HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Cannot modify/add shares with Advanced Server 7.3A ECO-4

 
mschumi
Occasional Advisor

Cannot modify/add shares with Advanced Server 7.3A ECO-4

My system is a OpenVMS V7.3-1 System in a cluster with an Itanium running OpenVMS 8.3

Itanium is not running AdvancedServer, but Samba.

 

Advanced Server Eventlog shows:

 

--------------------------

Events in System Event Log on server "ALFRED":

T Date     Time        Source    Category        Event  User       Computer
- -------- ----------- --------- --------------- ------ ---------- -------------
E 06/13/12 12:40:39 PM BROWSER   None            8032   N/A        ALFRED
The browser service has failed to retrieve the backup list too many times on tra
nsport netbios/streams/knbs. The backup browser is stopping.

W 06/13/12 12:40:39 PM BROWSER   None            8021   N/A        ALFRED
The browser was unable to retrieve a list of servers from the browser master \\D
EFFMI0A11 on the network netbios/streams/knbs. The data is the error code.
Data:
    0000: ea 00 00 00 00 00 00 00    ê.......

--------------------------

 

I found that the existence of an Advanced Server Cluster (which is necassary, but nor for me), may the problem.

I found that in

http://support.microsoft.com/kb/135404/en-us

 

What can I do?

7 REPLIES
Brad McCusker
Respected Contributor

Re: Cannot modify/add shares with Advanced Server 7.3A ECO-4

Other than the events you see in the event log - what exactly is the problem?

 

The title says "Cannot modify/add shares with Advanced Server 7.3A ECO-4" - Is that the problem?  If so, can you share with us the error you seen when you try to add/modify a share?  Tell us what you are trying to do and what you get for a response.

 

Is the addition of Itanium and/or Samba a recent change that might correspond to the problems you are seeing now?

 

Brad McCusker

Software Concepts International

www.sciinc.com

Brad McCusker
Software Concepts International
mschumi
Occasional Advisor

Re: Cannot modify/add shares with Advanced Server 7.3A ECO-4

O.k., sorry that I explained my problem not exactly.

 

If I enter the command to show a share with permissions:

 

===================================

 

$ admin show share vcedc /fu

Shared resources on server "ALFRED":

Name          Type       Description
------------  ---------  -------------------------------------------------------
VCEDC         Directory  RICHTER
    Path: $USER1:[VCEDC]
    Connections:  Current: 0, Maximum: No limit
    RMS file format: Stream
    Directory Permissions: System: RWED, Owner: RWED, Group: RWED, World: RE
    File Permissions: System: RWD, Owner: RWD, Group: RWD, World: R
    Share Permissions:
        SYSTEM                          Full Control

  Total of 1 share

===================================

 

I get only the local user, but not the domain users, which are still permitted and had been authorized

in the past.

 

If i want to add a permission:

===================================

$ admin modify share vcedc /perm=ww004\frax222s:f
%PWRK-E-ERRMODSHAREPERM, error modifying permissions for share "VCEDC"
-LM-E-NOTALLMAPPED, one or more user or group names were not found

===================================

 

So I can't change permission for shares from VMS.

If I use the Windows Management Console, sometimes I am able to.

In this case, it could be to  see a lot of SIDs, but no Usernames.

 

On the other hand, I'm able to show user's characteristics with

 

$ admin show user <Username>

 

It is noticeable to see , that one service is not not able to finish his start.

 

=========

$ admin show service

 


Services on server "ALFRED":

Service          Status
---------------  ---------------
BROWSER          Start Pending
EVENTLOG         Started
NETLOGON         Started
SERVER           Started

  Total of 4 services

==========

 

Please do not recommend to update to 7.3-B, because I don't like to updates the OS.

 

Thanks very much

abrsvc
Respected Contributor

Re: Cannot modify/add shares with Advanced Server 7.3A ECO-4

I must point out that you have an unsupported configuration here. First of all, V7.3-1 is NOT supported within a cluster with V8.3. V7.3-2 is the supported version and even that should be up to date with patches. While this may not be the reason for the problem you are seeing, in general, unsupported configurations are unsupported for a reason. As much as you dislike updates, I would recommend that the OS be upgraded to the supported level.

Upgrading the application (in this case Pathworks) to V7.3B is also recommended. Brad can address the specific "fixes" addressed by V7.3B far better than I can.

Dan
Paul Nunez
Respected Contributor

Re: Cannot modify/add shares with Advanced Server 7.3A ECO-4

The symptoms you describe indicate the domain controllers have the following security policy disabled:

 

    Network access: Allow anonymous SID/name translation

 

Advanced Server needs this policy to be enabled in order to do (anonymous) SID/name lookups...

 

Paul

mschumi
Occasional Advisor

Re: Cannot modify/add shares with Advanced Server 7.3A ECO-4

Paul, this seems to be right.
Domain administration told, they had enabled Kerberos authentication. I have to make this working.
Paul Nunez
Respected Contributor

Re: Cannot modify/add shares with Advanced Server 7.3A ECO-4

Well, Kerberos has nothing to do with this (Advanced Server doesn't use Kerberos).

 

In order to get it to work, that policy MUST be enabled.   You can probably get away with enabling it only on the PDC emulator, but that's risky, imho. 

 

The other option is to avoid the ADMIN utility and use your Windows client to perform the operation.  When setting permissions, the Windows client itself communicates with the domain controller to translate SIDs to names.

 

For example, you can use the Computer Management applet to connect to the Advanced Server and modify share permissions.   Use Explorer to change file/folder permissions.

 

But if you need to do admin tasks such as manage hostmappings or personal shares, it's only possible using the ADMIN utility...

 

WIth Advanced Server v7.3B ECO1 it's possible to have "Allow anonymous SID/name translation" disabled, but only if you're able to logon the domain using an admin account (which isn't even possible if the domain controllers are running Windows Server 2008 R2), unless... Advanced Server is also used for External Authentication.

 

This type of restriction/limitation is precisely why Advanced Server is in maintenance mode and has been replaced by HP CIFS for OpenVMS (a port of the Open Source Samba for Linux v3.0.28a software). Alas, CIFS requires OpenVMS v8.3 or later...

 

Paul

mschumi
Occasional Advisor

Re: Cannot modify/add shares with Advanced Server 7.3A ECO-4

Dear Paul,

 

thank you for valuable information.

I've used computer management in the near past and I'm able to set share permission.

I don't see there Usernames, but SIDs.

 

If use a tool like rmtshare, it works some time and then puts out only local Usernames, as Admin do.

 

Regards Matthias