65534 is "pcuser" on a NetApp storage system. That's the user a Windows user gets mapped to when they write to a NTFS security style volume when they can't map to a specific user. It's the default UNIX user, not the default Windows user that's being leveraged.
Likely an issue with the name services. What does "name-service ns-switch show" give as the config?
What does "diag secd authentication show-creds -list-id true -list-name true" give for that user?
You could try enabling secd tracing to see what exactly happens during the requests, as well. (diag secd trace set -trace-all yes)
-----Original Message----- From: toasters-bounces@teaparty.net [mailto:toasters-bounces@teaparty.net] On Behalf Of Ray Van Dolson Sent: Tuesday, February 14, 2017 3:56 PM To: toasters@teaparty.net Subject: NFSv3 mount on NTFS volume on cDOT 9.0 - UID getting mapped to 65534
Have an NTFS volume being shared out via NFSV3. SVM is part of AD and NIS.
When an NIS-joined client lists directories under the export, everything seems to be mapped to UID 65534. I'm able to validate this:
::*> vserver security file-directory show -vserver file_ntfs -path /setup-staging/raytest_windows
Vserver: file_ntfs File Path: /setup-staging/raytest_windows File Inode Number: 1317151 Security Style: ntfs Effective Style: ntfs DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - UNIX User Id: 65534 UNIX Group Id: 65534 UNIX Mode Bits: 777 UNIX Mode Bits in Text: rwxrwxrwx ACLs: NTFS Security Descriptor Control:0x8004 Owner:DOMAIN\rvandolson Group:DOMAIN\Domain Users DACL - ACEs ALLOW-Everyone-0x1f01ff-(Inherited) ALLOW-Everyone-0x10000000-OI|CI|IO (Inherited)
However, the following makes me think the filer knows how to map AD usernames to Unix (NIS) usernames just fine:
::*> diag secd name-mapping show -vserver file_ntfs -direction win-unix -name DOMAIN\rvandolson -node red-str-napcl-p03-02
ATTENTION: Mapping of Data ONTAP "admin" users to UNIX user "root" is enabled, but the following information does not reflect this mapping.
'DOMAIN\rvandolson' maps to 'rvandolson'
::*> diag secd authentication translate -node red-str-napcl-p03-02 -vserver file_ntfs -unix-user-name rvandolson 580345
I don't have a default-win-user set:
::*> vserver nfs show -vserver file_ntfs -fields default-win-user vserver default-win-user --------- ---------------- file_ntfs
(but I think the default is 65534).
Shouldn't cDOT be returning 580345 for the UNIX User Id rather than 65534? Seems to be the case on 7-mode...
Thanks! Ray _______________________________________________ Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters