Been a while, but I think your svm may be set up to check nis first, then ad. Since it finds the user in nis, it uses that.
I can't tell you the commands offhand, but you may want to check your name service resolution....
Have an NTFS volume being shared out via NFSV3. SVM is part of AD and
NIS.
When an NIS-joined client lists directories under the export,
everything seems to be mapped to UID 65534. I'm able to validate this:
::*> vserver security file-directory show -vserver file_ntfs -path /setup-staging/raytest_windows
Vserver: file_ntfs
File Path: /setup-staging/raytest_windows
File Inode Number: 1317151
Security Style: ntfs
Effective Style: ntfs
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
UNIX User Id: 65534
UNIX Group Id: 65534
UNIX Mode Bits: 777
UNIX Mode Bits in Text: rwxrwxrwx
ACLs: NTFS Security Descriptor
Control:0x8004
Owner:DOMAIN\rvandolson
Group:DOMAIN\Domain Users
DACL - ACEs
ALLOW-Everyone-0x1f01ff-(Inherited)
ALLOW-Everyone-0x10000000-OI|CI|IO (Inherited)
However, the following makes me think the filer knows how to map AD
usernames to Unix (NIS) usernames just fine:
::*> diag secd name-mapping show -vserver file_ntfs -direction win-unix -name DOMAIN\rvandolson -node red-str-napcl-p03-02
ATTENTION: Mapping of Data ONTAP "admin" users to UNIX user "root" is enabled, but the following information does not reflect this mapping.
'DOMAIN\rvandolson' maps to 'rvandolson'
::*> diag secd authentication translate -node red-str-napcl-p03-02 -vserver file_ntfs -unix-user-name rvandolson
580345
I don't have a default-win-user set:
::*> vserver nfs show -vserver file_ntfs -fields default-win-user
vserver default-win-user
--------- ----------------
file_ntfs
(but I think the default is 65534).
Shouldn't cDOT be returning 580345 for the UNIX User Id rather than
65534? Seems to be the case on 7-mode...
Thanks!
Ray
_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters
--
Sent from Gmail Mobile.