Network and Storage Protocols

NFS Access denied on NTFS security volume

VENKATA04
4,346 Views

Wondering if anyone could help please...

Problem Description :

Unix client is having issues  trying to access NTFS security style qtree

/vol/VJ_Groupdata/qtree_schedules = NTFS security style (not mixed)

above path is exported allowing  rw='unx06.uk.company1.com'

also Cifs shared as 'schedules'

NetApp Filer is 'apfiler01.vj.company1.com'

ONTAP version 8.1.1

AIX client is   'unx06.uk.company1.com'

AIX  3 5 00C128DF4C00

Local IBM AIX  user  is called shibmfg and NTFS domain user is uk\shibmfg

I logged into windows 7 box as uk\shibmfg and tried accessing CIFS share \\ 'apfiler01.vj.company1.com'\'schedules', I was able to RWM.

User Mapping setup

usermap.cfg entry

uk\shibmfg <= shibmfg

\etc\Passwd

Passd line for unix user shibmfg copied from /etc/passwd in unix

Mounting

1)

/vol/VJ_Groupdata/qtree_schedules is mounted using nfsv3 to client  'unx06.uk.company1.com'

Any listing(ls, ls -l, ls -a, ls -ltr etc.) operation, cd, mkdir etc fails.

We get permission denied message.

I added user to local administrators group but it still gives me permissions denies when performing any operation on the mount point as AIX user shibmfg.

useradmin domainuser add uk\shibmfg -g administrators

wcc -s shibmfg

(NT - UNIX) account name(s):  (UK\shibmfg - shibmfg)

        ***************

        UNIX uid = 66362

        user is a member of group daemon (1)

        user is a member of group daemon (1)

wcc -u shibmfg

(NT - UNIX) account name(s):  (UK\shibmfg - shibmfg)

        ***************

        UNIX uid = 66362

        user is a member of group daemon (1)

        user is a member of group daemon (1)

2) 

/vol/VJ_Groupdata/qtree_schedules is mounted using nfsv2 to client  'unx06.uk.company1.com'

RWM successful

I now  removed user from local administrators  same problem again

useradmin domainuser delete uk\shibmfg -g administrators

So I ended up making 2 changes, first is to mount using nfs v2 and the second is to add ntfs user to local administrators on the filer.

Note: I tested uk\shibmfg  permissions on 'schedules' without adding him in local admins, I was able to rwm

Would appreciate your help if Any one could put me in the correct direction please

2 REPLIES 2

aborzenkov
4,346 Views

Did you paste actual computer output? Wcc does not show any Windows SID information; it cannot work this way.

VENKATA04
4,346 Views

Yes, I have pasted output from the filer.

Filer is on Ontap 8.1.1 7-mode

I am not sure what changes I can make to fix this issue

NFS v2 works ok on AIX client

wcc -s uk\shibmfg -vvv

(NT - UNIX) account name(s):  (UK\shibmfg - shibmfg)

        ***************

        UNIX uid = 66362

        user is a member of group daemon (1)

        user is a member of group daemon (1)

        NT membership

                UK\shibmfg

                   (S-1-5-21-2981854497-1309751324-3990815460-66680)

                UK\U2_U2STANDARDWORK_R_L

                   (S-1-5-21-547238872-1490489293-2087665911-7401)

Public