Network and Storage Protocols

Give a Windows machine account access to a NFS Share

XTREMETMINTNER
9,283 Views

Hello,

I have a Netapp NAS running 8.2.  I have a NFS share created and I need to grant a Windows computer account root permissions to the NFS share.  I have added the mapping of the account as Domain\Computername$ to the root account but that does not seem to work.  Is there anything else I need to configure?

Thanks!
Tim

7 REPLIES 7

kodavali
9,283 Views

Can you explain the scenario little more detailed? why do you want to add the computer account access to the NFS export?

Please provide following information

1. volume/qtree security style of the NFS export

2. name mapping configuration

3. How does the access works? is that the windows sytem account which is trying to access the NFS export or any application running in system account is accessing the NFS export?

billshaffer
9,283 Views

You can't map a windows computer to a unix account, only windows users.  So your usermap.cfg entry should be something like:

Domain\username => root

This assumes security style of unix for the volume.  If the security style is NTFS, then you don't have to mess with the mapping; the windows user just needs to be a member of an AD or local group that has access.

Bill

XTREMETMINTNER
9,283 Views

Thanks.  That is what I was seeing.  Is there a specific reason why you cannot map a computer account?  Domain computer accounts can authenticate just like users to a share.  It is a mixed mode share and the computer account can create folders just fine, it just can't see any of the Unix style files and access the folders in that NFS export.

MYNETAPP_
9,283 Views

https://communities.netapp.com/thread/25252 it works 100% sure, we have is set up at a universcity and many other clients. but the configuration could have to do with ldap services. this is a shot in the past though.

XTREMETMINTNER
9,283 Views

Thanks.  I will give that a try

billshaffer
9,283 Views

Mixed mode shares should be avoided unless you really really really need the permissions to fluxuate between NTFS and unix.  It usually causes more issues that it solves.

A point of distinction - it is not the computer account creating folders in the share.  It is the user account using that computer.  If the top level directory has NTFS permissions, then that user has access via whatever NTFS users/groups have access.  If the top level directory has unix permissions, then the windows user either maps to a unix user with permissions (remember that same-name windows to unix mapping is automatic), or the directory is world writeable.  The same goes for the stuff the windows user can't access, only in reverse...

What is your unix authentication?  local, NIS, LDAP?

Bill

XTREMETMINTNER
9,283 Views

The unix authentication is local right now.  I could try to set up LDAP authentication.

Public