Data ONTAP Discussions

What is the right command to show me user mapping?

I am trying to find out what UNIX ID is WINDOW ID "window_id1" mapping to. I used the following two commands, but produced two different outputs? Can you please advise what unix id is this "window_id1" mapping to, and why?   Thank you!

 

 

 

#secd authentication show-creds -node node-01 -vserver vs1 -win-name windown_id1

UNIX UID: unix_id1 <> Windows User: domainname\window_id1 (Domain User)

 

#diag secd name-mapping show -node node-02 -vserver vs1 -direction win-unix window_id1
window_id1 maps to pcuser

4 REPLIES

Re: What is the right command to show me user mapping?

Why do you expect same results on two different SVM?

Re: What is the right command to show me user mapping?

Sorry! It was my typo. I updated my original post.

 

They are on the same SVM, and same node.

Re: What is the right command to show me user mapping?

Hi netappmagic,

 

Without seeing your nm-switch order and name-mapping rules, I can only venture so much.   Here is a possible scenario:

 

Your ns-switch is ldap/nis then files.   Your test user accessed a share via a LIF residing on Node01.  SecD running on Node01 then performed the name mapping and populated the credential cache for the user.  The same test user has never accessed a LIF on Node02, yet.  So the default name mapping or default CIFS unix user option of pcuser is still in effect for the Node02 SecD cache.  Remember:  SECD runs on every node!

 

 

skynet::*>
skynet::*> cifs options show -vserver hadrian_skyvs1 -fields default-unix-user
vserver        default-unix-user
-------------- -----------------
hadrian_skyvs1 pcuser

skynet::*>
skynet::*> diag secd authentication show-creds -node skynet-01 -vserver hadrian_skyvs1 -win-name administrator

 UNIX UID: pcuser <> Windows User: HADRIAN-SKYVS1\Administrator (Windows Local User)

 

If you point your test user to a LIF residing on Node02 or move all the Data LIFs to Node02 temporarily and test access by that user, Node02's show-creds command will look the same as Node01.

 

For more information about multiprotocol name mapping, see pg 114 of the NFS Best Practices Guide TR-4067

 

If this was useful, always remember the kudos button is just a click away!

 

Hadrian

Re: What is the right command to show me user mapping?

Hi Hadrian,

 

These two different commands were run on the same SVM and same node, but got two different results. Sorry, I got typo again.

 

 "window_id1" is mapped to "unix_id1" as the result of running command:

#secd authentication show-creds -node node-02 -vserver vs1 -win-name windown_id1

 

and then mapped to default one "pcuser" as the result of running command:

#diag secd name-mapping show -node node-02 -vserver vs1 -direction win-unix window_id1

 

Any idea now?

 

P.S.

both ns-switch nm-switch is file only here.

Forums