SMB providers allow Access Anywhere platform to manage and access data on file servers supporting the SMB network file-sharing protocol. In addition to synchronization of metadata synchronization, the “multiuser” SMB providers synchronize permissions. User and group permissions are managed through the SMB server.

The aim of this troubleshooting document is to provide advice on SMB connector troubleshooting issues and edge cases for administrators of Access Anywhere:

• SMB/CIFS Connector (Multiuser)
• Nasuni Connector

We use the words “provider” and “connector” almost interchangeably throughout this document. The precise distinction between them is that a connector is a piece of code that can attach a certain kind of storage to Access Anywhere, and a provider is a connector that has been configured to attach a specific storage system instance to Access Anywhere using a particular account.

1. Getting Permissions from the Storage

The Multi-User SMB connector and the Nasuni connector obtain information about which connectors and folders a user should have access to from the permissions that have been set on the underlying storage.

To have access to a connector a user must have effective permission (directly or via group membership) to access the share to which the storage connector is connected.

Instructions for checking a user’s permissions from the Linux command line can be found here

To check the permissions from Windows:

• navigate to the folder’s parent directory
• open the folder’s context menu
• click on “Properties”
• go to the “Security” tab
• click on “Advanced”

You will see a list of permissions for the folder:



If the user whose permissions you are checking is in a lot of groups then it may be easiest to use the “Effective Access” feature from the “Advanced” tab to see what permissions she has after all of the group permissions are combined.

Note that “Deny” permissions supersede “Allow” permissions.

2. Use Real-Time Mode

These connectors should only be used with in real-time mode. This can be configured by either:

1) setting the provider's Cloud Refresh mode to Enabled:



or:

2) setting the provider's Cloud Refresh mode to Global if the Real-time refresh is turned on in the Sync section of the org.'s Dashboard.

Assuming that the permissions on the underlying storage and the group membership are correct and the provider is operating in Cloud Refresh mode (real-time sync mode), the next step is to determine whether the user can see the share in the Web File Manager and/or from a Access Anywhere desktop Cloud Drive. If the user can see the share in the File Manager and not in the Drive, please ask her to log out from the Drive and then log in again.
If the user can see the share in the Drive and not in the File Manager then please ask her to do a full page refresh of the File Manager’s Files page and also to do a Cloud Refresh of her root directory. If the share is still not visible, contact Support.

Assuming that the permissions on the underlying storage and the group membership are correct and the provider is operating in Cloud Refresh mode (real-time sync mode), the next step is to determine whether the users can see the share in the Web File Manager and/or from a Access Anywhere desktop Cloud Drive. If they can see the share in the File Manager and not in the Drive, please ask them to log out from the Drive and then log in again.
If the users can see the share in the Drive and not in the File Manager then please ask them to do a full page refresh of the File Manager’s Files page and also to do a Cloud Refresh of their root directory. If the share is still not visible, contact Support.

Assuming that the permissions on the underlying storage and the group membership are correct and the provider is operating in Cloud Refresh mode (real-time sync mode), the next step is to determine whether the users can see the share in the Web File Manager and/or from a Access Anywhere desktop Cloud Drive. If they can see the share in the File Manager and not in the Drive, please ask them to log out from the Drive and then log in again.

If the users can see the share in the Drive and not in the File Manager then please ask them to do a full page refresh of the File Manager’s Files page and also to do a Cloud Refresh of their root directory. If the share is still not visible, contact Support.

If the user can see the share in the File Manager and not in the Drive, please ask him to log out from the Drive and then log in again.

If the user can see the Share in the Drive and not in the File Manager then please ask him to do a full page refresh of the File Manager’s Files page and also to do a Cloud Refresh of their root directory.

If the share is still not visible, contact Support.

If the user’s password has changed then the Drive may remain logged in but the shares will no longer be visible through the Drive. In this case the user should log in through the web interface with her new password. This will restore the Drive’s access. She can then exit the web interface without affecting the Drive’s access.

This indicates that the shares are no longer accessible through their mounts on Access Anywhere host. (The shares are “stale”). A linux administrator can refresh the mounts using a script provided by NAA As follows:

• ssh into Access Anywhere as smeconfiguser
• become the root user
• use curl to fetch the script:

curl https://raw.githubusercontent.com/SMEStorage/filefabric-scripts/main/smb_scripts/flush_mounts.sh -o flush_mounts.sh

• make the script executable:

chmod 0700 flush_mounts.sh

• run the script:

./flush_mounts.sh -n <NAS_name_or_IP_address>

For example:

./flush_mounts.sh -n 172.20.25.226

For HA installations this process should be repeated on each of Access Anywhere's web application nodes.

