueue depth = 1
Max gSMBTimerQueue depth = 3
Max gSMBAlfQueue depth = 1
Max gSMBRPCWorkerQueue depth = 1
Max gOffloadQueue depth = 2
Local groups: builtins = 6, user-defined = 1, SIDs = 5
RPC group count = 10, RPC group active count = 0
Max Watched Directories = 1, Current Watched Directories = 0
Max Pending ChangeNotify Requests = 0, Current Pending ChangeNotify Requests = 0
Max Pending DeleteOnClose Requests = 2622, Current Pending DeleteOnClose Requests = 0
filer>
filer>
filer> cifs
The following commands are available; for more information
type "cifs help <command>"
access domaininfo nbalias shares
adupdate gpresult prefdc sidcache
audit gpupdate resetdc stat
broadcast help restart terminate
changefilerpwd homedir sessions testdc
comment lookup setup top
filer> cifs top
The cifs.per_client_stats.enable option must be on to use "cifs top"
filer> options cifs.per_client_stats.enable on
filer> cifs top
No active clients.
filer> cifs top
ops/s reads(n, KB/s) writes(n, KB/s) suspect/s IP Name
5 | 0 0 | 0 0 | 0 | 192.168.11.100 hogehoge\administrator
filer> cifs sessions
Server Registers as 'FILER02' in Windows 2000 domain 'hogehoge'
Root volume language is not set. Use vol lang.
Selected domain controller \\AD-SERVER for authentication
====================================================
PC IP(PC Name) (user) #shares #files
192.168.11.100(AD-SERVER) (hogehoge\administrator - pcuser)
1 0
filer> cifs gpresult
[1]
Display Name: Default Domain Policy
GPO DN: CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=hogehoge,DC=co,DC=jp
Name: {31B2F340-016D-11D2-945F-00C04FB984F9}
FileSysPath: \\hogehoge.co.jp\sysvol\hogehoge.co.jp\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}
versionNumber: 3
Link:Domain
Extension:
Registry (partially supported)
Security (partially supported)
EFS Recovery (not supported)
filer> cifs domaininfo
Thu Dec 12 01:29:24 JST [filer:auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Starting AD LDAP server address discovery for hogehoge.CO.JP.
Thu Dec 12 01:29:24 JST [filer:auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using DNS site query (Default-First-Site-Name).
Thu Dec 12 01:29:24 JST [filer:auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- Found 1 AD LDAP server addresses using generic DNS query.
Thu Dec 12 01:29:24 JST [filer:auth.ldap.trace.LDAPConnection.statusMsg:info]: AUTH: TraceLDAPServer- AD LDAP server address discovery for hogehoge.CO.JP complete. 1 unique addresses found.
NetBios Domain: hogehoge
Windows 2003 Domain Name: hogehoge.co.jp
Type: Windows 2003
Filer AD Site: Default-First-Site-Name
Current Connected DCs: \\AD-SERVER
Total DC addresses found: 1
Preferred Addresses:
None
Favored Addresses:
192.168.11.100 AD-SERVER PDC
Other Addresses:
None
Connected AD LDAP Server: \\ad-server.hogehoge.co.jp
Preferred Addresses:
None
Favored Addresses:
192.168.11.100
ad-server.hogehoge.co.jp
Other Addresses:
None
filer>
filer>
filer>