Solved: Problem with mounting a NFS-Share

SCHLEGELM · ‎2012-02-21

Hello,

i'm trying to mount a NFS-Export from a Linux-PC and ran into some Problems.

First some info about what i'm trying to do:

I've got a folder which should be shared between Windows and Linux Users. This folder is a simple folder inside a NTFS-security-styled volume and it works perfectly for all Windows-clients.

On the Linux-side, everytime i try to access this folder with anyone except root, permission is denied.

exportfs:

/vol/vol_data/folder -sec=sys,rw=172.30.1.40,root=172.30.1.40

usermap.cfg:

DOMAIN\Administrator <= 172.30.1.40:*

In my understanding this means that the IP 172.30.1.50 is fully trusted and every Unix-User coming from this IP is mapped to the Domain-Administrator. Well, it works for the root-Account, but not for any other user:

[root@linux mnt]# mount -t nfs netapp:/vol/vol_data/folder /mnt/mountpoint

[root@linux mnt]# ls -la

drwxr-xr-x. 6 root root 4096 31. Jan 14:31 .

dr-xr-xr-x. 23 root root 4096 21. Feb 12:51 ..

drwxrwxrwx 3 root root 4096 21. Feb 13:57 mountpoint

[root@linux mnt]# ls -la mountpoint/

drwxrwxrwx 3 root root 4096 21. Feb 13:57 .

drwxr-xr-x. 6 root root 4096 31. Jan 14:31 ..

drwxrwxrwx 12 root root 4096 21. Feb 14:00 .snapshot

[root@linux mnt]# su user

[user@linux mnt]# ls -la mountpoint/

ls: failed to open dir: Permission denied

I'm pretty new to Netapp so i'm thankful for every help.

Markus

aborzenkov · ‎2012-02-21

For user mapping to work user must be known to NetApp. Meaning - either it has to be entered in local /etc/passwd or NetApp must be using network based user database (e.g. LDAP). root is usually present in /etc/passwd so it works. Any other user is likely missing so it fails.

For test you can add non-root user from your workstation to /etc/passwd on NetApp. Be sure to use the same UID.

View solution in original post

HENRYPAN2 · ‎2012-02-21

SCHLEGELM,

You may wish to change the security style from NTFS to mixed.

Good luck

Henry

SCHLEGELM · ‎2012-02-21

Thanks for your reply but unfortunately it did not work (same result)

Markus

HENRYPAN2 · ‎2012-02-21

SCHLEGELM,

You may wish to add root access permission to the volume.

Good luck

Henry

SCHLEGELM · ‎2012-02-21

Sorry, but what kind of root access permissions?

The nfs-export has root-permission and the volume has read-write-access for everyone. I also tried switching cifs.nfs_root_ignore_acl to on but that didn't help.

HENRYPAN2 · ‎2012-02-21

SCHLEGELM,

You may use System Manager to add root access to the volume or check the syntax for using the CLI.

Good luck

Henry

ganeshpalanisamy · ‎2012-02-21

Hi SCHLEGELM

I am not so sure about few things that you were trying...

As you have said you have problem mounting an *NFS* share on a *nix machine i would assume its based on complete NFS options and not cifs. usermap.cfg is for cifs if you ask me. And NFS doesn't get attached to any domain at all(unless you use nfs4) and it uses ip based authentication unlike cifs which is user based authentication were domain come in to picture.

If I can let you suggest here would be my suggestion:

1) To fix the current issue

What is the export option for the volume "/vol/vol_data/"

if it has anything apart from the one that you have for "/vol/vol_data/folder -sec=sys,rw=172.30.1.40,root=172.30.1.40" then add this network as well.

2) Create a new qtree "qtree create /vol/vol_data/folder"

Change the qtree security to unix and try to export it again and mount on the machine and check.

Ganesh

AGUMADAVALLI · ‎2012-02-21

Hi there,

Avoid the mixed mode and use the ntfs and mount as smb, it works like a charm.

thank you,

AK G

ganeshpalanisamy · ‎2012-02-21

Any reason why he should be mounting a NFS share with smb which is basically to mount the cifs? Just curious!

Regards

Ganesh.

aborzenkov · ‎2012-02-21

For user mapping to work user must be known to NetApp. Meaning - either it has to be entered in local /etc/passwd or NetApp must be using network based user database (e.g. LDAP). root is usually present in /etc/passwd so it works. Any other user is likely missing so it fails.

For test you can add non-root user from your workstation to /etc/passwd on NetApp. Be sure to use the same UID.

jeremypage · ‎2012-02-21

Try using wcc -u /wcc -s from the command line and see what it says for resolving the various users.

Chances are that it's not able to resolve the Unix usernames, the usermap.cfg

and just to be clear, is it 172.30.1.40 or 172.30.1.50 that is the client's IP?

Can you share the nsswitch.conf files from the filer & the Linux box?

SCHLEGELM · ‎2012-02-21

Sorry, the .50 was just a typo... i simplified the config to make it easier to understand what i'm trying to say.

i guess you are both right, the filer can't resolve the unix username ('user' in this case), wcc -u user shows that ther is no passwd entry.

i thought this is 'fixed' by the usermap.cfg because this 'user' is simply a local user on the client and not known to any directory service.

i will try the aborzenkovs solution, thanks for your help!

SCHLEGELM · ‎2012-02-21

thats it... thanks again

jeremypage · ‎2012-02-22

You can assign anonymous any UID you want in the NFS mount if you like. Although personally this scares me.