Solved: Re: Name mapping

singamreddy · ‎2019-09-16

Hi all,

we are facing a issue with name-mapping ( not sure). we have provide a vol(NTFS)/qtree(NTFS) to windows team, then they mount that and craete as /export/dir. now, the linux team is try to access the /export/dir . they are able to mount the path , but not able to access the path which is showing permission denied . from netapp end we have done the name mapping from unix to windows. can anyone help me in this case.

1. do we have to add /root also in name mapping?

2. do we have to check the /export/dir permissions in windows level?

3.do we have to change the security style for the vol from NTFS to UNIX ?

CvetAlek · ‎2019-09-16

Hi,

For better understanding, we will need more data about the issue and details of your system like, ONTAP version, logs related to the issue and maybe packet trace. But, i will try to answer your questions:

First thing that needs to be distinguished is to determine if you have correctly configured export policies.
You can check that with following command: vserver export-policy check-access
https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-900/vserver__export-policy__check-access.html

1. If I correctly understand, you are asking about user root. If the user who is accessing the export is root, than, yes you need to map user root to Windows user who has the expected permission.

2. This is NTFS security style as I understand. So in that case you need to have proper NTFS permission to access the export.

You can check permission from Windows for the share, but also you can check permission of the share from ONTAP with this command: vserver security file-directory show.

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-900/TOC__vserver__security__file-directory__ntfs.html

3. In both cases either NTFS or UNIX security style you can allow access to Windows and Linux users.

The best practices to choose security style is described in documentation
https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.cdot-famg-nfs%2FGUID-00DA93A7-6A41-4DA8-87A8-1DCC91061599.html

View solution in original post

CvetAlek · ‎2019-09-16

Hi,

For better understanding, we will need more data about the issue and details of your system like, ONTAP version, logs related to the issue and maybe packet trace. But, i will try to answer your questions:

First thing that needs to be distinguished is to determine if you have correctly configured export policies.
You can check that with following command: vserver export-policy check-access
https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-900/vserver__export-policy__check-access.html

1. If I correctly understand, you are asking about user root. If the user who is accessing the export is root, than, yes you need to map user root to Windows user who has the expected permission.

2. This is NTFS security style as I understand. So in that case you need to have proper NTFS permission to access the export.

You can check permission from Windows for the share, but also you can check permission of the share from ONTAP with this command: vserver security file-directory show.

https://docs.netapp.com/ontap-9/topic/com.netapp.doc.dot-cm-cmpr-900/TOC__vserver__security__file-directory__ntfs.html

3. In both cases either NTFS or UNIX security style you can allow access to Windows and Linux users.

The best practices to choose security style is described in documentation
https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.cdot-famg-nfs%2FGUID-00DA93A7-6A41-4DA8-87A8-1DCC91061599.html

RajeshPanda · ‎2019-10-10

@singamreddy can you please look into the response given by our experts?

If any of the above response helped you solve your query then please Accept as Solution, this will help others with the same query.

Name mapping

Portfolio Updates | NetApp ONAIR