ONTAP Discussions

CIFS Access on a NFS Volume

sraudonis
5,285 Views

Hi,

 

i need a hint...

 

I have a SVM with CIFS and NFS configured, mormal it is used für CIFS, is member of my AD and all works fine.

 

Now i made a small volume for NFS which is mounted on a linux host, this volume has UNIX as security style.

 

I can check the security on the NetApp:

 

cl01::*> vserver security file-directory show -vserver cl01-svm-cifs -path /cloud

Vserver: cl01-svm-cifs
File Path: /cloud
File Inode Number: 64
Security Style: unix
Effective Style: unix
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 33
UNIX Group Id: 33
UNIX Mode Bits: 770
UNIX Mode Bits in Text: rwxrwx---
ACLs: -

 

The same i see on the linux machine:

 

root@srv16:/mnt# ll
total 16
drwxr-xr-x 4 root root 4096 Sep 26 17:35 ./
drwxr-xr-x 24 root root 4096 Jan 30 06:24 ../
drwxrwx--- 8 www-data www-data 4096 Jan 31 16:56 data/

 

When i check in /etc/passwd or /etc/group www-data is the user and group 33.

 

So i created a user and group "www-data" with the ID 33 on the SVM and made a "Windows to UNIX" mapping for my user "domain\user to www-data".

 

When i check:

 

cl01::*> diag secd authentication show-creds -node cl01-01 -vserver cl01-svm-cifs -win-name domain\stefan

UNIX UID: www-data <> Windows User: DOMAIN\stefan (Windows Domain User)

GID: www-data
Supplementary GIDs:
www-data

Primary Group SID: DOMAIN\Domänen-Benutzer (Windows Domain group)

 

So, my user is mapped to www-data, and www-data has access, but why i can't access the share?

 

When i set the rights for data to: drwxrwxr-x i can access the share, but this is not the correct solution...

 

What i missed here?

 

Kind regards

Stefan

1 ACCEPTED SOLUTION

sraudonis
5,172 Views

Today it works, i have changed nothing... Perhaps i tested to much in the past and there was cached something...

View solution in original post

3 REPLIES 3

donny_lang
5,256 Views

I have always used this guide to work through permissions issues:

 

https://kb.netapp.com/app/answers/answer_view/a_id/1071815/~/troubleshooting-cifs-or-smb-access-denied-

 

In particular, the security trace filters (combined with reviewing event log entries) are usually successful in helping me figure out where exactly the issue lies. 

sraudonis
5,203 Views

Thanks, i will test and report...

sraudonis
5,173 Views

Today it works, i have changed nothing... Perhaps i tested to much in the past and there was cached something...

Public