ONTAP Discussions

Linux LDAP User not have the right access to NFS volume directory with NFSv4 ACL

DDA
999 Views

After deploy the environment by "How to configure LDAP in ONTAP TR-4835"

 

Environment

1. Windows server 2019 with LDAP services

2. CentOS7 client use sssd and realm add to the AD Domain, and use two methods according to TR, shows below

[root@centos7 ~]# id u01
uid=2000(u01) gid=3000(Domain Users) groups=3000(Domain Users)
[root@centos7 ~]# id u01@gtish.loc
uid=1596602150(u01@GTISH.LOC) gid=1596600513(domain users@GTISH.LOC) groups=1596600513(domain users@GTISH.LOC),1596602153(all test users@GTISH.LOC) 

3. From ONTAP SVM, the name services query returns correct results, shows below

::*> getxxbyyy getpwbyname -node FAS2750-01 -vserver SVM_LDAP -show-source true -use-cache false -username u01
(vserver services name-service getxxbyyy getpwbyname)
Source used for lookup: LDAP
pw_name: u01
pw_passwd:
pw_uid: 2000
pw_gid: 3000
pw_gecos:
pw_dir:
pw_shell: /bin/bash

 

Problem

The LDAP user u01@gtish.loc cannot access the directory in the ONTAP NFS volume with NFSv4 ACL, shows below

[u01@GTISH.LOC@centos7 ldap]$ nfs4_getfacl root

 

# file: root

A::OWNER@:rwaDxtTnNcCy

A::u01@gtish.loc:rwaDxtTnNcCy

[u01@GTISH.LOC@djwcentos7 ldap]$ cd root/

bash: cd: root/: access denied

 

Any things set wrong?

1 REPLY 1

parisi
892 Views

Using the root user, what does "ls -la" show for that volume/the files in the volume?

 

Your NFSv4 configuration might be wrong. If the owner shows "nobody" or "nfsnobody" then you need to fix the v4 config. TR-4067 covers it.

 

https://www.netapp.com/pdf.html?item=/media/10720-tr-4067.pdf

Public