https://community.netapp.com/t5/General-Discussion/user-mapping-not-working/m-p/442310#M1473 <P>Hello</P><P>I am struggling with user mapping in combination with multiprotocol functionality.</P><P><BR />1. UNIX to Windows mapping: when I define a -default-win-user for the NFS server the mapping does not work. I configured LDAP on the vserver en ldap is enabled in the ns switch options.<BR />Command: "diag secd name-mapping show -node %node% -vserver %vserver% -direction unix-win -name somelocallinuxname" effectively shows me the correct mapping as defined in the<BR />-default-win-user parameter. However, when I want to mount the share on my Linux client I get an access denied. When I manually create a user mapping I can mount and access the share.<BR /><BR />2. Windows to UNIX mapping: I can't make it work. I have set a -default-unix-user in the cifs server settings (eg: root). The command "diag secd ..." returns the correct mapping<BR />but when I try to write data to the share I just get a permission denied (except with a Windows user who is also a member of the administrators group of the vserver).<BR />I also tried with a manually created user mapping (DOMAIN\\(.+) =&gt; root) but to no avail.<BR /><BR />I have consulted the Netapp documentation but I can't find a solution. Does anybody have experience with these settings and provide me with an example how to make this work (preferrably with the default-user and ldap options?).</P><P>Best regards</P> Wed, 04 Jun 2025 09:52:07 GMT digdev 2025-06-04T09:52:07Z https://community.netapp.com/t5/General-Discussion/user-mapping-not-working/m-p/442310#M1473 <P>Hello</P><P>I am struggling with user mapping in combination with multiprotocol functionality.</P><P><BR />1. UNIX to Windows mapping: when I define a -default-win-user for the NFS server the mapping does not work. I configured LDAP on the vserver en ldap is enabled in the ns switch options.<BR />Command: "diag secd name-mapping show -node %node% -vserver %vserver% -direction unix-win -name somelocallinuxname" effectively shows me the correct mapping as defined in the<BR />-default-win-user parameter. However, when I want to mount the share on my Linux client I get an access denied. When I manually create a user mapping I can mount and access the share.<BR /><BR />2. Windows to UNIX mapping: I can't make it work. I have set a -default-unix-user in the cifs server settings (eg: root). The command "diag secd ..." returns the correct mapping<BR />but when I try to write data to the share I just get a permission denied (except with a Windows user who is also a member of the administrators group of the vserver).<BR />I also tried with a manually created user mapping (DOMAIN\\(.+) =&gt; root) but to no avail.<BR /><BR />I have consulted the Netapp documentation but I can't find a solution. Does anybody have experience with these settings and provide me with an example how to make this work (preferrably with the default-user and ldap options?).</P><P>Best regards</P> Wed, 04 Jun 2025 09:52:07 GMT https://community.netapp.com/t5/General-Discussion/user-mapping-not-working/m-p/442310#M1473 digdev 2025-06-04T09:52:07Z https://community.netapp.com/t5/General-Discussion/user-mapping-not-working/m-p/442313#M1474 <P>May be worth looking at this kb to ensure all is ok:<BR /><A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_does_LDAP_name-mapping_work%3F" target="_blank">https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_does_LDAP_name-mapping_work%3F</A></P><P>&nbsp;</P><P>TR-4835 (link below): When you use LDAP for name mapping, usually, it is a symmetric name mapping, but it is also possible to use asymmetric values.</P><P>&nbsp;</P><P>Could you enable this trace so that you could pickup any clues about the mount failure.<BR /><A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_troubleshoot_LDAP_issues_in_Windows_Active_Directory" target="_blank">https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/How_to_troubleshoot_LDAP_issues_in_Windows_Active_Directory</A></P><P><BR />Related:<BR /><A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Understanding_name-mapping_in_a_multiprotocol_environment" target="_blank">https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Understanding_name-mapping_in_a_multiprotocol_environment</A><BR /><A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Security_Daemon_(SecD)_fails_to_find_local_unix_user_by_UID_and_name" target="_blank">https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Security_Daemon_(SecD)_fails_to_find_local_unix_user_by_UID_and_name</A><BR /><A href="https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Implicit_Windows_to_UNIX_name_mapping_fails_when_Windows_user_has_upper_case_characters" target="_blank">https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/Implicit_Windows_to_UNIX_name_mapping_fails_when_Windows_user_has_upper_case_characters</A><BR /><A href="https://www.netapp.com/media/19423-tr-4835.pdf" target="_blank">https://www.netapp.com/media/19423-tr-4835.pdf</A></P><P>&nbsp;</P> Thu, 09 Mar 2023 13:31:13 GMT https://community.netapp.com/t5/General-Discussion/user-mapping-not-working/m-p/442313#M1474 Ontapforrum 2023-03-09T13:31:13Z