Network Storage Protocols Discussions

NFS Access denied on NTFS security volume

VENKATA04

Wondering if anyone could help please...

Problem Description :

Unix client is having issues  trying to access NTFS security style qtree

/vol/VJ_Groupdata/qtree_schedules = NTFS security style (not mixed)

above path is exported allowing  rw='unx06.uk.company1.com'

also Cifs shared as 'schedules'

NetApp Filer is 'apfiler01.vj.company1.com'

ONTAP version 8.1.1

AIX client is   'unx06.uk.company1.com'

AIX  3 5 00C128DF4C00

Local IBM AIX  user  is called shibmfg and NTFS domain user is uk\shibmfg

I logged into windows 7 box as uk\shibmfg and tried accessing CIFS share \\ 'apfiler01.vj.company1.com'\'schedules', I was able to RWM.

User Mapping setup

usermap.cfg entry

uk\shibmfg <= shibmfg

\etc\Passwd

Passd line for unix user shibmfg copied from /etc/passwd in unix

Mounting

1)

/vol/VJ_Groupdata/qtree_schedules is mounted using nfsv3 to client  'unx06.uk.company1.com'

Any listing(ls, ls -l, ls -a, ls -ltr etc.) operation, cd, mkdir etc fails.

We get permission denied message.

I added user to local administrators group but it still gives me permissions denies when performing any operation on the mount point as AIX user shibmfg.

useradmin domainuser add uk\shibmfg -g administrators

wcc -s shibmfg

(NT - UNIX) account name(s):  (UK\shibmfg - shibmfg)

        ***************

        UNIX uid = 66362

        user is a member of group daemon (1)

        user is a member of group daemon (1)

wcc -u shibmfg

(NT - UNIX) account name(s):  (UK\shibmfg - shibmfg)

        ***************

        UNIX uid = 66362

        user is a member of group daemon (1)

        user is a member of group daemon (1)

2) 

/vol/VJ_Groupdata/qtree_schedules is mounted using nfsv2 to client  'unx06.uk.company1.com'

RWM successful

I now  removed user from local administrators  same problem again

useradmin domainuser delete uk\shibmfg -g administrators

So I ended up making 2 changes, first is to mount using nfs v2 and the second is to add ntfs user to local administrators on the filer.

Note: I tested uk\shibmfg  permissions on 'schedules' without adding him in local admins, I was able to rwm

Would appreciate your help if Any one could put me in the correct direction please

2 REPLIES 2

aborzenkov

Did you paste actual computer output? Wcc does not show any Windows SID information; it cannot work this way.

VENKATA04

Yes, I have pasted output from the filer.

Filer is on Ontap 8.1.1 7-mode

I am not sure what changes I can make to fix this issue

NFS v2 works ok on AIX client

wcc -s uk\shibmfg -vvv

(NT - UNIX) account name(s):  (UK\shibmfg - shibmfg)

        ***************

        UNIX uid = 66362

        user is a member of group daemon (1)

        user is a member of group daemon (1)

        NT membership

                UK\shibmfg

                   (S-1-5-21-2981854497-1309751324-3990815460-66680)

                UK\U2_U2STANDARDWORK_R_L

                   (S-1-5-21-547238872-1490489293-2087665911-7401)

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public