Network and Storage Protocols

CIFS multi protocol

nsitps1976
6,966 Views

I have a system configured for multi protocol CIFS. A windows user coming from a windows client accessing an ntfs style qtree via a cifs share is being mapped to a unix user (and failing as I have not setup usermap.cfg / passwd etc etc), is this correct? My understanding was a mapping would only take place if the qtree was of unix security with unix perms. 

1 ACCEPTED SOLUTION

aborzenkov
6,966 Views

Yes, NetApp still performs user mapping and it must succeed (i.e. – valid Unix user name must be found). By default, wafl.default_unix_user is set to “pcuser” and “pcuser” exists in /etc/passwd by default. So mapping succeeds. It does not actually matter, which user CIFS user is mapped to, because this user is not used for any permissions checking.

Verify that wafl.default_unix_user is set and user it is set to exists /etc/passwd and /etc/passwd is used for user name resolution.

View solution in original post

5 REPLIES 5

S_EFTEKHARI
6,966 Views

Make this option is set to "on". This should be configured at the Filer level. Also make sure you have right qtree security configured on the volume where you are doing your cifs shares.

options cifs.ntfs_ignore_unix_security_ops on

Enable this option do a cifs terminate and cifs restart and give it another try.

aborzenkov
6,966 Views

Hmm … this option actually applies to NFS client, accessing NTFS qtree, not to CIFS users accessing NTFS qtree. I wonder, whether setting it changes anything.

nsitps1976
6,966 Views

Just out of curiosity I did try this, without success.

 

aborzenkov
6,967 Views

Yes, NetApp still performs user mapping and it must succeed (i.e. – valid Unix user name must be found). By default, wafl.default_unix_user is set to “pcuser” and “pcuser” exists in /etc/passwd by default. So mapping succeeds. It does not actually matter, which user CIFS user is mapped to, because this user is not used for any permissions checking.

Verify that wafl.default_unix_user is set and user it is set to exists /etc/passwd and /etc/passwd is used for user name resolution.

nsitps1976
6,966 Views

Thanks for this - All sorted now.

Public