OpenStack Shared File Systems Service (Manila)

cifs ad without machine account creation permissions

Bug #1900755 reported by Maurice Escher on 2020-10-20

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Shared File Systems Service (Manila)	Fix Released	Medium	Caique Mello	OpenStack Shared File Systems Service (Manila) caracal-1

Bug Description

Description
===========
I'm running in DHSS=True mode with the NetApp driver.

To create a share with protocol CIFS my users configured an active directory security service and added this to their share network. Share creation fails and the user message produced is not helping my users to help themselves.

Steps to reproduce
==================

* create a share with protocol CIFS (select a share network that has a security service assigned but with invalid domain join credentials)

Expected result
===============
A) A user message tells me: ERROR - "create: the user supplied via security service has insufficient privilege. Please double check you user, password, ou, domain configuration etc." or something like that

Actual result
=============
* share ends up in error state
* user message is produced ERROR - "create: Could not find an existing share server or allocate one on the share network provided. You may use a different share network, or verify the network details in the share network and retry your request. If this doesn't work, contact your administrator to troubleshoot issues with your network."

As a cloud administrator I clearly see what went wrong in the logs, but my customers don't have access. Some examples:

* insufficient privilege: http://paste.openstack.org/show/799227/
* wrong password: http://paste.openstack.org/show/799228/

Environment
===========
1. Manila on Train Release (with some unrelated changes in a custom fork (https://github.com/sapcc/manila/tree/stable/train-m3)

2. NetApp Ontap Release 9.6P9 backend

3. DHSS=true (neutron bind)

Best regards,
Maurice

See original description

Tags:

Maurice Escher (maurice-escher) on 2020-10-20

description:

updated

Maurice Escher (maurice-escher) on 2020-10-20

description:

updated

Maurice Escher (maurice-escher) on 2020-10-23

tags:

added: netapp

Douglas Viroel (dviroel) on 2020-11-05

Changed in manila:
assignee:	nobody → Douglas Viroel (dviroel)

Vida Haririan (vhariria) on 2020-11-05

Changed in manila:
importance:	Undecided → Medium
milestone:	none → wallaby-1

Revision history for this message

Vida Haririan (vhariria) wrote on 2020-11-05:

Additional comments http://eavesdrop.openstack.org/meetings/manila/2020/manila.2020-11-05-15.01.log.html

Douglas Viroel (dviroel) on 2020-11-24

Changed in manila:
assignee:	Douglas Viroel (dviroel) → Eduardo Santos (ecsantos)

Douglas Viroel (dviroel) on 2020-12-03

Changed in manila:
milestone:	wallaby-1 → wallaby-2

Goutham Pacha Ravi (gouthamr) on 2021-01-22

Changed in manila:
milestone:	wallaby-2 → wallaby-3

Revision history for this message

Goutham Pacha Ravi (gouthamr) wrote on 2021-03-12:

Patch proposed to openstack/manila:
Add exception for insufficient priveleges when using security services
https://review.opendev.org/c/openstack/manila/+/764489

Changed in manila:
status:	New → In Progress
milestone:	wallaby-3 → wallaby-rc1

Goutham Pacha Ravi (gouthamr) on 2021-03-16

tags:

added: wallaby-rc-bugsquash

Goutham Pacha Ravi (gouthamr) on 2021-03-26

Changed in manila:
status:	In Progress → Fix Released

Revision history for this message

kiran pawar (kpdev) wrote on 2021-10-12:

Seems like NetApp driver is not raising the error "SecurityServiceFailedAuth". We need to fix NetApp driver.

Revision history for this message

Goutham Pacha Ravi (gouthamr) wrote on 2021-10-14:

Ah, yes - https://review.opendev.org/c/openstack/manila/+/764489 was a partial fix. I'm re-opening this so we can tag the whole fix/..

