Subscribe

NTFS and UNIX access on Unix security style Qtree

Hi all, i'm a newby in file access protocol and have some questions about how doing or not doing configurations.

i went throught the TR-3490 explaning multiprotocol file access. The Chapetr interesting is forme the Chapter 6 explaining how NTFS users access a NFS export in Unix security style. But the difference in my case in that there is no NIS on my Domain. Unix users are only authenticated on Unix server throught which they access the NFS export mounted from the NetApp.

i have a brief idea of what is expected when configuring Unix security style qtree when access by windows users and/or Unix users.

the context is the following:

- Filers are FAS2020 in HA pairs in 7.3.6p1

- filer is connected to a windows AD domain. (users are authenticated on AD)

- there is no NIS server on the area

- Unix users access the NFS share throught a Unix server on which they are authenticated

- Windows Users access the NFS share by creating a share for their access

we want Unix users (for batch access) to have access on a NFS share and then Windows users can modify file initially created by Unix batch users.

- so i'm creating a qtree in Unix security style

- creating a NFS export with RW and root access from the UNIX erver with sec=sys parameter

-i'm creating a share for users to access the data from windows side

- i have to add the root password in the /etc/passwd on the filer to allow the Unix server to mount the NFS share

Since windows user have to access data contained in the Unix security style qtree created before, i have to provide a /etc/usermap.cfg file to mapp Windows users to Unix users. ( i can be simple if windows users are the same unix users: it takes only one line)

Since windows users have to get the Unix permission, i have to add lines in the /etc/passwd file with each Unix user Uid, Gid...

so at this point, windows users have been mapped on the Unix side (with usermap.cfg file) and then having Unix permission attributed from the /etc/passwd file.

my question is the following:

1) first, is that wayof configuration is correct ?

2) Since Unix users are accessing the NFS export throught an authenticated session on Unix server, do they also need to be entered in the /etc/password file ?

anyway, the /etc/passwd file contains each Unix Uid and Gid for unix users since windows users are mapped to each same unix user .

Thanks a lot in adance for your reply or further information on how making the thing in the right way.

Kind regards

Jerome

Re: NTFS and UNIX access on Unix security style Qtree

Hello,

1 - your configuration seems to be good. Did you test this ? creat a file with the Windows user and try to modify it by a unix user.

2 - I don't think you have to put unix user in /etc/passwd.

     Did you test test that mapping of the user work ?   :  # wcc -u unix_user  and # wcc -s windows_user

Re: NTFS and UNIX access on Unix security style Qtree

Hello Said,

thanks for your reply.

I didn't test anyomore that configuration. The Qtree is currently in Mixed Mode for the security style. I would like to change it to Unux and then make the usermap and etc/passwd configuration.

But i can test it with a new qtree and export NFS and for Windows user a share et test the user mapping as you mentionned and the file creation.

i will updateyou with thoses tests.

So, you believe that my config seems to be good ?

Thanks a lot in advance.

Kind regards

Re: NTFS and UNIX access on Unix security style Qtree

Hi jerome,

I  had configured a environment like yours, but with the NFSv4 ( and NIS domain). I did like you have done ( Unix security style with usermap), i didn't have to put unix users in /etc/passwd. 

I think this is better then the mixed mode ( I found some post with mixed mode issues )

So, do a test and let me know if it's OK.

Regards

Re: NTFS and UNIX access on Unix security style Qtree

Hi Said,

i think that since you have NIS you do not have to provide users in the /etc/passwd file. Il will try in the next few days and will update you asap.

Thanks a lot for your feedback.

Kind regards