Troubleshooting Common Issues
Troubleshooting Active Directory Issues
Group Quota For An Active Directory User Does Not Work
Description Group quota is defined for an Active Directory group; however, when a group
member consumes space, the actual usage of the group does not grow and the
group limitation is not enforced.
Cause The NAS cluster solution quota enforcement is performed based on the UID and GID
of the file (UNIX) or the SID and the GSID of the primary group of the user (NTFS), if
defined.
For Active Directory users, the Primary Group setting is not mandatory, and if not
defined, the used space is not accounted to any group. For group quota to be
effective with Active Directory users, their primary group must be assigned.
Workaround To setup the primary group for an Active Directory user:
1. Open the Active Directory management.
2. Right-click on the desired user.
3. Select the Member Of tab.
The group you need must be listed.
4. Click the group and then click the Set Primary Group button.
Now quotas takes effect for the user's group.
Active Directory Authentication
Description A valid Active Directory user fails to authenticate.
Cause Probable causes may be:
• The user is trying to authenticate using an incorrect password.
• The user is locked or disabled in Active Directory.
• Active Directory domain controllers are offline or unreachable.
• System clock and Active Directory clock are out of sync.
Workaround
1. Check the NAS cluster solution system event log in the NAS Manager for errors.
2. Verify that the user is not disabled or locked in Active Directory.
3. Verify that domain controllers are online and reachable using the network.
4. Kerberos requires client/server clocks to be in sync. Verify the system time is in
sync with the domain controller time and if required, configure the NTP setting
of the system.
Troubleshooting Active Directory Configuration
Description Unable to add Active Directory users and groups to CIFS shares.
Cause Probable causes may be:
• Unable to ping the domain using FQDN.
• DNS may not be configured.
• NTP may not be configured.
169