check your "export-policy" for all junctions involved..../ and /data310

vol show -fields policy

then look at the rules.

export-policy rule show -policy <policy name>

Make sure your host access from has at least read access to /

and the host has write access to /data310.

--tmac

Tim McCarthy, Principal Consultant

On Fri, Apr 1, 2016 at 11:54 AM, John Stoffel <john@stoffel.org> wrote:

Guys,
I'm banging my head on the wall trying to setup an NFS filesystem on a
cDOT 8.2 VServer to also be shared using CIFS. I can see the volume
and look at it from Windows, but I can't create any files or
directories.

Just to make sure I'm not smoking anything, here's what I did:

> vol create -vserver flsm-fs01 -vol data310 -size 1t -junction-path /data310 -aggr sas1n2

> vol modify -vserver flsm-fs01 -vol data310 -unix-permissions 777

And here's now it looks now:

flsm-ntap1::> vol show
(volume show)
Vserver Volume Aggregate State Type Size Available Used%
--------- ------------ ------------ ---------- ---- ---------- ---------- -----
flsm-fs01 data310 sas1n2 online RW 5TB 4.75TB 5%

And I can see it just fine with NFS, etc. My unix username is
'stoffj' and my windows username is 'TAEC_IRV1\stoffj' so it should
just map cleanly over using the defaults.

> cifs show
Server Status Domain/Workgroup Authentication
Vserver Name Admin Name Style
----------- --------------- --------- ---------------- --------------
flsm-fs01 FLSM-FS01 up TAEC_IRV1 domain

> cifs share show
Vserver Share Path Properties Comment ACL
-------------- ------------- ----------------- ---------- -------- -----------
flsm-fs01 data310 /data310 oplocks - Everyone / Full Control
browsable
changenotify

I even setup and looked at the "security trace" stuff to try and
figure it out. And it complains that my UNIX security is messed up.
I've tried to cut'n'paste this info, but all the tabs keep expanding
in wierd ways and cause all kinds of havoc here.

Here's an example error:

n2 1 User: TAEC_IRV1\stoffj Access is denied by UNIX
permissions while creating
the directory.
Security Style: UNIX
permissions
Path: /john/dir2/New
folder

Now the interesting thing is that the path shown looks to be at the
level UNDER the CIFS share. But it should be ok, right? Here's my
permission settings:

flsm-ntap1::> file-directory show -vserver flsm-fs01 -path /data310/john/dir2
(vserver security file-directory show)

Vserver: flsm-fs01
File Path: /data310/john/dir2
Security Style: unix
Effective Style: unix
DOS Attributes: 10
DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
Unix User Id: 61255
Unix Group Id: 4901
Unix Mode Bits: 2775
Unix Mode Bits in Text: rwxrwsr-x
ACLs: -

The mode bits are what we want, so that directories and files inherit
their group ownership properly. I haven't setup any local users or
groups, nor have I done any mappings, since it supposedly will do that
for me.

On the Unix side we're using NIS to authenticate, and that seems to be
working just fine.

Any hints?

John
_______________________________________________
Toasters mailing list
Toasters@teaparty.net
http://www.teaparty.net/mailman/listinfo/toasters