General Discussion

Disable NFS name mapping?



I'm urnning ONTAP 9.6 in our FAS2750. My ONTAP is integrated with our AD domain.

Now I'm creating a new NFS share. I've create volume called "xen_vms" and set security style to "UNIX".

The problem is that I can't mount this NFS (in any client, either windows or linux) if I don't fill "Default Windows User" in my NFS configuration (inside my SVM). If I fill this field with, for example, "Administrator" (an user from my domain), everything works fine.

I had the same problem some days ago, when all my AD servers was down for maintenance....and this is my convern.....when all my AD servers are down, I can't use my NFS share. So my questions is: is there any way to disable this 'feature' for NFS? I mean, automatic name mapping for NFS.

This is the error (with AD servers online, but field "Defailt Windows User" empty):

secd.nfsAuth.noNameMap: vserver (FEARP_01) Cannot map UNIX name to CIFS name. Error: Get user credentials procedure failed [ 2085] Determined UNIX id 0 is UNIX user 'root' [ 2085] Mapping Successful for Unix-user 'root' to Windows user 'FEA-RP\root' at position 1 [ 2086] Successfully connected to ip 143.X.Y.Z, port 445 using TCP [ 2094] Successfully authenticated with DC julia.fea-rp.local [ 2099] Could not find Windows name 'FEA-RP\root' **[ 2099] FAILURE: Name mapping for UNIX user 'root' failed. Explicit Mapping failed and no default mapping found

And this was the error while my AD servers was offline (some days ago)




I think I found the solution!

vserver nfs modify -vserver vserver_name -ignore-nt-acl-for-root enabled

This did the trick and now I can mount, even without "Default Windows User"  defined in SVM.