Note that upgrading or restarting the Nasuni Filer can sometimes result in the mounts of shares exported by the Filer becoming stale.

This can happen if a share was added after the user most recently logged in. When this happens, the user should log out and in through the Drive again.

If a share that was previously accessible to a user ceases to be visible, the most likely explanation is that the user’s permissions have changed. Please see Important Point 1 at the top of this document.

As described in Important Point 1 at the top of this document, these providers get their information about which shares a user should see from the permissions that have been set on the underlying storage. These permissions are refreshed frequently by Access Anywhere. The user should first try navigating away from the folder in question and then navigating back to it. If his permissions remain incorrect then check them directly on the storage as described above.

If a file is missing from the Cloud Drive but visible in the Web File Manager the refresh the Drive’s view of the data as follows:

• If you are using the Windows Cloud Drive access this option from the Cloud Drive access this option from the Cloud Drive icon’s context menu on the Windows Task Bar:
  
  
  
  
• If you are using the Mac Cloud Drive access this option from the Cloud Drive access this option from the Cloud Drive icon’s context menu on the Mac Menu Bar:
  
  
  
  If the users can see the file or folder in the Drive and not in the File Manager then please ask them to do a full page refresh of the File Manager’s Files page and also to do a Cloud Refresh of their root directory. If the file/folder is still not visible, contact Support.
  

If a file is missing from both the Web File Manager and the Cloud Drive check the storage directly to confirm that the file or folder is there. If it is, please contact Support.

If the latest version of a file is missing from the Cloud Drive but visible in the Web File Manager then refresh the Drive’s view of the data as follows:

• If you are using the Windows Cloud Drive access this option from the Cloud Drive access this option from the Cloud Drive icon’s context menu on the Windows Task Bar:
  
  
  
  
• If you are using the Mac Cloud Drive access this option from the Cloud Drive access this option from the Cloud Drive icon’s context menu on the Mac Menu Bar:
  
  
  
  If the latest version of the file is missing from the Web File Manager but visible in the Cloud Drive then please ask them to do a full page refresh of the File Manager’s Files page and also to do a Cloud Refresh of their root directory. If the file/folder is still not visible, contact Support.

If a file is missing from both the Web File Manager and the Cloud Drive check the storage directly to confirm that the file or folder is there. If it is, please contact Support.

Navigate to the folder in the Web File Manager. This will cause the directory’s contents to be updated.

When the password of a user who has created shared links changes, the shared links will not be usable until the user re-authenticates on Access Anywhere by logging out and back in.

The speed at which directory listings are displayed in the Cloud Drive and the File Manager is roughly proportional to the number of files or subfolders in the directory, as well as the response time from the storage. As a rule of thumb, allow one second for every thousand files or subfolders.

If directory listings are taking significant longer than one second per thousand items, the most common cause is slow responses by the storage to Access Anywhere’s requests for the access permissions for the folder’s contents. The storage should not take more than a second or two respond to these requests. A Linux system administrator can determine how long the storage is taking to send the permissions by following these steps:

• Log in to Access Anywhere host VM as smeconfiguser using ssh.
• Run the following (using your share, folder and username)

     time smbclient '//<nas name>/<share>' -W '<domain>' -U '<Admin User from Provider setup>' -D '/<slow loading folder name>/' -c 'showacls; ls' 2>&1 .

If the administrator determines that slow responses from the storage are not the case of the delay, please contact Support for assistance.

The name of the share you enter in Access Anywhere and the name of the share on the storage must match exactly including case. Check Access Anywhere value for case and correct it as needed.

The name and path of the folder on the share you enter in Access Anywhere and the name and path of the folder on the share on the storage must match exactly including case. Check Access Anywhere value for case and correct it as needed.

Conflict files are created when Access Anywhere cannot complete certain operations as expected. This happens most frequently when changes are made directly to the storage and also through Access Anywhere (in other words the storage is being used bi-modally). Typically the creation of conflict files does not indicate an error. If, however, conflict files are being created frequently then please contact Support.

Working as root, use the same smbclient command to see whether an SMB connection between Access Anywhere and the storage can be established:

smbclient '//<nas name>/<share>' -W '<domain>' -U '<User from Provider setup>' -D '/<slow loading folder name>/' -c 'ls' 2>&1

Still working as root, use the mount command to see whether the storage can be mounted:

mkdir -p /mnt/tmp;  mount -t cifs -o rw,soft,nolock,user='<User from Provider Setup>',domain='<Domain>',mapchars //<nas name>/<share> /mnt/tmp/

If either of these commands is unsuccessful then Access Anywhere will not be able to use the storage.