topic Linux LDAP User not have the right access to NFS volume directory with NFSv4 ACL in ONTAP Discussions https://community.netapp.com/t5/ONTAP-Discussions/Linux-LDAP-User-not-have-the-right-access-to-NFS-volume-directory-with-NFSv4-ACL/m-p/449386#M42990 <P>After deploy the environment by "<STRONG>How to configure LDAP in ONTAP&nbsp;</STRONG>TR-4835"</P><P>&nbsp;</P><P><STRONG>Environment</STRONG></P><P>1. Windows server 2019 with LDAP services</P><P>2. CentOS7 client use sssd and realm add to the AD Domain, and use two methods according to TR, shows below</P><P data-unlink="true">[root@centos7 ~]# id u01<BR />uid=2000(u01) gid=3000(Domain Users) groups=3000(Domain Users)<BR />[root@centos7 ~]# id u01@gtish.loc<BR />uid=1596602150(u01@GTISH.LOC) gid=1596600513(domain users@GTISH.LOC) groups=1596600513(domain users@GTISH.LOC),1596602153(all test users@GTISH.LOC)&nbsp;</P><P>3. From ONTAP SVM, the name services query returns correct results, shows below</P><P>::*&gt; getxxbyyy getpwbyname -node FAS2750-01 -vserver SVM_LDAP -show-source true -use-cache false -username u01<BR />(vserver services name-service getxxbyyy getpwbyname)<BR />Source used for lookup: LDAP<BR />pw_name: u01<BR />pw_passwd:<BR />pw_uid: 2000<BR />pw_gid: 3000<BR />pw_gecos:<BR />pw_dir:<BR />pw_shell: /bin/bash</P><P>&nbsp;</P><P><STRONG>Problem</STRONG></P><P data-unlink="true">The LDAP user u01@gtish.loc&nbsp;cannot access the directory in the ONTAP NFS volume with NFSv4 ACL, shows below</P><P class=""><SPAN class="">[u01@GTISH.LOC@centos7 ldap]$ nfs4_getfacl root</SPAN></P><P class="">&nbsp;</P><P class=""><SPAN class=""># file: root</SPAN></P><P class=""><SPAN class="">A::OWNER@:rwaDxtTnNcCy</SPAN></P><P class=""><SPAN class="">A::u01@gtish.loc:rwaDxtTnNcCy</SPAN></P><P class=""><SPAN class="">[u01@GTISH.LOC@djwcentos7 ldap]$ cd root/</SPAN></P><P class=""><SPAN class="">bash: cd: root/: access denied</SPAN></P><P class="">&nbsp;</P><P class=""><SPAN class="">Any things set wrong?</SPAN></P> Wed, 04 Jun 2025 09:43:19 GMT DDA 2025-06-04T09:43:19Z Linux LDAP User not have the right access to NFS volume directory with NFSv4 ACL https://community.netapp.com/t5/ONTAP-Discussions/Linux-LDAP-User-not-have-the-right-access-to-NFS-volume-directory-with-NFSv4-ACL/m-p/449386#M42990 <P>After deploy the environment by "<STRONG>How to configure LDAP in ONTAP&nbsp;</STRONG>TR-4835"</P><P>&nbsp;</P><P><STRONG>Environment</STRONG></P><P>1. Windows server 2019 with LDAP services</P><P>2. CentOS7 client use sssd and realm add to the AD Domain, and use two methods according to TR, shows below</P><P data-unlink="true">[root@centos7 ~]# id u01<BR />uid=2000(u01) gid=3000(Domain Users) groups=3000(Domain Users)<BR />[root@centos7 ~]# id u01@gtish.loc<BR />uid=1596602150(u01@GTISH.LOC) gid=1596600513(domain users@GTISH.LOC) groups=1596600513(domain users@GTISH.LOC),1596602153(all test users@GTISH.LOC)&nbsp;</P><P>3. From ONTAP SVM, the name services query returns correct results, shows below</P><P>::*&gt; getxxbyyy getpwbyname -node FAS2750-01 -vserver SVM_LDAP -show-source true -use-cache false -username u01<BR />(vserver services name-service getxxbyyy getpwbyname)<BR />Source used for lookup: LDAP<BR />pw_name: u01<BR />pw_passwd:<BR />pw_uid: 2000<BR />pw_gid: 3000<BR />pw_gecos:<BR />pw_dir:<BR />pw_shell: /bin/bash</P><P>&nbsp;</P><P><STRONG>Problem</STRONG></P><P data-unlink="true">The LDAP user u01@gtish.loc&nbsp;cannot access the directory in the ONTAP NFS volume with NFSv4 ACL, shows below</P><P class=""><SPAN class="">[u01@GTISH.LOC@centos7 ldap]$ nfs4_getfacl root</SPAN></P><P class="">&nbsp;</P><P class=""><SPAN class=""># file: root</SPAN></P><P class=""><SPAN class="">A::OWNER@:rwaDxtTnNcCy</SPAN></P><P class=""><SPAN class="">A::u01@gtish.loc:rwaDxtTnNcCy</SPAN></P><P class=""><SPAN class="">[u01@GTISH.LOC@djwcentos7 ldap]$ cd root/</SPAN></P><P class=""><SPAN class="">bash: cd: root/: access denied</SPAN></P><P class="">&nbsp;</P><P class=""><SPAN class="">Any things set wrong?</SPAN></P> Wed, 04 Jun 2025 09:43:19 GMT https://community.netapp.com/t5/ONTAP-Discussions/Linux-LDAP-User-not-have-the-right-access-to-NFS-volume-directory-with-NFSv4-ACL/m-p/449386#M42990 DDA 2025-06-04T09:43:19Z Re: Linux LDAP User not have the right access to NFS volume directory with NFSv4 ACL https://community.netapp.com/t5/ONTAP-Discussions/Linux-LDAP-User-not-have-the-right-access-to-NFS-volume-directory-with-NFSv4-ACL/m-p/449445#M43000 <P>Using the root user, what does "ls -la" show for that volume/the files in the volume?</P><P>&nbsp;</P><P>Your NFSv4 configuration might be wrong. If the owner shows "nobody" or "nfsnobody" then you need to fix the v4 config. TR-4067 covers it.</P><P>&nbsp;</P><P><A href="https://www.netapp.com/pdf.html?item=/media/10720-tr-4067.pdf" target="_blank">https://www.netapp.com/pdf.html?item=/media/10720-tr-4067.pdf</A></P> Mon, 04 Dec 2023 15:08:48 GMT https://community.netapp.com/t5/ONTAP-Discussions/Linux-LDAP-User-not-have-the-right-access-to-NFS-volume-directory-with-NFSv4-ACL/m-p/449445#M43000 parisi 2023-12-04T15:08:48Z