ONTAP Discussions

CIFS Access on a NFS Volume

sraudonis

Hi,

 

i need a hint...

 

I have a SVM with CIFS and NFS configured, mormal it is used für CIFS, is member of my AD and all works fine.

 

Now i made a small volume for NFS which is mounted on a linux host, this volume has UNIX as security style.

 

I can check the security on the NetApp:

 

cl01::*> vserver security file-directory show -vserver cl01-svm-cifs -path /cloud

Vserver: cl01-svm-cifs
File Path: /cloud
File Inode Number: 64
Security Style: unix
Effective Style: unix
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 33
UNIX Group Id: 33
UNIX Mode Bits: 770
UNIX Mode Bits in Text: rwxrwx---
ACLs: -

 

The same i see on the linux machine:

 

root@srv16:/mnt# ll
total 16
drwxr-xr-x 4 root root 4096 Sep 26 17:35 ./
drwxr-xr-x 24 root root 4096 Jan 30 06:24 ../
drwxrwx--- 8 www-data www-data 4096 Jan 31 16:56 data/

 

When i check in /etc/passwd or /etc/group www-data is the user and group 33.

 

So i created a user and group "www-data" with the ID 33 on the SVM and made a "Windows to UNIX" mapping for my user "domain\user to www-data".

 

When i check:

 

cl01::*> diag secd authentication show-creds -node cl01-01 -vserver cl01-svm-cifs -win-name domain\stefan

UNIX UID: www-data <> Windows User: DOMAIN\stefan (Windows Domain User)

GID: www-data
Supplementary GIDs:
www-data

Primary Group SID: DOMAIN\Domänen-Benutzer (Windows Domain group)

 

So, my user is mapped to www-data, and www-data has access, but why i can't access the share?

 

When i set the rights for data to: drwxrwxr-x i can access the share, but this is not the correct solution...

 

What i missed here?

 

Kind regards

Stefan

1 ACCEPTED SOLUTION

sraudonis

Today it works, i have changed nothing... Perhaps i tested to much in the past and there was cached something...

View solution in original post

3 REPLIES 3

donny_lang

I have always used this guide to work through permissions issues:

 

https://kb.netapp.com/app/answers/answer_view/a_id/1071815/~/troubleshooting-cifs-or-smb-access-denied-

 

In particular, the security trace filters (combined with reviewing event log entries) are usually successful in helping me figure out where exactly the issue lies. 

sraudonis

Today it works, i have changed nothing... Perhaps i tested to much in the past and there was cached something...

View solution in original post

sraudonis

Thanks, i will test and report...

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public