ONTAP Discussions

NFS v4-numeric-ids

ECOIFFE
3,570 Views

Hy,

 

I want to use numeric-id on nfsv4 but i am facing a problem with owner uid send to nfs client in string instead of numeric id, the owner group is send as expected. Of course it work in nfs v3 and i'm using sec "sys" on nfs client side.

 

What i'm doing wrong ? Is it a bug in numeric-id function ?

 

Ontap 9.7 p3

 

NFS parameter:

nas31-08::*> vserver nfs show -vserver ABC -fields v4-numeric-ids
vserver v4-numeric-ids
------------- --------------
ABC enabled

 

Server Side:

[root@linux ~]# sudo -u usertestja@domain.priv ls -ln /mnt/eco
total 0
-rwx------. 1 99 327081207 0 Jun 21 17:16 ads_linux.txt

 

Netapp security:

nas31-08::*> vserver security file-directory show -vserver ABC -path /multi/ads_linux.txt

Vserver: ABC
File Path: /multi/ads_linux.txt
File Inode Number: 5740
Security Style: ntfs
Effective Style: ntfsDOS Attributes: 20
DOS Attributes in Text: ---A----
Expanded Dos Attributes: -
UNIX User Id: 327081207
UNIX Group Id: 327081207
UNIX Mode Bits: 777
UNIX Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0x8404
Owner:DOMAIN\usrtestja
Group:DOMAIN\Domain users
DACL - ACEs
ALLOW-DOMAIN\user-0x1301bf-(Inherited)

 

Network Dump:

 

e1a-607_20210623_094519.trc0.jpg

1 REPLY 1

parisi
3,517 Views

Numeric IDs only works when ONTAP can't find a valid user name match.

 

So in your case, if ONTAP can resolve UNIX user UID 327081207 to a valid UNIX user name (such as via name services), then it translates the name.

 

Since your ID domain is set to the default "defaultv4iddomain.com" value, it gets appended to the user ONTAP found.

 

So the string becomes username@defaultv4iddomain.com, which obviously won't map into whatever the client ID domain is set to.

 

The only time numeric ID support is used is when the numeric ID coming in can't be translated to a user name.

 

TR-4067 covers this in detail:

 

https://www.netapp.com/pdf.html?item=/media/10720-tr-4067.pdf - page 41

 

In your case, to fix the issue, change the NFS server option v4-id-domain to the same value coming in from the client. (ie, domain.priv)

Public