Network Storage Protocols Discussions

Highlighted

Need help to access a CIFS share in Unix

Hi,

I need help with accessing a CIFS share on an Unix server. This share is mixed style in qtree.

The share is accessible from windows server through a specific account "_NASVOLsrv".

This account is mapped to root unix account in the usermap.cfg file. I am able to mount this share but when I try to access this share I get permission denied.

The windows name for the share is nassharet01 while Unix name is /vol/nasvol01.

#cifs access

nassharet01      /vol/nasvol01
                        nascorp\_NASVOLsrv / Full Control
                        nascorp\administrator / Full Control

Usermap.cfg file  have the following entries -

administrator == root

nascorp\_NASVOLsrv == root

nascorp\administrator == root

nas1ft01:/vol/nasvol01
                   633339904 411197072 222142832   65% /nas/nas1ft01/cbmsharet01

# cd /nas/nas1ft01/cbmsharet01
ksh: /nas/nas1ft01/cbmsharet01: permission denied

Any inputs provided for this issue will be greatly appreicated.

Thanks

18 REPLIES 18
Highlighted

Re: Need help to access a CIFS share in Unix

I am not sure but I think you need to mount the same path in both CIFS and NFS.

CIFS is only for Windows and if you need a mount point in Linux you need to use NFS.

So I believe the answer is that you should just mount the same CIFS shared path with NFS as well.


Magnus

Highlighted

Re: Need help to access a CIFS share in Unix

Thanks, the share is also setup in NFS.

Highlighted

Re: Need help to access a CIFS share in Unix

Did you configure the NFS export to have read-write access for all hosts? or you have to specify the host you want to be able to access the NFS export.

Magnus

Highlighted

Re: Need help to access a CIFS share in Unix

Highlighted

Re: Need help to access a CIFS share in Unix

Did you say the following path is the volume: /vol/nasvol01  ?

Do you have a Qtree in that path? or where is it?

Magnu

Highlighted

Re: Need help to access a CIFS share in Unix

Yes Qtree is there & the volume where the Qtree resides is nasvol01

Highlighted

Re: Need help to access a CIFS share in Unix

What is the name of the Qtree?

I had a similar problem and I could not either access the volume, however when I changed the mount path to include the Qtree, everything worked.

Maybe that could help or maybe that is how it is setup already?

So the new NFS mount would be: /vol/nasvol01/'QtreeName'/

Magnus

Highlighted

Re: Need help to access a CIFS share in Unix

nasvol01 is the name of the Qtree.

It is already mounted with the Qtree name

nas1ft01:/vol/nasvol01
                   633339904 411197072 222142832   65% /nas/nas1ft01/cbmsharet01

The fstab file has the following entry on the Unix server -

nas1ft01:/vol/nasvol01 /nas/nas1ft01/cbmsharet01 nfs rw,hard 0 0

Highlighted

Re: Need help to access a CIFS share in Unix

The only other thing I can think about is to click the Export All button from NFS-Manage in FilerView, in case you have made a change to the configuration.

Magnus

Highlighted

Re: Need help to access a CIFS share in Unix


I did a export all but that too didnt work.

Do you think anythins is wrong with the mapping that is done in the usermap.cfg file

administrator == root

nascorp\_NASVOLsrv == root

nascorp\administrator == root

The share is accessible on windows server using the domain account "_NASVOLsrv"

This same account is mapped to root.

Do you thin anything is wrong over here.

Thanks.

Highlighted

Re: Need help to access a CIFS share in Unix

The Qtree style is mixed, so that the share can be mounted on both Unix & Windows.

Highlighted

Re: Need help to access a CIFS share in Unix

That is a big misconception.  Unix and NTFS style qtrees can be mounted by any protocol.  The security style determines which protocol can change permissions on files, which is different from mounting.

Highlighted

Re: Need help to access a CIFS share in Unix

If you think you have a mapping issue, you can use the wcc command to see how your user is being mapped.  In this case, you are looking root could be mapped to a couple of users.

So I would check the folllowing command:

netapp> wcc -u root

And see the mapping.  Then I would go in under CIFS (which I think is working, right?) and see what the local NTFS ACL is on that directory where you are getting permission denied.

That may tell an interesting story.

Highlighted

Re: Need help to access a CIFS share in Unix

Mixed mode security style works a bit different. At any given point the effective security style could be either UNIX or NTFS. Run the following command on the filer console to see the effective permissions and make sure that the user has the required access.

“fsecurity show ”

Srinivas

Highlighted

Re: Need help to access a CIFS share in Unix

nas1ft01*> wcc -u root
Thu Jun 17 07:13:41 EDT [nas1ft01: auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: LSA lookup: Located account "nascorp\administrator" in domain "nascorp"..
(NT - UNIX) account name(s):  (nascorp\administrator - root)
        ***************
        UNIX uid = 0
        user is a member of group daemon (1)
        user is a member of group daemon (1)

        NT membership
                nascorp\administrator
                nascorp\Domain Users
                nascorp\CERTSVC_DCOM_ACCESS
                BUILTIN\Administrators
                BUILTIN\Users
        User is also a member of Everyone, Network Users,
        Authenticated Users
        ***************
nas1ft01*> cifs shares
Name         Mount Point                       Description
----         -----------                       -----------
nassharet01  /vol/nasvol01
                        nas1ft01\cbm / Full Control
                        S-1-5-21-1500466018-1955613541-1209563102-131076 / Full Control
                        nas1ft01\_CBMNASsrv / Full Control
                        nascorp\_CBMNASsrv / Full Control
                        nascorp\administrator / Full Control
nas1ft01*>

nh1ns1t01*> fsecurity show /vol/nasvol01
[/vol/nasvol01 - Directory (inum 64)]
  Security style: NTFS
  Effective style: NTFS

  DOS attributes: 0x0030 (---AD---)

  Unix security:
    uid: 0 (root)
    gid: 0 (daemon)
    mode: 0777 (rwxrwxrwx)

  NTFS security descriptor:
    Owner: BUILTIN\Administrators
    Group: BUILTIN\Administrators
    DACL:
      Allow - nascorp\_CBMNASsrv - 0x001301bf (Modify) - OI|CI
      Allow - nascorp\Domain Admins - 0x001f01ff (Full Control) - OI|CI
      Allow - DEVCORP\G_NAS_CBM_RO_FPDEV - 0x001200a9 (Read and Execute) - OI|CI
      Allow - DEVCORP\G_NAS_CBM_RW_FPDEV - 0x001301bf (Modify) - OI|CI
      Allow - nascorp\NAS_ADMIN - 0x001f01ff (Full Control) - OI|CI
      Allow - nascorp\NAS_CBM_RO - 0x001200a9 (Read and Execute) - OI|CI
      Allow - nascorp\NAS_CBM_RW - 0x001301bf (Modify) - OI|CI
      Allow - nascorp\root - 0x001301bf (Modify) - OI|CI
      Allow - DEVCORP\wrolson - 0x001301bf (Modify) - OI|CI

I am able to cd to the share, but when I do an ll, I get unreadable.

# cd /nas/nas1ft01/cbmsharet01
# ll
. unreadable
total 8

Check out the KB!
NetApp Insights To Action
All Community Forums