Changed in manila:
status:	Fix Released → In Progress
milestone:	wallaby-rc1 → yoga-1

Revision history for this message

Vida Haririan (vhariria) wrote on 2021-10-14:

Discussed this bug in detail, see comments here: https://meetings.opendev.org/meetings/manila/2021/manila.2021-10-14-15.01.log.html

Goutham Pacha Ravi (gouthamr) on 2021-11-29

Changed in manila:
milestone:	yoga-1 → yoga-2

Carlos Eduardo (silvacarlose) on 2022-01-27

Changed in manila:
milestone:	yoga-2 → yoga-3

Carlos Eduardo (silvacarlose) on 2022-03-04

Changed in manila:
milestone:	yoga-3 → zed-1

Carlos Eduardo (silvacarlose) on 2022-05-05

Changed in manila:
milestone:	zed-1 → zed-2

Carlos Eduardo (silvacarlose) on 2022-07-28

Changed in manila:
milestone:	zed-2 → zed-3

Nahim Alves de Souza (nahimsouza) on 2022-09-14

Changed in manila:
assignee:	Eduardo Santos (ecsantos) → Nahim Alves de Souza (nahimsouza)

Carlos Eduardo (silvacarlose) on 2022-10-06

Changed in manila:
milestone:	zed-3 → antelope-1

Carlos Eduardo (silvacarlose) on 2022-11-29

Changed in manila:
milestone:	antelope-1 → antelope-2

Carlos Eduardo (silvacarlose) on 2023-01-25

Changed in manila:
milestone:	antelope-2 → antelope-rc1

Carlos Eduardo (silvacarlose) on 2023-02-27

Changed in manila:
assignee:	Nahim Alves de Souza (nahimsouza) → Felipe Rodrigues (felipefutty)

Goutham Pacha Ravi (gouthamr) on 2023-03-30

Changed in manila:
milestone:	antelope-rc1 → bobcat-1

Felipe Rodrigues (felipefutty) on 2023-04-17

Changed in manila:
assignee:	Felipe Rodrigues (felipefutty) → nobody

Helena (helenadantas) on 2023-04-17

Changed in manila:
assignee:	nobody → Helena (helenadantas)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-04-27: Fix proposed to manila (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/manila/+/881770

Carlos Eduardo (silvacarlose) on 2023-06-21

Changed in manila:
milestone:	bobcat-1 → bobcat-2

Carlos Eduardo (silvacarlose) on 2023-08-17

Changed in manila:
milestone:	bobcat-2 → bobcat-3

Caique Mello (caiquemello) on 2023-09-15

Changed in manila:
assignee:	Helena (helenadantas) → Caique Mello (caiquemello)

Goutham Pacha Ravi (gouthamr) on 2023-09-19

Changed in manila:
milestone:	bobcat-3 → bobcat-rc1

Goutham Pacha Ravi (gouthamr) on 2023-09-21

Changed in manila:
milestone:	bobcat-rc1 → caracal-1

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-09-28: Fix merged to manila (master)

Reviewed: https://review.opendev.org/c/openstack/manila/+/881770
Committed: https://opendev.org/openstack/manila/commit/81126d97e38cf7fb3bfcf4a7c2fd38b6a2da622b
Submitter: "Zuul (22348)"
Branch: master

commit 81126d97e38cf7fb3bfcf4a7c2fd38b6a2da622b
Author: Helena Dantas <email address hidden>
Date: Thu Apr 27 17:14:18 2023 +0000

[NetApp] Add exception for insufficient privilege or incorrect credentials

When creating a share using CIFS protocol users can face errors related
with incorrect credentials or insufficient privileges which have not been properly described by the exception error message.

This patch add a more clearer error message to address this kind of
error to the user.

Closes-Bug: #1900755
Change-Id: I589c218f2c1072e17e76a6a8d8d81541d5072ad1

Changed in manila:
status:	In Progress → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2024-03-14: Fix included in openstack/manila 18.0.0.0rc1

This issue was fixed in the openstack/manila 18.0.0.0rc1 release candidate.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.