On Tue, May 29, 2012 at 12:42:55PM -0700, Steve Losen wrote:
On Tue, May 29, 2012 at 11:07:57AM -0700, Kevin Glueck wrote:
which qtree security model are you using? unix? ntfs? what's the actual permissions on the file/dir you're trying to write to? (acls?)
I've seen an error similar to this when writing over nfs to a share that using ntfs qtrees and the permissions were too restrictive to allow the user to write... I didn't do a packet trace, so not positive it's actually 100% alike, but anecdotally, it sounds alike.
Kevin
Yes, I believe it's NTFS. We shied away from using "mixed" based on reading here and in some TR documents. Perhaps we should revisit.
Will review the NTFS permissions to look for any issues. You don't happen to recall any specific bits you had to adjust? Ours are fairly permissive by default...
Thanks, Ray
I you are using NFS with a NTFS volume/qtree then are you mapping your Unix uids to Windows SIDs with /etc/usermap.cfg?
The NFS client includes the Unix uid of the user in each NFS request. The filer converts the Unix uid to the corresponding Windows domain user using /etc/usermap.cfg and then looks at the NTFS permissions to determine the user's access.
Not explicitly. My assumption was that our use of NIS covered us here and we'd only use usermap.cfg for overrides.
This *seems* to be holding true FWIW.
Thanks, Ray
OK Ray, I assume you have a usermap.cfg entry similar to this, right?
domain* == *
(Perhaps this is a default rule, not sure)
This only works if the domain usernames are the same as the corresponding Unix loginids. Otherwise if Windows user "FredSmith" has Unix loginid "fws" then you would need this:
domain\FredSmith == fws
And are all of your NFS clients using the same NIS map as the filer? NFS requests include the Unix UID of the user on the NFS client. The filer uses NIS to look up the UID to obtain the Unix loginid. Then it uses /etc/usermap.cfg to convert the loginid to a Windows domain username and then looks up the username on the Windows domain controller.
Steve Losen scl@virginia.edu phone: 434-924-0640
University of Virginia ITC Unix Support