Been a while, but I think your svm may be set up to check nis first, then ad. Since it finds the user in nis, it uses that.

I can't tell you the commands offhand, but you may want to check your name service resolution....

On Tue, Feb 14, 2017 at 6:59 PM Ray Van Dolson <rvandolson@esri.com> wrote:
Have an NTFS volume being shared out via NFSV3.  SVM is part of AD and
NIS.

When an NIS-joined client lists directories under the export,
everything seems to be mapped to UID 65534.  I'm able to validate this:

::*> vserver security file-directory show -vserver file_ntfs -path /setup-staging/raytest_windows

                Vserver: file_ntfs
              File Path: /setup-staging/raytest_windows
      File Inode Number: 1317151
         Security Style: ntfs
        Effective Style: ntfs
         DOS Attributes: 10
 DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
           UNIX User Id: 65534
          UNIX Group Id: 65534
         UNIX Mode Bits: 777
 UNIX Mode Bits in Text: rwxrwxrwx
                   ACLs: NTFS Security Descriptor
                         Control:0x8004
                         Owner:DOMAIN\rvandolson
                         Group:DOMAIN\Domain Users
                         DACL - ACEs
                           ALLOW-Everyone-0x1f01ff-(Inherited)
                           ALLOW-Everyone-0x10000000-OI|CI|IO (Inherited)

However, the following makes me think the filer knows how to map AD
usernames to Unix (NIS) usernames just fine:

  ::*> diag secd name-mapping show -vserver file_ntfs -direction win-unix -name DOMAIN\rvandolson -node red-str-napcl-p03-02

  ATTENTION: Mapping of Data ONTAP "admin" users to UNIX user "root" is enabled, but the following information does not reflect this mapping.

  'DOMAIN\rvandolson' maps to 'rvandolson'

  ::*> diag secd authentication translate -node red-str-napcl-p03-02 -vserver file_ntfs -unix-user-name rvandolson
  580345

I don't have a default-win-user set:

  ::*> vserver nfs show -vserver file_ntfs -fields default-win-user
  vserver   default-win-user
  --------- ----------------
  file_ntfs

(but I think the default is 65534).

Shouldn't cDOT be returning 580345 for the UNIX User Id rather than
65534?  Seems to be the case on 7-mode...

Thanks!
Ray
_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters
--
Sent from Gmail Mobile.