2014-02-05 05:28 PM
I have a Netapp NAS running 8.2. I have a NFS share created and I need to grant a Windows computer account root permissions to the NFS share. I have added the mapping of the account as Domain\Computername$ to the root account but that does not seem to work. Is there anything else I need to configure?
2014-02-05 09:56 PM
Can you explain the scenario little more detailed? why do you want to add the computer account access to the NFS export?
Please provide following information
1. volume/qtree security style of the NFS export
2. name mapping configuration
3. How does the access works? is that the windows sytem account which is trying to access the NFS export or any application running in system account is accessing the NFS export?
2014-02-06 08:10 AM
You can't map a windows computer to a unix account, only windows users. So your usermap.cfg entry should be something like:
Domain\username => root
This assumes security style of unix for the volume. If the security style is NTFS, then you don't have to mess with the mapping; the windows user just needs to be a member of an AD or local group that has access.
2014-02-06 11:12 AM
Thanks. That is what I was seeing. Is there a specific reason why you cannot map a computer account? Domain computer accounts can authenticate just like users to a share. It is a mixed mode share and the computer account can create folders just fine, it just can't see any of the Unix style files and access the folders in that NFS export.
2014-02-06 11:19 AM
https://communities.netapp.com/thread/25252 it works 100% sure, we have is set up at a universcity and many other clients. but the configuration could have to do with ldap services. this is a shot in the past though.
2014-02-06 11:22 AM
Mixed mode shares should be avoided unless you really really really need the permissions to fluxuate between NTFS and unix. It usually causes more issues that it solves.
A point of distinction - it is not the computer account creating folders in the share. It is the user account using that computer. If the top level directory has NTFS permissions, then that user has access via whatever NTFS users/groups have access. If the top level directory has unix permissions, then the windows user either maps to a unix user with permissions (remember that same-name windows to unix mapping is automatic), or the directory is world writeable. The same goes for the stuff the windows user can't access, only in reverse...
What is your unix authentication? local, NIS, LDAP?