Hi,
Adrian Gschwend wrote:
We have several qtrees with NTFS only permissions,.....
If you access a NTFS-security qtree via NFS, the filer will try to do a usermapping to the corresponding windows-user.
But no windows-user called "root" exists, so the usermapping will fail and your multiprotocol access will be denied.
Which means you have 2 choices: - either edit /etc/usermap.cfg and make sure there is a mapping for Administrator <= root. If you do this, you could get additional security by by specifying an IP-Qualifier: 192.168.1.2: Administrator <= root - or set the option wafl.default_nt_user from "" to a user with sufficient priviledges (but NOT Administrator! Or else all unknown unix users will become Administrator)
Now I try to connect as root from 192.168.1.2 and to install the files, but no luck, I get a permission denied. I found this option:
options cifs.nfs_root_ignore_acl on
You were already on the right track. But there is this other option called wafl.default_nt_user I already wrote about. Its default is set to "" which means the usermapping will fail in any case and that in turn means the filer always disallow the unix request (..since no permission check will ever take if usermapping doesn't work!)
cheers, Olli