Community maintenance is complete. Thank you for your patience!

ONTAP Discussions

What is the right command to show me user mapping?


I am trying to find out what UNIX ID is WINDOW ID "window_id1" mapping to. I used the following two commands, but produced two different outputs? Can you please advise what unix id is this "window_id1" mapping to, and why?   Thank you!




#secd authentication show-creds -node node-01 -vserver vs1 -win-name windown_id1

UNIX UID: unix_id1 <> Windows User: domainname\window_id1 (Domain User)


#diag secd name-mapping show -node node-02 -vserver vs1 -direction win-unix window_id1
window_id1 maps to pcuser



Hi netappmagic,


Without seeing your nm-switch order and name-mapping rules, I can only venture so much.   Here is a possible scenario:


Your ns-switch is ldap/nis then files.   Your test user accessed a share via a LIF residing on Node01.  SecD running on Node01 then performed the name mapping and populated the credential cache for the user.  The same test user has never accessed a LIF on Node02, yet.  So the default name mapping or default CIFS unix user option of pcuser is still in effect for the Node02 SecD cache.  Remember:  SECD runs on every node!



skynet::*> cifs options show -vserver hadrian_skyvs1 -fields default-unix-user
vserver        default-unix-user
-------------- -----------------
hadrian_skyvs1 pcuser

skynet::*> diag secd authentication show-creds -node skynet-01 -vserver hadrian_skyvs1 -win-name administrator

 UNIX UID: pcuser <> Windows User: HADRIAN-SKYVS1\Administrator (Windows Local User)


If you point your test user to a LIF residing on Node02 or move all the Data LIFs to Node02 temporarily and test access by that user, Node02's show-creds command will look the same as Node01.


For more information about multiprotocol name mapping, see pg 114 of the NFS Best Practices Guide TR-4067


If this was useful, always remember the kudos button is just a click away!




Hi Hadrian,


These two different commands were run on the same SVM and same node, but got two different results. Sorry, I got typo again.


 "window_id1" is mapped to "unix_id1" as the result of running command:

#secd authentication show-creds -node node-02 -vserver vs1 -win-name windown_id1


and then mapped to default one "pcuser" as the result of running command:

#diag secd name-mapping show -node node-02 -vserver vs1 -direction win-unix window_id1


Any idea now?



both ns-switch nm-switch is file only here.

Why do you expect same results on two different SVM?


Sorry! It was my typo. I updated my original post.


They are on the same SVM, and same node.

NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner