IHAC created a NFS qtree with security set to 'UNIX', and only create a group of users in NFS that can access this qtree. However, when this qtree is mapped to a CIFS client, the filers local administrators have the full control on it. Is this the correct behaviour? How can we prevent the filers' admin accessing this NFS qtree?
The filer's administrator are the AD domain users.
This is probably due to the option wafl.nt_admin_priv_map_to_root being set to on (which is the default). Setting this to off should stop this. It's on by default because Windows Admins expect to be able to act like an admin everywhere. But if you set this to off, the effect you are seeing should go away.