Network Storage Protocols Discussions

Problem with mounting a NFS-Share

SCHLEGELM

Hello,

i'm trying to mount a NFS-Export from a Linux-PC and ran into some Problems.

First some info about what i'm trying to do:

I've got a folder which should be shared between Windows and Linux Users. This folder is a simple folder inside a NTFS-security-styled volume and it works perfectly for all Windows-clients.

On the Linux-side, everytime i try to access this folder with anyone except root, permission is denied.

exportfs:

/vol/vol_data/folder -sec=sys,rw=172.30.1.40,root=172.30.1.40

usermap.cfg:

DOMAIN\Administrator <= 172.30.1.40:*

In my understanding this means that the IP 172.30.1.50 is fully trusted and every Unix-User coming from this IP is mapped to the Domain-Administrator. Well, it works for the root-Account, but not for any other user:

[root@linux mnt]# mount -t nfs netapp:/vol/vol_data/folder /mnt/mountpoint

[root@linux mnt]# ls -la

drwxr-xr-x.  6 root root 4096 31. Jan 14:31 .

dr-xr-xr-x. 23 root root 4096 21. Feb 12:51 ..

drwxrwxrwx   3 root root 4096 21. Feb 13:57 mountpoint

[root@linux mnt]# ls -la mountpoint/

drwxrwxrwx   3 root root 4096 21. Feb 13:57 .

drwxr-xr-x.  6 root root 4096 31. Jan 14:31 ..

drwxrwxrwx  12 root root 4096 21. Feb 14:00 .snapshot

[root@linux mnt]# su user

[user@linux mnt]# ls -la mountpoint/

ls: failed to open dir: Permission denied

I'm pretty new to Netapp so i'm thankful for every help.

Markus

1 ACCEPTED SOLUTION

aborzenkov

For user mapping to work user must be known to NetApp. Meaning - either it has to be entered in local /etc/passwd or NetApp must be using network based user database (e.g. LDAP). root is usually present in /etc/passwd so it works. Any other user is likely missing so it fails.

For test you can add non-root user from your workstation to /etc/passwd on NetApp. Be sure to use the same UID.

View solution in original post

13 REPLIES 13

aborzenkov

For user mapping to work user must be known to NetApp. Meaning - either it has to be entered in local /etc/passwd or NetApp must be using network based user database (e.g. LDAP). root is usually present in /etc/passwd so it works. Any other user is likely missing so it fails.

For test you can add non-root user from your workstation to /etc/passwd on NetApp. Be sure to use the same UID.

View solution in original post

SCHLEGELM

thats it... thanks again

jeremypage

You can assign anonymous any UID you want in the NFS mount if you like. Although personally this scares me.

jeremypage

Try using wcc -u /wcc -s from the command line and see what it says for resolving the various users.

Chances are that it's not able to resolve the Unix usernames, the usermap.cfg

and just to be clear, is it 172.30.1.40 or 172.30.1.50 that is the client's IP?

Can you share the nsswitch.conf files from the filer & the Linux box?

SCHLEGELM

Sorry, the .50 was just a typo... i simplified the config to make it easier to understand what i'm trying to say.

i guess you are both right, the filer can't resolve the unix username ('user' in this case), wcc -u user shows that ther is no passwd entry.

i thought this is 'fixed' by the usermap.cfg because this 'user' is simply a local user on the client and not known to any directory service.

i will try the aborzenkovs solution, thanks for your help!

AGUMADAVALLI

Hi there,

Avoid the mixed mode and use the ntfs and mount as smb, it works like a charm.

thank you,

AK G

Any reason why he should be mounting a NFS share with smb which is basically to mount the cifs? Just curious!

Regards

Ganesh.

ganeshpalanisamy

Hi SCHLEGELM

I am not so sure about few things that you were trying...

As you have said you have problem mounting an *NFS* share on a *nix machine i would assume its based on complete NFS options and not cifs. usermap.cfg is for cifs if you ask me. And NFS doesn't get attached to any domain at all(unless you use nfs4) and it uses ip based authentication unlike cifs which is user based authentication were domain come in to picture.

If I can let you suggest here would be my suggestion:

1) To fix the current issue

What is the export option for the volume "/vol/vol_data/"

if it has anything apart from the one that you have for "/vol/vol_data/folder -sec=sys,rw=172.30.1.40,root=172.30.1.40" then add this network as well.

2) Create a new qtree "qtree create /vol/vol_data/folder"

Change the qtree security to unix and try to export it again and mount on the machine and check.

Ganesh

HENRYPAN2

SCHLEGELM,

You may wish to change the security style from NTFS to mixed.

Good luck

Henry

SCHLEGELM

Thanks for your reply but unfortunately it did not work (same result)

Markus

HENRYPAN2

SCHLEGELM,

You may wish to add root access permission to the volume.

Good luck

Henry

SCHLEGELM

Sorry, but what kind of root access permissions?

The nfs-export has root-permission and the volume has read-write-access for everyone. I also tried switching cifs.nfs_root_ignore_acl to on but that didn't help.

HENRYPAN2

SCHLEGELM,

You may use  System Manager to add root access to the volume or check the syntax for using the CLI.

Good luck

Henry

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public