Network Storage Protocols Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network Storage Protocols Discussions

Start a New Post

NFS mount of a ntfs security style directory fails

rsmits1074
‎2010-12-08 07:24 AM

I have already submitted this as a support call to netapp, but maybe someone here can tell me what is going on.

I have a volume that has the NTFS security style.

-- (qtree)

vol2              ntfs  enabled  normal

--

-------------- (cifs shares)

vol2         /vol/vol2                         Testshare
             ... user limit=10
            everyone / Full Control

---------------

From windows i can access : /vol/vol2

As user richardshared :

sudo mount -t nfs4 -o sec=krb5 srv311:/vol/vol2 /mnt/srv311

** This works **


But now i want to root mount the test homedir : /vol/vol2/richardshared

sudo mount -t nfs4 -o sec=krb5 srv311:/vol/vol2/richardshared /mnt/srv311

mount.nfs4: mount(2): Permission denied
mount.nfs4: access denied by server while mounting srv311:/vol/vol2/richardshared

--- (exportfs)

/vol/vol2    -sec=krb5,rw,anon=0

----

The usermapping works good, I have the same loginname in Windows and Linux, so all the "wcc" commands are also ok.

If i do a ls -al in /vol/vol2 from a nfs mount. (The one that works)

The acl's look ok.

------ (ls -al /vol/vol2)

drwx------ 10 richardshared domain users 4096 2010-12-08 14:25 richardshard

------

fsecurity show /vol/vol2/richardshared            
[/vol/vol2/richardshared - Directory (inum 76923)]
  Security style: NTFS
  Effective style: NTFS

  DOS attributes: 0x0030 (---AD---)

  Unix security:
    uid: 456814 (Richardshared)
    gid: 100513 (Domain Users)
    mode: 0777 (rwxrwxrwx)

  NTFS security descriptor:
    Owner: DOMAIN\richardshared
    Group: DOMAIN\Domain Users
    DACL:
      Allow - DOMAIN\Domain Admins - 0x001f01ff (Full Control) - OI|CI
      Allow - DOMAIN\richardshared - 0x001301bf (Modify) - OI|CI

Does anyone know what this could be ?

Greetings .. Richard Smits

0 Likes
View By:
2 Replies
2 REPLIES 2

Re: NFS mount of a ntfs security style directory fails

AdvUniMD
‎2011-05-11 01:10 AM

For root mounts to work you have to add "root=<ip>" to your /etc/exports file for that volume. Otherwise all root mounts are treated as nobody-mounts and you won't get access.

Also, the option "cifs.nfs_root_ignore_acl" might help you. If set to yes, "root" users from unix ignore windows ACLs (they are basically treated as windows admins)

-Michael

2 Replies

NFS mount of a ntfs security style directory fails

rsmits1074
‎2011-06-14 02:48 AM

The "wafl.default_nt_user" did the trick. I was reading back this forum and saw this thread. Netapp support did advise me of this setting. Apperantly the linux user does not have the permission to see the "deep" path what is exported.

Explanation :

Setting wafl.default_nt_user will effectively map any user we cannot otherwise map to some specific user. This would include pcuser, but is not limited to pcuser.

Or you can do a manual mapping in the usermap.cfg file, but this works good.

View solution in original post

0 Likes
2 Replies
Cloud Volumes ONTAP
Review Banner
All Community Forums
Learn about the Community Get Started
Still have Questions Start a Discussion
Rules of the Community Read More
© 2021 NetApp
Let us know
Public