Been a while, but I think your svm may be set up to check nis first, then ad. Since it finds the user in nis, it uses that.
I can't tell you the commands offhand, but you may want to check your name service resolution....
On Tue, Feb 14, 2017 at 6:59 PM Ray Van Dolson rvandolson@esri.com wrote:
Have an NTFS volume being shared out via NFSV3. SVM is part of AD and NIS.
When an NIS-joined client lists directories under the export, everything seems to be mapped to UID 65534. I'm able to validate this:
::*> vserver security file-directory show -vserver file_ntfs -path /setup-staging/raytest_windows
Vserver: file_ntfs File Path: /setup-staging/raytest_windows File Inode Number: 1317151 Security Style: ntfs Effective Style: ntfs DOS Attributes: 10
DOS Attributes in Text: ----D--- Expanded Dos Attributes: - UNIX User Id: 65534 UNIX Group Id: 65534 UNIX Mode Bits: 777 UNIX Mode Bits in Text: rwxrwxrwx ACLs: NTFS Security Descriptor Control:0x8004 Owner:DOMAIN\rvandolson Group:DOMAIN\Domain Users DACL - ACEs ALLOW-Everyone-0x1f01ff-(Inherited) ALLOW-Everyone-0x10000000-OI|CI|IO (Inherited)
However, the following makes me think the filer knows how to map AD usernames to Unix (NIS) usernames just fine:
::*> diag secd name-mapping show -vserver file_ntfs -direction win-unix -name DOMAIN\rvandolson -node red-str-napcl-p03-02
ATTENTION: Mapping of Data ONTAP "admin" users to UNIX user "root" is enabled, but the following information does not reflect this mapping.
'DOMAIN\rvandolson' maps to 'rvandolson'
::*> diag secd authentication translate -node red-str-napcl-p03-02 -vserver file_ntfs -unix-user-name rvandolson 580345
I don't have a default-win-user set:
::*> vserver nfs show -vserver file_ntfs -fields default-win-user vserver default-win-user
file_ntfs
(but I think the default is 65534).
Shouldn't cDOT be returning 580345 for the UNIX User Id rather than 65534? Seems to be the case on 7-mode...
Thanks! Ray _______________________________________________ Toasters mailing list Toasters@teaparty.net http://www.teaparty.net/mailman/listinfo/toasters