2010-12-17 02:45 AM
I have joined a netapp filer to a domain. The authentication works, also the NTFS ACLs are set properly and users can access the shares. But I need to provision every user twice: first for the domain and secondly in /etc/passwd from the netapp. Is there a way to avoid that? The authentication and authorization is done using Active Directory but the user needs to appear in /etc/passwd for some reason...
Solved! SEE THE SOLUTION
2010-12-17 04:08 AM
It is multiprotocol. I am serving both NFS and CIFs. But this qtree in particular is NTFS only. It only works if I add the user to the passwd file. It doesn't matter the password since it uses the one in AD.
2010-12-17 06:22 AM
That does not seem right. It appears that the filer is configured to do local user authentication.
Can you turn on cifs.trace_login and see what the error is? AFAIK, if you do Windows AD authentication, you do not need any /etc/passwd entries.
2010-12-20 02:41 AM
If I dont add the entry in /etc/passwd users cannot connect at all. Authentication fails. If I add them authentication works with the AD password and everything seems to be fine.
2010-12-20 03:04 AM
Does it happen for this particular qtree only or for any qtree with NTFS security?
NetApp always performs NT-to-Unix user mapping, even for access to NTFS qtree from Windows client. If mapping fails, access is denied. Check, that
- usermap.cfg does not deny access by listing empty Unix user name, like
\ => ""
Any NT user which maps to empty Unix user in this way will be denied access
- you have non empty wafl.default_unix_user. Default is pcuser that is normally available in /etc/passwd
2010-12-20 09:06 AM
Finally I made it work. It was wafl.default_unix_user which was empty so users with no mapping just mapped to anything and it didn't work. Now I can use new users without problems and they follow the access rules in the NTFS domain!!!
I will let you also know that you solved an issue NetApp support wasn't able to solve and want to say that the support from netapp in this matter has been worse than awfull.
Thanks a lot.