ONTAP Discussions

cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

What is the right command to show me user mapping?

netappmagic
‎2015-06-12 12:53 PM
8,928 Views

I am trying to find out what UNIX ID is WINDOW ID "window_id1" mapping to. I used the following two commands, but produced two different outputs? Can you please advise what unix id is this "window_id1" mapping to, and why?   Thank you!

 

 

 

#secd authentication show-creds -node node-01 -vserver vs1 -win-name windown_id1

UNIX UID: unix_id1 <> Windows User: domainname\window_id1 (Domain User)

 

#diag secd name-mapping show -node node-02 -vserver vs1 -direction win-unix window_id1
window_id1 maps to pcuser

0 Kudos
View By:
4 REPLIES 4

aborzenkov
‎2015-06-12 10:45 PM
8,903 Views
Why do you expect same results on two different SVM?
0 Kudos

netappmagic
‎2015-06-15 07:00 AM
In response to aborzenkov
8,849 Views

Sorry! It was my typo. I updated my original post.

 

They are on the same SVM, and same node.

0 Kudos

hadrian
NetApp
‎2015-06-15 04:06 PM
8,821 Views

Hi netappmagic,

 

Without seeing your nm-switch order and name-mapping rules, I can only venture so much.   Here is a possible scenario:

 

Your ns-switch is ldap/nis then files.   Your test user accessed a share via a LIF residing on Node01.  SecD running on Node01 then performed the name mapping and populated the credential cache for the user.  The same test user has never accessed a LIF on Node02, yet.  So the default name mapping or default CIFS unix user option of pcuser is still in effect for the Node02 SecD cache.  Remember:  SECD runs on every node!

 

 

skynet::*>
skynet::*> cifs options show -vserver hadrian_skyvs1 -fields default-unix-user
vserver        default-unix-user
-------------- -----------------
hadrian_skyvs1 pcuser

skynet::*>
skynet::*> diag secd authentication show-creds -node skynet-01 -vserver hadrian_skyvs1 -win-name administrator

 UNIX UID: pcuser <> Windows User: HADRIAN-SKYVS1\Administrator (Windows Local User)

 

If you point your test user to a LIF residing on Node02 or move all the Data LIFs to Node02 temporarily and test access by that user, Node02's show-creds command will look the same as Node01.

 

For more information about multiprotocol name mapping, see pg 114 of the NFS Best Practices Guide TR-4067

 

If this was useful, always remember the kudos button is just a click away!

 

Hadrian

netappmagic
‎2015-06-16 06:15 AM
In response to hadrian
8,796 Views

Hi Hadrian,

 

These two different commands were run on the same SVM and same node, but got two different results. Sorry, I got typo again.

 

 "window_id1" is mapped to "unix_id1" as the result of running command:

#secd authentication show-creds -node node-02 -vserver vs1 -win-name windown_id1

 

and then mapped to default one "pcuser" as the result of running command:

#diag secd name-mapping show -node node-02 -vserver vs1 -direction win-unix window_id1

 

Any idea now?

 

P.S.

both ns-switch nm-switch is file only here.

0 Kudos
All Community Forums
Public