Thanks, the share is also setup in NFS.

Did you configure the NFS export to have read-write access for all hosts? or you have to specify the host you want to be able to access the NFS export.

Magnus

In NFS it is configured as below -

Did you say the following path is the volume: /vol/nasvol01  ?

Do you have a Qtree in that path? or where is it?

Magnu

Yes Qtree is there & the volume where the Qtree resides is nasvol01

What is the name of the Qtree?

I had a similar problem and I could not either access the volume, however when I changed the mount path to include the Qtree, everything worked.

Maybe that could help or maybe that is how it is setup already?

So the new NFS mount would be: /vol/nasvol01/'QtreeName'/

Magnus

nasvol01 is the name of the Qtree.

It is already mounted with the Qtree name

nas1ft01:/vol/nasvol01
                   633339904 411197072 222142832   65% /nas/nas1ft01/cbmsharet01

The fstab file has the following entry on the Unix server -

nas1ft01:/vol/nasvol01 /nas/nas1ft01/cbmsharet01 nfs rw,hard 0 0

The only other thing I can think about is to click the Export All button from NFS-Manage in FilerView, in case you have made a change to the configuration.

Magnus

I did a export all but that too didnt work.

Do you think anythins is wrong with the mapping that is done in the usermap.cfg file

administrator == root

nascorp\_NASVOLsrv == root

nascorp\administrator == root

The share is accessible on windows server using the domain account "_NASVOLsrv"

This same account is mapped to root.

Do you thin anything is wrong over here.

Thanks.

The Qtree style is mixed, so that the share can be mounted on both Unix & Windows.

That is a big misconception.  Unix and NTFS style qtrees can be mounted by any protocol.  The security style determines which protocol can change permissions on files, which is different from mounting.

If you think you have a mapping issue, you can use the wcc command to see how your user is being mapped.  In this case, you are looking root could be mapped to a couple of users.

So I would check the folllowing command:

netapp> wcc -u root

And see the mapping.  Then I would go in under CIFS (which I think is working, right?) and see what the local NTFS ACL is on that directory where you are getting permission denied.

That may tell an interesting story.

Mixed mode security style works a bit different. At any given point the effective security style could be either UNIX or NTFS. Run the following command on the filer console to see the effective permissions and make sure that the user has the required access.

“fsecurity show ”

Srinivas

nas1ft01*> wcc -u root
Thu Jun 17 07:13:41 EDT [nas1ft01: auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: LSA lookup: Located account "nascorp\administrator" in domain "nascorp"..
(NT - UNIX) account name(s):  (nascorp\administrator - root)
        ***************
        UNIX uid = 0
        user is a member of group daemon (1)
        user is a member of group daemon (1)

        NT membership
                nascorp\administrator
                nascorp\Domain Users
                nascorp\CERTSVC_DCOM_ACCESS
                BUILTIN\Administrators
                BUILTIN\Users
        User is also a member of Everyone, Network Users,
        Authenticated Users
        ***************
nas1ft01*> cifs shares
Name         Mount Point                       Description
----         -----------                       -----------
nassharet01  /vol/nasvol01
                        nas1ft01\cbm / Full Control
                        S-1-5-21-1500466018-1955613541-1209563102-131076 / Full Control
                        nas1ft01\_CBMNASsrv / Full Control
                        nascorp\_CBMNASsrv / Full Control
                        nascorp\administrator / Full Control
nas1ft01*>

nh1ns1t01*> fsecurity show /vol/nasvol01
[/vol/nasvol01 - Directory (inum 64)]
  Security style: NTFS
  Effective style: NTFS

  DOS attributes: 0x0030 (---AD---)

  Unix security:
    uid: 0 (root)
    gid: 0 (daemon)
    mode: 0777 (rwxrwxrwx)

  NTFS security descriptor:
    Owner: BUILTIN\Administrators
    Group: BUILTIN\Administrators
    DACL:
      Allow - nascorp\_CBMNASsrv - 0x001301bf (Modify) - OI|CI
      Allow - nascorp\Domain Admins - 0x001f01ff (Full Control) - OI|CI
      Allow - DEVCORP\G_NAS_CBM_RO_FPDEV - 0x001200a9 (Read and Execute) - OI|CI
      Allow - DEVCORP\G_NAS_CBM_RW_FPDEV - 0x001301bf (Modify) - OI|CI
      Allow - nascorp\NAS_ADMIN - 0x001f01ff (Full Control) - OI|CI
      Allow - nascorp\NAS_CBM_RO - 0x001200a9 (Read and Execute) - OI|CI
      Allow - nascorp\NAS_CBM_RW - 0x001301bf (Modify) - OI|CI
      Allow - nascorp\root - 0x001301bf (Modify) - OI|CI
      Allow - DEVCORP\wrolson - 0x001301bf (Modify) - OI|CI

I am able to cd to the share, but when I do an ll, I get unreadable.

# cd /nas/nas1ft01/cbmsharet01
# ll
. unreadable
total 8

And if I do an fsecurity show for dirs inside the share I get different owners than that on the volume

NTFS security descriptor:
    Owner: DEVCORP\wrolson
    Group: DEVCORP\Domain Users

According to output provided, neither of Windows groups (and users) to which root is mapped has access to directory. So results are completely correct.