I've been searching for this online and have not come across any issues from other users I'm afraid.
So basically I want to do a name mapping between win to unix. security style of the volume is unix and I want 2 windows users (win-user1 and win-user2) to be mapped to unix user unix-user. Reading this KB: https://kb.netapp.com/app/answers/answer_view/a_id/1030441 and other explanations I expect my name mapping to look something like this:
II now access from my windows system over CIFS to this volume and create a file.
Now I'm going to the linux machine which has it mounted over NFS and check the permission and what I can see is that it's 'nfsnobody'. I've been googling about it online and found this article of Justion (Thank you Justin as always!) : https://whyistheinternetbroken.wordpress.com/2017/01/24/mixed-perceptions-multiprotocol-nas/ and in this article it's perfectly explained that the default unix user which is set for CIFS is if you don't touch it set to 'pcuser'. pcuser in this case will write down the file with uid=65534. 65534 in unix is usually either 'nobody' or 'nfsnobody' so this is proof that the name mapping is not working at all.
So I think there's 2 possibilities here:
1. Name-mapping expression is wrong?
> I believe this is the case, since the user is coming from a workgroup and I'm not sure how it's going to try to authenticate
2. everything is running through default user and default user would need to be changed?
> I guess if you have a name-mapping in place this will be overwritten.
3. win/unix user is missing on netapp and/or win/linux side
> user is in place on netapp for ntfs: cifs users-and-groups local-user show -vserver svmaxt Vserver User Name Full Name Description ------------ --------------------------- -------------------- ------------- svmx SVMX\Administrator Built-in administrator account svmx SVMX\win-usr1 - - svmx SVMX\win-usr2 - -
> user is in place on netapp for unix: svmx nobody 65535 65535 svmx unix-user 700 700 svmx pcuser 65534 65534 svmx root 0 1
You need to create a name-mapping - once it is created you can modify it if need be. There are a limited number of name-mapping positions you can create per SVM (2147483647), so you have to specify which position you are using for each mapping.
It's just akward because I have transitioned some from 7-mode and they're all non-domain accounts and they don't have this (.+)\\ pattern infront as domain. I believe this is only working because on them I have also set a default-unix user to be a different one and all accounts are just mapping to that one. Not nice but would explain it.