Unable to mount CIFS-share from Linux

RUTGERBLOM · ‎2014-06-02

ONTAP 8.2.1

We just migrated to cluster-mode and now our users are unable to mount CIFS-shares from Linux (and Mac OS X) using the mount -t command. What has changed because it worked fine in 7-mode.

Kind regards,

Rutger

dsclassen · ‎2014-06-02

and they are on the same subnet? and the export rules are correct?

RUTGERBLOM · ‎2014-06-02

These are CIFS-shares (not NFS) and we haven't activated export rules for them. Everything works fine in our Windows environment.

parisi · ‎2014-06-04

CIFS share mounts work fine in cDOT.

Example:

[root@centos64 ~]# mount -t cifs 10.63.3.68:/unix /unix

WARNING: using NFS syntax for mounting CIFS shares is deprecated and will be removed in cifs-utils-6.0. Please migrate to UNC syntax.

Password:

[root@centos64 ~]# mount | grep cifs

10.63.3.68:/unix on /unix type cifs (rw)

[root@centos64 ~]# cd /unix

[root@centos64 unix]# ls -la

total 15

drwxr-xr-x. 5 root root 0 Jun 3 11:37 .

dr-xr-xr-x. 40 root root 4096 Jun 4 14:23 ..

-rwxr-xr-x. 1 root root 0 May 21 10:50 file

-rwxr-xr-x. 1 root root 0 May 21 10:50 file2

-rwxr-xr-x. 1 root root 0 May 21 10:50 file3

drwxr-xr-x. 0 root root 0 May 22 14:42 ldapuser

-rwxr-xr-x. 1 root root 0 May 27 16:51 newfile

-rwxr-xr-x. 1 root root 0 May 27 17:00 newfile2

-rwxr-xr-x. 1 root root 3232 May 29 21:01 RR-sdf.trc

drwxr-xr-x. 0 root root 0 May 29 20:32 sdf

-rwxr-xr-x. 1 root root 3048 May 29 21:01 SN-sdf.trc

drwxr-xr-x. 0 root root 0 May 23 15:24 unix2

What error are you seeing when clients mount?

RUTGERBLOM · ‎2014-06-04

Problem solved by adding additional NTFS permissions for "Everyone" to the share. In 7-mode the "Traverse folder" and "List folder" NTFS permissions were sufficient, but with cDOT we had to add "Read attributes", "Read extended attributes" and "Read permissions" NTFS permissions ("This folder only") to make mounting/mapping the share at the root level work for Linux, Mac OS X (using mount) and Windows XP.

What has changed between 7-mode and cDOT that would cause this I wonder?

parisi · ‎2014-06-04

Not sure what changed here, but the volume I was mounting was UNIX security style.

I will try a NTFS style volume tomorrow with various permissions and see what I can find...

parisi · ‎2014-06-05

Ok, reproduced this issue in cDOT.

I set my volume to have "Everyone" with Traverse and List Folder access:

parisi-cdot::*> vserver security file-directory show -vserver flexvol -path /ntfs

Vserver: flexvol

File Path: /ntfs

Security Style: ntfs

Effective Style: ntfs

DOS Attributes: 10

DOS Attributes in Text: ----D---

Expanded Dos Attributes: -

Unix User Id: 0

Unix Group Id: 0

Unix Mode Bits: 777

Unix Mode Bits in Text: rwxrwxrwx

ACLs: NTFS Security Descriptor

Control:0x9504

Owner:BUILTIN\Administrators

Group:BUILTIN\Administrators

DACL - ACEs

ALLOW-DOMAIN\Administrator-0x1f01ff-OI|CI

ALLOW-Everyone-0x100021-OI|CI|NP

Then the mount failed:

[root@centos64 /]# mount -t cifs 10.63.3.68:/ntfs /unix

WARNING: using NFS syntax for mounting CIFS shares is deprecated and will be removed in cifs-utils-6.0. Please migrate to UNC syntax.

Password:

mount error(2): No such file or directory

Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)

The issue is during the SMB call QUERY_PATH_INFO:

109 4.022960 10.228.225.140 10.63.3.68 SMB 144 Trans2 Request, QUERY_PATH_INFO, Query File All Info, Path:

110 4.023478 10.63.3.68 10.228.225.140 SMB 105 Trans2 Response, QUERY_PATH_INFO, Error: STATUS_OBJECT_NAME_NOT_FOUND

This is bug 824289.

http://support.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=824289

As a workaround, the minimum permissions need to be 0x1200a9 (List, traverse, read, read extended, read permissions), which is what you found to be the case: