NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

Network and Storage Protocols

file owner 'nobody' on NFS mounted share with NTFS Security

AlexeyF
6,478 Views

File created under Windows on CIFS share is seen as nobody when I mount it via NFS v4.0

when I create file under Linux, it's seen correctly as user

 

mapping is created

 

CLUSTER01::*> vserver name-mapping show -vserver SVM

Vserver: SVM
Direction: win-unix
Position Hostname IP Address/Mask
-------- ---------------- ----------------
5 - - Pattern: domain\\alexey.f
Replacement: user

Vserver: SVM
Direction: unix-win
Position Hostname IP Address/Mask
-------- ---------------- ----------------
1 - - Pattern: user
Replacement: domain\\alexey.f

2 entries were displayed.

 

user as well

 

CLUSTER01::*> vserver services unix-user show -vserver SVM
User User Group Full
Vserver Name ID ID Name
-------------- --------------- ------ ------ --------------------------------
SVM ftp 65533 65533 FTP Anonymous
SVM nobody 65535 65535
SVM pcuser 65534 65534
SVM root 0 1
SVM user 33333 33333
5 entries were displayed.

 

 

But I see the owner on ONTAP is 65534 - > pcuser (or shouldn't I pay attention on id at this stage?)

 

CLUSTER01::*> vserver security file-directory show -vserver SVM -path /vol_1/qtree1/888.txt

Vserver: SVM
File Path: /vol_1/qtree1/INPUT-RDD/888.txt
File Inode Number: 20267
Security Style: ntfs
Effective Style: ntfs
DOS Attributes: 20
DOS Attributes in Text: ---A----
Expanded Dos Attributes: -
UNIX User Id: 65534
UNIX Group Id: 65534
UNIX Mode Bits: 777
UNIX Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0x8404
Owner:domain\alexey.f

 

When I check mapping everything is correct:

 

CLUSTER01::*> vserver services access-check name-mapping show -node node001 -vserver SVM -direction win-unix -name domain\alexey.f

ATTENTION: Mapping of Data ONTAP "admin" users to UNIX user "root" is enabled, but the following information does not reflect this mapping.

'domain\alexey.f' maps to 'user'

 

- in ns switch files are used as primary source on NetApp and on the Client

- v4-id-domain match hostname -d output on the client

 

What else have I missed?

 

1 ACCEPTED SOLUTION

AlexeyF
6,436 Views

Hi 

Actually, everything was configured correctly. It was just the test that was not properly done by the user.

 

NB: This topic has disappeared at some stage (because of spam filter) so I could not update it.

 

View solution in original post

2 REPLIES 2

Mjizzini
6,447 Views

Please run the below command to check the results of the CIFS to Unix user-mapping. 

::*> diag secd authentication show-creds -node node-name -vserver vserver-name -win-name domain\username

 

AlexeyF
6,437 Views

Hi 

Actually, everything was configured correctly. It was just the test that was not properly done by the user.

 

NB: This topic has disappeared at some stage (because of spam filter) so I could not update it.

 

Public