If you have a need for UNIX users to access files with ACLs it is not necessary for all UNIX users to have a unique NT account. You can use the "wafl.default_nt_user" to supply a default mapping. Or you can create a default mapping in the /etc/usermap.cfg file. This is all assuming 5.3 or later ONTAP, of course.

Anyone using multiprotocol security on a filer should definitely consider an upgrade to a 5.3x release ASAP, since things work so much better. In particular, NFS access to files with ACLs is extremely limited in pre-5.3 releases.

Mark Muhlestein -- mmm@netapp.com

-----Original Message----- From: ZANGA, Michael, GCM [mailto:Michael.Zanga@gcm.com] Sent: Friday, March 17, 2000 5:38 AM To: 'Paul Lupa'; toasters@mathworks.com Subject: RE: Problems integrating CIFS and NFS access control

What kind of security mode is the volume in question?

Mixed mode can be problematic as NT rights supersede the Unix rights and basically lock a Unix user out THAT doesnt have a equivalent NT id. I would recommend using id that match on both side and not use mixed mode. I have a 200 gb volume with mixed clients and mixed mode was a problem at first. We changed the security style to Unix and all is well.

-----Original Message----- From: Paul Lupa [mailto:Paul.Lupa@motorola.com] Sent: Friday, March 17, 2000 12:24 AM To: toasters@mathworks.com Subject: Problems integrating CIFS and NFS access control

Hi Folks,

I have a problem with the operation of a NetApp that servers up a share both via CIFS and NFS. The goal of a group that I support was to have a common directory for both the UNIX systems and the NT systems. A user would be able to see all of their files under either UNIX or NT. The problem manifests itself because whatever was last used by the user to set access rights is what sets the security mode for the file or directory. For example, if a user accesses a directory from NT and gives himself and a NT group access to a file, from UNIX only he would have access. If from Unix he set a directory to rwxr-x---, someone in an NT group that he specifically want to grant access to would not have access. Generally speaking whatever was last used (NT or Unix) to set permissions works correctly, and the other one works, but not correctly.

My questions to the group:

1: Is anyone sharing the same directory under CIFS and NFS and found a

workaround or an acceptable way to implement permissions?

2: Has anyone thought about what would be wrong with using UNIX permissions to determine access when using NFS and NT permissions when using CIFS?

Thanks, Paul Lupa

********************************************************************** This e-mail is intended only for the addressee named above. As this e-mail may contain confidential or privileged information, if you are not the named addressee, you are not authorised to retain, read, copy or disseminate this message or any part of it. ************************************************************************