Network and Storage Protocols

Need help to access a CIFS share in Unix



I need help with accessing a CIFS share on an Unix server. This share is mixed style in qtree.

The share is accessible from windows server through a specific account "_NASVOLsrv".

This account is mapped to root unix account in the usermap.cfg file. I am able to mount this share but when I try to access this share I get permission denied.

The windows name for the share is nassharet01 while Unix name is /vol/nasvol01.

#cifs access

nassharet01      /vol/nasvol01
                        nascorp\_NASVOLsrv / Full Control
                        nascorp\administrator / Full Control

Usermap.cfg file  have the following entries -

administrator == root

nascorp\_NASVOLsrv == root

nascorp\administrator == root

                   633339904 411197072 222142832   65% /nas/nas1ft01/cbmsharet01

# cd /nas/nas1ft01/cbmsharet01
ksh: /nas/nas1ft01/cbmsharet01: permission denied

Any inputs provided for this issue will be greatly appreicated.




I am not sure but I think you need to mount the same path in both CIFS and NFS.

CIFS is only for Windows and if you need a mount point in Linux you need to use NFS.

So I believe the answer is that you should just mount the same CIFS shared path with NFS as well.



Thanks, the share is also setup in NFS.


Did you configure the NFS export to have read-write access for all hosts? or you have to specify the host you want to be able to access the NFS export.



In NFS it is configured as below -

Anonymous  User ID=0
Read-Write Access (All Hosts)
Root Access  (bg1d0d01)
Security (sys)


Did you say the following path is the volume: /vol/nasvol01  ?

Do you have a Qtree in that path? or where is it?



Yes Qtree is there & the volume where the Qtree resides is nasvol01


What is the name of the Qtree?

I had a similar problem and I could not either access the volume, however when I changed the mount path to include the Qtree, everything worked.

Maybe that could help or maybe that is how it is setup already?

So the new NFS mount would be: /vol/nasvol01/'QtreeName'/



nasvol01 is the name of the Qtree.

It is already mounted with the Qtree name

                   633339904 411197072 222142832   65% /nas/nas1ft01/cbmsharet01

The fstab file has the following entry on the Unix server -

nas1ft01:/vol/nasvol01 /nas/nas1ft01/cbmsharet01 nfs rw,hard 0 0


The only other thing I can think about is to click the Export All button from NFS-Manage in FilerView, in case you have made a change to the configuration.



I did a export all but that too didnt work.

Do you think anythins is wrong with the mapping that is done in the usermap.cfg file

administrator == root

nascorp\_NASVOLsrv == root

nascorp\administrator == root

The share is accessible on windows server using the domain account "_NASVOLsrv"

This same account is mapped to root.

Do you thin anything is wrong over here.



The Qtree style is mixed, so that the share can be mounted on both Unix & Windows.


That is a big misconception.  Unix and NTFS style qtrees can be mounted by any protocol.  The security style determines which protocol can change permissions on files, which is different from mounting.


If you think you have a mapping issue, you can use the wcc command to see how your user is being mapped.  In this case, you are looking root could be mapped to a couple of users.

So I would check the folllowing command:

netapp> wcc -u root

And see the mapping.  Then I would go in under CIFS (which I think is working, right?) and see what the local NTFS ACL is on that directory where you are getting permission denied.

That may tell an interesting story.


Mixed mode security style works a bit different. At any given point the effective security style could be either UNIX or NTFS. Run the following command on the filer console to see the effective permissions and make sure that the user has the required access.

“fsecurity show ”



nas1ft01*> wcc -u root
Thu Jun 17 07:13:41 EDT [nas1ft01: auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: LSA lookup: Located account "nascorp\administrator" in domain "nascorp"..
(NT - UNIX) account name(s):  (nascorp\administrator - root)
        UNIX uid = 0
        user is a member of group daemon (1)
        user is a member of group daemon (1)

        NT membership
                nascorp\Domain Users
        User is also a member of Everyone, Network Users,
        Authenticated Users
nas1ft01*> cifs shares
Name         Mount Point                       Description
----         -----------                       -----------
nassharet01  /vol/nasvol01
                        nas1ft01\cbm / Full Control
                        S-1-5-21-1500466018-1955613541-1209563102-131076 / Full Control
                        nas1ft01\_CBMNASsrv / Full Control
                        nascorp\_CBMNASsrv / Full Control
                        nascorp\administrator / Full Control

nh1ns1t01*> fsecurity show /vol/nasvol01
[/vol/nasvol01 - Directory (inum 64)]
  Security style: NTFS
  Effective style: NTFS

  DOS attributes: 0x0030 (---AD---)

  Unix security:
    uid: 0 (root)
    gid: 0 (daemon)
    mode: 0777 (rwxrwxrwx)

  NTFS security descriptor:
    Owner: BUILTIN\Administrators
    Group: BUILTIN\Administrators
      Allow - nascorp\_CBMNASsrv - 0x001301bf (Modify) - OI|CI
      Allow - nascorp\Domain Admins - 0x001f01ff (Full Control) - OI|CI
      Allow - DEVCORP\G_NAS_CBM_RO_FPDEV - 0x001200a9 (Read and Execute) - OI|CI
      Allow - DEVCORP\G_NAS_CBM_RW_FPDEV - 0x001301bf (Modify) - OI|CI
      Allow - nascorp\NAS_ADMIN - 0x001f01ff (Full Control) - OI|CI
      Allow - nascorp\NAS_CBM_RO - 0x001200a9 (Read and Execute) - OI|CI
      Allow - nascorp\NAS_CBM_RW - 0x001301bf (Modify) - OI|CI
      Allow - nascorp\root - 0x001301bf (Modify) - OI|CI
      Allow - DEVCORP\wrolson - 0x001301bf (Modify) - OI|CI

I am able to cd to the share, but when I do an ll, I get unreadable.

# cd /nas/nas1ft01/cbmsharet01
# ll
. unreadable
total 8


And if I do an fsecurity show for dirs inside the share I get different owners than that on the volume

NTFS security descriptor:
    Owner: DEVCORP\wrolson
    Group: DEVCORP\Domain Users


According to output provided, neither of Windows groups (and users) to which root is mapped has access to directory. So results are completely correct.


I also facing the same problem. unable to access cifs shares(ntfs qtree) from unix machine. NT user have full access to the shares and mapped that nt user with root. getting permission denied error.

some one please help here to solve this issue.