Not sure if this is it or not, but you have said that you set the anon ID's to 0. In this policy, it is set to 65535
Do you create separate policies for the SVM root and the data volumes? If you do, Root could/should be allow RO to all, rw to none. Then set the restrictions on the data volume policy.
--tmac
*Tim McCarthy, **Principal Consultant*
*Proud Member of the #NetAppATeam https://twitter.com/NetAppATeam*
*I Blog at TMACsRack https://tmacsrack.wordpress.com/*
On Fri, Apr 7, 2017 at 2:19 PM, Alexander Griesser AGriesser@anexia-it.com wrote:
Well, there are like 70 export policies on this SVM for 70 different volumes, I guess the policy for this volume as well as the default policy for the SVM will suffice here? If so, the export policy for this volume has already been sent earlier and here’s the default policy for this SVM:
::> export-policy rule show -vserver XXXXXXX -policyname default -instance
Vserver: XXXXXXX Policy Name: default Rule Index: 1 Access Protocol: nfsList of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 0/0
RO Access Rule: any RW Access Rule: neverUser ID To Which Anonymous Users Are Mapped: 65535
Superuser Security Types: none Honor SetUID Bits in SETATTR: true Allow Creation of Devices: trueBest,
*Alexander Griesser*
Head of Systems Operations
ANEXIA Internetdienstleistungs GmbH
E-Mail: AGriesser@anexia-it.com
Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt
Geschäftsführer: Alexander Windbichler
Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601
*Von:* tmac [mailto:tmacmd@gmail.com] *Gesendet:* Freitag, 7. April 2017 20:15 *An:* Alexander Griesser AGriesser@anexia-it.com *Cc:* Parisi, Justin Justin.Parisi@netapp.com; toasters@teaparty.net *Betreff:* Re: Windows NFS Client + cDOT
yes, yes..
export policy rule show -instance (please)
--tmac
*Tim McCarthy, **Principal Consultant*
*Proud Member of the #NetAppATeam https://twitter.com/NetAppATeam*
*I Blog at **TMACsRack https://tmacsrack.wordpress.com/*
On Fri, Apr 7, 2017 at 1:45 PM, Alexander Griesser < AGriesser@anexia-it.com> wrote:
Hi Justin,
Yes, I did activate v3-ms-dos-client and deactivated enabe-ejukebox and v3-connection-drop:
::*> vserver nfs show -vserver XXXXXXX -fields enable-ejukebox,v3-connection-drop,v3-ms-dos-client
vserver enable-ejukebox v3-connection-drop v3-ms-dos-client
XXXXXXX false disabled enabled
Here’s the export policy:
::*> vserver export-policy rule show -vserver XXXXXX -policyname XXXXXX -instance
Vserver: XXXXXX Policy Name: XXXXXX Rule Index: 1 Access Protocol: nfsList of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 22.22.22.22
RO Access Rule: any RW Access Rule: anyUser ID To Which Anonymous Users Are Mapped: 0
Superuser Security Types: any Honor SetUID Bits in SETATTR: true Allow Creation of Devices: true NTFS Unix Security Options: fail Vserver NTFS Unix Security Options: use_export_policy Change Ownership Mode: restricted Vserver Change Ownership Mode: use_export_policyHere’s the file-directory show output of the base volume itself:
::*> vserver security file-directory show -vserver XXXXXX -path /VOLUME
Vserver: XXXXXX File Path: /VOLUME File Inode Number: 64 Security Style: unix Effective Style: unix DOS Attributes: 10DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 0 UNIX Group Id: 0 UNIX Mode Bits: 755UNIX Mode Bits in Text: rwxr-xr-x
ACLs: -And here it is for the directory I’m trying to rename:
::*> vserver security file-directory show -vserver XXXXXX -path /VOLUME/test
Vserver: XXXXXX File Path: /VOLUME/test File Inode Number: 22620 Security Style: unix Effective Style: unix DOS Attributes: 10DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 0 UNIX Group Id: 0 UNIX Mode Bits: 755UNIX Mode Bits in Text: rwxr-xr-x
ACLs: -Thanks,
*Alexander Griesser*