Has the filer administrator the rights to acess the NFS qtree through the CIFS client

tatlee · ‎2009-08-02

IHAC created a NFS qtree with security set to 'UNIX', and only create a group of users in NFS that can access this qtree. However, when this qtree is mapped to a CIFS client, the filers local administrators have the full control on it. Is this the correct behaviour? How can we prevent the filers' admin accessing this NFS qtree?

The filer's administrator are the AD domain users.

Regards,

Terrence

adamfox · ‎2009-08-03

This is probably due to the option wafl.nt_admin_priv_map_to_root being set to on (which is the default). Setting this to off should stop this. It's on by default because Windows Admins expect to be able to act like an admin everywhere. But if you set this to off, the effect you are seeing should go away.

tatlee · ‎2009-08-03

Adam,

Thanks. Will try it out.

Regards,

Terrence Lee

NetApp Global Services

NetApp

852.3605.7700 Main

852.9181.8824 Mobile Phone

terrence.lee@netapp.com

Learn how: netapp.com/guarantee

radek_kubka · ‎2009-08-04

This is probably due to the option wafl.nt_admin_priv_map_to_root being set to on (which is the default).

This won't help I am afraid - unless something changed since the issue has been thoroughly discussed over here:

http://communities.netapp.com/thread/4163

Regards,

Radek

tatlee · ‎2009-08-04

Radek,

Thanks.

Regards,

Terrence Lee

NetApp Global Services

NetApp

852.3605.7700 Main

852.9181.8824 Mobile Phone

terrence.lee@netapp.com

Learn how: netapp.com/guarantee