Dual Protocol with Azure NetApp Files

sandblaster120g · ‎2022-07-19

We have setup a dual protocol volume using azure netapp files. After setup, we are having some issues regarding permissions.

- ANF is connected to our AD
- Volume security is set to UNIX

When we create a folder on linux the folder gets the user/group added. When you try and access that same folder from windows you get access denied, even if you were the one to create the folder. The only way to get access is to set the folder to 777. Also when we create a folder on the windows side the unix permissions shows as NFSNOBODY, however it is open to anyone.

Maybe this is a LDAP issue, but we haven't been able to pin point what the exact issue is.

Mjizzini · ‎2022-07-20

Most likely the user is being mapped to unix user "pcuser 65534". LDAP is not configured or LDAP is not reachable.

To verify the mapping is working as intended, you can use the following commands:

Cluster1::> set -privilege advanced
Cluster1::*> vserver services access-check name-mapping show -node [node_name] -vserver [vserver_name] -direction win-unix -name [user_name]

How to configure LDAP Authentication for Cluster (Admin) SVM

dbenadib · ‎2022-09-15

Hi,

Seems that it is a usermap issue but with ANF you don't have access to ONTAP Cli to check with the above cmds..

Anyway, to allow local unix user or correct name translation, you will need to tick the "Allow local NFS users with LDAP" box and obviously enrich LDAP users with UID and GID in the LDAP Posix Attributes.

it is pretty well documented here : https://docs.microsoft.com/en-US/azure/azure-netapp-files/create-volumes-dual-protocol

Look for the section :

Allow local NFS users with LDAP to access a dual-protocol volume

BR

David BENADIBA