Network and Storage Protocols

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network and Storage Protocols

Ask a Question

NFS mount of NTFS security qtree works from one host but not from another

AlexeyF
‎2021-12-17 02:31 PM
2,389 Views

Hi

Usual situation: need a qtree to be accessed by widows and linux host.

 

What was done:

- ntfs security style volume and qtree

- unix to windows mapping for just one user: linuxuser

- export policies on all levels

 

On host1 I can't mount  the qtree directly, but can mount the volume as root using nfs4.0 and then cd to qtree, read the content and write inside as the linuxuser who is mapped to the Domain\\windowsuser.

 

On host2 I can mount this qtree  as root using nfs3, but can't access it as linuxuser: Access denied when cd.

I also can mount the volume in nfs4.0 but can't access qtree as linuxuser: Access denied.

 

No errors in ems log. (when I try to access qtree as root I see errors that mapping is failed etc ), so I guess it's not mapping issue 

 

Followed this Troubleshooting guide Troubleshooting Access Denied or Mount Hung from NFS client for clustered Data ONTAP - NetApp Knowledge Base, didn't help, everything looks fine according to it.

export-policy check-access  OK

- secd authentication show-creds and vserver security file-directory show   OK

 

How could I find what is different between these two hosts?

 

Thanks

 

0 Kudos
1 ACCEPTED SOLUTION

AlexeyF
‎2021-12-20 05:03 AM
2,277 Views

We've found the source of the problem. It was because of file access lists that were set on the /application folder that didn't permit to read the content of the directory.

getfacl /mnt

# file: mnt
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

 

getfacl /application

# file: application
# owner: root
# group: root
user::rwx
group::---
other::---

View solution in original post

0 Kudos
2 REPLIES 2

AlexeyF
‎2021-12-20 01:13 AM
2,287 Views

What I've found out that when I mount the NetApp share to /mnt/test I can read the content of the directory.

When I mount the share to /application/destination I get permission denied when accessing the directory.

Any ideas please?

 

0 Kudos

AlexeyF
‎2021-12-20 05:03 AM
2,278 Views

We've found the source of the problem. It was because of file access lists that were set on the /application folder that didn't permit to read the content of the directory.

getfacl /mnt

# file: mnt
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

 

getfacl /application

# file: application
# owner: root
# group: root
user::rwx
group::---
other::---

0 Kudos
All Community Forums
Public