We are using SSSD with ID Mapping on the Linux client, we have tested by disabling SSSD ID Mapping and adding the UID and GID to unix attributes for the testuser01 account in Active Directory User Properties. We still have the same issue.
Our security style is set to 'unix' on our Netapp.
We're using a 'simple' bind account for our ldap connection and are confident the netapp can communicate to AD for Windows Username resolution.
This is an issue writing files from Windows and showing the correct username and group on Linux NFSv4 mounts. I have tested with NFSv3 and get the same issue.
We are running NetApp Release 9.5P4.
We've tried disconnecting the CIFS drive mapping, restarting CIFS, mapping the CIFS share and remounting NFS. But as we're unable to map win-unix names on the Netapp.
The problem is with the windows-unix name mapping. It seems to be failing based on your explanation.
If it fails then the Windows users will get mapped to default UNIX user PCUSER. This will result in windows user mapping to ID 65534 which is nobody/nfsnobody user in LINUX. So files created by this windows user, when seen from a NFSv3/v4 client would show owner as 65534(nobody/nfsnobody).
For this to work properly the name-mapping has to be configured either on LDAP or Local FILES( using vserver name-mapping).
In My Lab: cdot-vsim2::> set d -c off ; row 0 cdot-vsim2::*> diag secd authentication show-creds -node cdot-vsim2-01 -vserver vijay_9_3 -win-name naslab\vijay <<< Windows user naslab\vijay gets mapped to unix user root( because of CIFS option "-is-admin-users-mapped-to-root-enabled" is set to true and Vijay is a part of administrators group) UNIX UID: root <> Windows User: NASLAB\vijay (Windows Domain User) GID: daemon Supplementary GIDs: daemon ...
cdot-vsim2::*> diag secd authentication show-creds -node cdot-vsim2-01 -vserver vijay_9_3 -win-name naslab\pran <<< Windows user naslab\pran gets mapped to unix user user1( explicit mapping defined) UNIX UID: user1 <> Windows User: NASLAB\pran (Windows Domain User) GID: user1 Supplementary GIDs: user1 nasnfs ..
cdot-vsim2::*> diag secd authentication show-creds -node cdot-vsim2-01 -vserver vijay_9_3 -win-name naslab\test2 <<<<<<< Windows user naslab\test2 gets mapped to unix user pcuser( default mapping used) UNIX UID: pcuser <> Windows User: NASLAB\test2 (Windows Domain User) GID: pcuser Supplementary GIDs: pcuser
cdot-vsim2::*> vserver name-mapping show -vserver vijay_9_3 -direction win-unix Vserver: vijay_9_3 Direction: win-unix Position Hostname IP Address/Mask -------- ---------------- ---------------- 1 - - Pattern: naslab\\administrator Replacement: root 2 - - Pattern: naslab\\pran Replacement: user1 2 entries were displayed.
I would suggest to recheck the LDAP name-mapping and check why it is not working. You can also create a name-mapping locally on the SVM like i did and check if it works.