NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

ONTAP Discussions

What is the right command to show me user mapping?

netappmagic
10,596 Views

I am trying to find out what UNIX ID is WINDOW ID "window_id1" mapping to. I used the following two commands, but produced two different outputs? Can you please advise what unix id is this "window_id1" mapping to, and why?   Thank you!

 

 

 

#secd authentication show-creds -node node-01 -vserver vs1 -win-name windown_id1

UNIX UID: unix_id1 <> Windows User: domainname\window_id1 (Domain User)

 

#diag secd name-mapping show -node node-02 -vserver vs1 -direction win-unix window_id1
window_id1 maps to pcuser

4 REPLIES 4

aborzenkov
10,571 Views
Why do you expect same results on two different SVM?

netappmagic
10,517 Views

Sorry! It was my typo. I updated my original post.

 

They are on the same SVM, and same node.

hadrian
10,489 Views

Hi netappmagic,

 

Without seeing your nm-switch order and name-mapping rules, I can only venture so much.   Here is a possible scenario:

 

Your ns-switch is ldap/nis then files.   Your test user accessed a share via a LIF residing on Node01.  SecD running on Node01 then performed the name mapping and populated the credential cache for the user.  The same test user has never accessed a LIF on Node02, yet.  So the default name mapping or default CIFS unix user option of pcuser is still in effect for the Node02 SecD cache.  Remember:  SECD runs on every node!

 

 

skynet::*>
skynet::*> cifs options show -vserver hadrian_skyvs1 -fields default-unix-user
vserver        default-unix-user
-------------- -----------------
hadrian_skyvs1 pcuser

skynet::*>
skynet::*> diag secd authentication show-creds -node skynet-01 -vserver hadrian_skyvs1 -win-name administrator

 UNIX UID: pcuser <> Windows User: HADRIAN-SKYVS1\Administrator (Windows Local User)

 

If you point your test user to a LIF residing on Node02 or move all the Data LIFs to Node02 temporarily and test access by that user, Node02's show-creds command will look the same as Node01.

 

For more information about multiprotocol name mapping, see pg 114 of the NFS Best Practices Guide TR-4067

 

If this was useful, always remember the kudos button is just a click away!

 

Hadrian

netappmagic
10,464 Views

Hi Hadrian,

 

These two different commands were run on the same SVM and same node, but got two different results. Sorry, I got typo again.

 

 "window_id1" is mapped to "unix_id1" as the result of running command:

#secd authentication show-creds -node node-02 -vserver vs1 -win-name windown_id1

 

and then mapped to default one "pcuser" as the result of running command:

#diag secd name-mapping show -node node-02 -vserver vs1 -direction win-unix window_id1

 

Any idea now?

 

P.S.

both ns-switch nm-switch is file only here.

Public