ONTAP Discussions

usermapping issue NFS, CIFS

nanastas
2,744 Views

Hello Community,

 

we have the following situation

 

Customer environment:

The customer has two AD domains connected via bidirectional trust with selective authentication. I will call them the old and the new domain till end of my mail.

Some of the users are already in the new one and some reside still in the old one.

The users who have been already migrated to the new domain authenticate themselves onto objects in the old domain with their SID history (user in the old domain is still available, but it has been disabled).

Active users in the old domain have been already created in the new domain with status disabled.

// There are users who are in both domains and should also do UNIX, but they are disabled in the new domain, e.g. user AA5052, it still has to be migrated)

// There are users who are in both domains and should also do UNIX, but they are disabled in the old domain, e.g. user AA5215, it has been  migrated)

NFSv3, NFSv4 and CIFS are in use.

The AD Server is used as LDAP Server.

 

Requirements:

                The customer must be able to access the same files from UNIX and Windows.

                Both users from the old and the new domain must have access.

 

Tests performed:

                CIFS server has been joined to the old domain (security style = NTFS):

                               + CIFS access by users from the old and new domains works

                               + NFS mount v3 and v4 works

                               - “ls” gets stuck for users from the new domain

 

                CIFS server has been joined to the new domain (security style = NTFS):

                               + NFS and CIFS access works with users form the new domain

                               -  NFS and CIFS access does not work with users from the old domain

 

Any hint about the both „-“ would be appreciated.

 

Thanks and Regards

Anastas

PSC NetApp Austria

1 ACCEPTED SOLUTION

Mjizzini
2,694 Views

You can configure storage virtual machines (SVMs) to perform multidomain name-mapping searches. This enables ONTAP to search every bidirectional trusted domain to find a match when performing UNIX user to Windows user name mapping.

Configuring multidomain name-mapping searches 

 

you may need to run vserver cifs domain trusts rediscover

View solution in original post

2 REPLIES 2

Mjizzini
2,695 Views

You can configure storage virtual machines (SVMs) to perform multidomain name-mapping searches. This enables ONTAP to search every bidirectional trusted domain to find a match when performing UNIX user to Windows user name mapping.

Configuring multidomain name-mapping searches 

 

you may need to run vserver cifs domain trusts rediscover

nanastas
2,640 Views

Thanks for the hint. I wil check and inform you about the result!

Public