Sun StorageTek[TM] NAS 5000 Series: Verifying Authenticated IPC Settings

Asset ID:	1-71-1012840.1
Update Date:	2011-02-28
Keywords:

Solution Type Technical Instruction Sure

Solution 1012840.1 : Sun StorageTek[TM] NAS 5000 Series: Verifying Authenticated IPC Settings

Related Items


Sun Storage 5220 NAS Appliance
 Sun Storage 5310 NAS Appliance
 Sun Storage 5210 NAS Appliance
 Sun Storage 5320 NAS Gateway/Cluster System
 Sun Storage 5320 NAS Appliance
 Sun Storage 5310 NAS Gateway System

Related Categories


GCS>Sun Microsystems>Storage - Disk>Network Attached Storage

PreviouslyPublishedAs
217621

Description
Windows(R) 2000 and later operating systems can be configured to refuse anonymous connections, otherwise known as null sessions. Typically, this is done for security reasons. Restricting anonymous connections is not recommended unless all clients and servers in the domain are running Windows 2000 or newer.

Steps to Follow
To check the setting of this policy, check the following registry key:

 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\RestrictAnonymous.

(NOTE: The registry key name or location may vary slightly depending on OS version. Check the Microsoft OS documentation if the key is not found as listed.

Possible values are 0, 1 and 2, as follows:

 0 - None. Rely on default permissions
1 - Do not allow enumeration of SAM accounts and names
2 - No access without explicit anonymous permissions

The setting 2 is the most restrictive.

Note - The domain controller must be rebooted for any change to this setting to take effect.

As of release 4.11 of the NAS Operating System, the Sun StorageTek[TM] NAS supports authenticated IPC. This should be the default setting. To check it, type show smbrdr.ipc.mode at the NAS command line interface. You will find one of the following three settings:

A value of auth indicates authenticated IPC is configured and working.
A value of fallback,anon indicates that authenticated IPC was configured and working, but is no longer functioning due to a password failure. This is almost always due to a change in the Windows Domain Administrator password. To correct this, re-enter the administrator account name with the correct password in the CIFS/SMB Configuration -- Domain Configuration screen. This will not require a reboot of the NAS.
A value of anon indicates that authenticated IPC has been disabled. To correct this, use the CLI command load smbtools and then the command smbconfig ipc mode=auth, then re-enter administrator and password information at the CIFS/SMB Configuration -- Domain Configuration screen

Internal Comments
This document contains normalized content and is managed by the the Domain Lead(s) of the respective domains. To notify content owners of a knowledge gap contained in this document, and/or prior to updating this document, please contact the domain engineers that are managing this document via the “Document Feedback” alias(es) listed below:

[email protected]

NAS, normalized, fallback, IPC, CIFS, 5310, 5320, audited
Previously Published As
89222

Change History
Date: 2007-06-13
User Name: 7058
Action: Approved
Comment: Product name changed per request.
Trademarked as required.
Corrected 1 typo.
Spell ck OK.
Tags OK.
OK to publish.
Version: 3
Date: 2007-06-13
User Name: 160775
Action: Add Comment
Comment: If possible, please change title from 'NAS 53x0' to 'NAS 5000 Series". - wh
Version: 0
Date: 2007-06-12
User Name: 7058
Action: Accept
Comment:
Version: 0

Attachments

This solution has no attachment