Network and Storage Protocols

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network and Storage Protocols

Ask a Question

security and user mapping

AaronHolt
‎2015-07-28 03:20 AM
5,141 Views

Hi all,

Sorry if this is going to be an obvious answer but I’m having a few difficulties in understanding the permissions within clustered mode.

I’m just trying to clarify something with regards to security at volume level. If I set up vol1 with Unix style security (all permissions eg read/write and so on) and vol2 with NTFS security (again all permission), if I set up user mappings (windows to unix and unix to windows), essentially the security style doesn’t matter as my windows mapped account can still access vol1 (unix) and my unix account can still access vol2 (ntfs security)…

Is that correct?

Thanks
Aaron

0 Kudos
View By:
Tags (3)
1 ACCEPTED SOLUTION

richard_payne
‎2015-08-04 05:51 AM
In response to aborzenkov
4,923 Views

Yes, you're right and I should have spelled that out instead of making the assumtion. I shoud have really said something like - provided your AD username match up to your Unix usernames provided through NIS/LDAP etc...

 

--rdp

View solution in original post

4 REPLIES 4

richard_payne
‎2015-08-03 02:07 PM
5,007 Views

It is true that both systems will be able to access data on both volumes (assuming you have licenses for both protocols and both are configured) provided your user mapping is correct. Just keep in mind that the unix volume will always have unix permissions and the NTFS volume will have windows permissions setup. You can't add NT ACLs to the unix partition etc...

 

Note that by default the filer will map usernames that match on both systems so you only need usermap entries when they don't match.

 

--rdp

0 Kudos

aborzenkov
‎2015-08-03 10:26 PM
4,975 Views
It's not enough to have common names - filer also must be able to map Unix user name to Unix UID. That usually requires using network (NIS, LDAP) backend for Unix user database.

richard_payne
‎2015-08-04 05:51 AM
In response to aborzenkov
4,924 Views

Yes, you're right and I should have spelled that out instead of making the assumtion. I shoud have really said something like - provided your AD username match up to your Unix usernames provided through NIS/LDAP etc...

 

--rdp

scottgelb
NetApp A-Team
‎2015-08-04 07:45 AM
In response to richard_payne
4,904 Views

If a smaller environment many use /etc/passwd (7-Mode) or unix-user create (cDOT) if they don't have ldap or nis for name to id mapping.

0 Kudos
All Community Forums
Public