Network and Storage Protocols

file owner 'nobody' on NFS mounted share with NTFS Security

AlexeyF
1,026 Views

File created under Windows on CIFS share is seen as nobody when I mount it via NFS v4.0

when I create file under Linux, it's seen correctly as user

 

mapping is created

 

CLUSTER01::*> vserver name-mapping show -vserver SVM

Vserver: SVM
Direction: win-unix
Position Hostname IP Address/Mask
-------- ---------------- ----------------
5 - - Pattern: domain\\alexey.f
Replacement: user

Vserver: SVM
Direction: unix-win
Position Hostname IP Address/Mask
-------- ---------------- ----------------
1 - - Pattern: user
Replacement: domain\\alexey.f

2 entries were displayed.

 

user as well

 

CLUSTER01::*> vserver services unix-user show -vserver SVM
User User Group Full
Vserver Name ID ID Name
-------------- --------------- ------ ------ --------------------------------
SVM ftp 65533 65533 FTP Anonymous
SVM nobody 65535 65535
SVM pcuser 65534 65534
SVM root 0 1
SVM user 33333 33333
5 entries were displayed.

 

 

But I see the owner on ONTAP is 65534 - > pcuser (or shouldn't I pay attention on id at this stage?)

 

CLUSTER01::*> vserver security file-directory show -vserver SVM -path /vol_1/qtree1/888.txt

Vserver: SVM
File Path: /vol_1/qtree1/INPUT-RDD/888.txt
File Inode Number: 20267
Security Style: ntfs
Effective Style: ntfs
DOS Attributes: 20
DOS Attributes in Text: ---A----
Expanded Dos Attributes: -
UNIX User Id: 65534
UNIX Group Id: 65534
UNIX Mode Bits: 777
UNIX Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0x8404
Owner:domain\alexey.f

 

When I check mapping everything is correct:

 

CLUSTER01::*> vserver services access-check name-mapping show -node node001 -vserver SVM -direction win-unix -name domain\alexey.f

ATTENTION: Mapping of Data ONTAP "admin" users to UNIX user "root" is enabled, but the following information does not reflect this mapping.

'domain\alexey.f' maps to 'user'

 

- in ns switch files are used as primary source on NetApp and on the Client

- v4-id-domain match hostname -d output on the client

 

What else have I missed?

 

1 ACCEPTED SOLUTION

AlexeyF
984 Views

Hi 

Actually, everything was configured correctly. It was just the test that was not properly done by the user.

 

NB: This topic has disappeared at some stage (because of spam filter) so I could not update it.

 

View solution in original post

2 REPLIES 2

Mjizzini
995 Views

Please run the below command to check the results of the CIFS to Unix user-mapping. 

::*> diag secd authentication show-creds -node node-name -vserver vserver-name -win-name domain\username

 

AlexeyF
985 Views

Hi 

Actually, everything was configured correctly. It was just the test that was not properly done by the user.

 

NB: This topic has disappeared at some stage (because of spam filter) so I could not update it.

 

Public