Network and Storage Protocols

Folders with NFS and CIFS has access issues on Linux Servers

MUARJUN
8,371 Views

Hi Team,

         We have a qtree named abc and this qtree is shared as nfs and cifs .... For nfs we have given access to one linux server and for cifs we have given windows AD group....

The qtree abc was given nfs access to one linux server and we changed the access to another linux server....However we are unable to change the user,group for the shared folders in the linux server.......

Even i am not able to mount it with root but some particular userid's were able to....We are mounting it using autofs is Linux......

Question is how to make it mounted with root and get into the folder.

Kindly help me....Is there any security style which i have to change for the qtree ( like mixed or ntfs or unix )

Regards,

Arjun.M

4 REPLIES 4

peter_lehmann
8,371 Views

1. do not use mixed

2. it sounds like you want to use unix, as you want to manage the access from linux... let WAFL handle the windows access...

MUARJUN
8,370 Views

Hi Peter,

Thank you for the response......Yes i want to access it in linux and i should be able to change the permissions of the folders which i am not able to do ...I am getting permission denied...The security style which is currently set is ntfs ....but have given access to the server Allow root access...Still root cannot change the permission.

There are lot of AD groups which has access to the folder whre in windows users get access to the folders via that.....My question Is it possible to change the permissions of the folder from linux by root even if it is having security style as ntfs...

Regards,

Arjun.M

peter_lehmann
8,370 Views

Hi Arun

The Securitystyle defines "who" can manage the access to the data. WAFL is treating all data as "multi protocol data" and tries to map the access definitions to both worlds as best as possible.

ntfs = windows admins can change access

unix = unix admins can change access

mixed = last access modifies the ACL, can be very tricky and most often does not lead to success... Do not use it.

In your case, you might need to invest a little in this file /etc/usermap.cfg and create a specific mapping for your unix user to a windows user who has the access you need.

Have a look here:

In a multi-protocol environment, using the filer's usermap.cfg file, map the Windows users to the UNIX user accounts that have access to the desired resources.

For more details, see the System Administrator's Guide, File Sharing between Network File System (NFS) and Common Internet File System protocol (CIFS) section:
http://now.netapp.com/NOW/knowledge/docs/ontap/ontap_index.shtml

MUARJUN
8,370 Views

Hi Peter,

Thanks for your reply...That is a valid answer.... So you mean i have to add the following entry in the usermap.cfg file and check if it works.

cat /etc/usermap.cfg

NTDOM\"#jdoe"  <= joed

here lets take the user id is domain\testuser

I have mention in the usermap.cfg file like

domain\testuser == testuser   (or)  domain\testuser <= testuser

Am i right Peter..This should fix the issue for the domain\testuser to have access to all unix shares whereever the local user id testuser exists.

In the same way if i have to give for root then how to proceed .... As i said in my first post root should have permissions to change the ACL's

something like

*\root == ALL

Public