5 Replies Latest reply: Jun 28, 2013 7:23 PM by mijohnst RSS

Yet another NFS permission denied

gspallis0 Novice
Currently Being Moderated

Hello all,

 

This is yet another NFS permission denied thread. This is my setup: I 'm exporting a volume via NFS and CIFS with mixed mode security, since I want this to be accesible from both windoze and Linux hosts. As an NFS share it's mounting without problems, but when I 'm trying to cd I get a permission denied even as the root user of the Linux host. When in unix mode security there are no problems. This is my /etc/exports line for this volume:

 

/vol/Android    -sec=sys,rw=10.45.170.70,root=10.45.170.70

 

 

Please tell me if you need me to post anything more from the filer (I 'm new to the NetApp world, so please bare with me ). Thank you in advance for any response.

  • Yet another NFS permission denied
    andrc NetApp Employee Cyclist
    Currently Being Moderated

    Mixed mode security is a strange thing and very often throws up issues but you don't have to use it in order to have CIFS & NFS shares/exports on the same volume or qtree.

    You can keep security style as Unix as long as for any Windows users accessing via CIFS there is a Unix user with exactly the same username. The filer will then map the Windows user to the Unix user using whichever Unix authentication is in place (check /etc/nsswitch.conf) and it then comes down to what permissions the Unix user has. You can also manually map users between Windows <=> Unix using the /etc/usermap.cfg file.

    This can also be done with NTFS security style but the other way around i.e. any Unix users accessing must have a corresponding Windows user. Just be aware that Unix hosts sometimes have issues dealing with Windows ACLs whereas Windows hosts are fine with the Unix security model.

    • Re: Yet another NFS permission denied
      gspallis0 Novice
      Currently Being Moderated

      Thank you.andrc! Indeed, I was looking the /etc/usermap.cfg file and the documentation for that. I 've put the Linux host under the AD domain by using likewise-open, so users can login to it with the same AD credentials they use for their windoze PCs. I guess that in this case the usermap.cfg should be something like that:

       

      domain\* => *

       

      or

       

      domain\* == *

       

      If that's the case, then I 'm pretty happy with leaving the security in unix mode and doing the mapping with usermap.cfg

      • Yet another NFS permission denied
        andrc NetApp Employee Cyclist
        Currently Being Moderated

        Usermap.cfg entries are only really needed if you want to map differing usernames to each other, if users on the Linux hosts are logging in with the same credentials as AD users then the filer will automatically map from Unix => Windows or vice versa (You can test this by entering `options cifs.trace_login on` and watching console ouput. Remember to enter `options cifs.trace_login off` when you're done)

        Then it's just a case of ensuring folder/file permissions are correctly set as in any environment.

        • Re: Yet another NFS permission denied
          gspallis0 Novice
          Currently Being Moderated

          Thank you for that andrc! Yes, I 've seen the relevant info from NetApp's manuals. I 've set it up now and it's working sweet. Thanx for your help once again.

          • Re: Yet another NFS permission denied
            mijohnst Novice
            Currently Being Moderated

            How about setting up the permissions the other way?  For instance, I want and NTFS qtree with Likewise Open so that permissions can be set from the Windows side.  I've been trying it and gotten support involved, but nobody seems to know what to make it work.  The windows side works perfect but when I try to access a qtree from from an mount NFS share I see the following message:

             

            Thu Jun 27 11:00:50 CDT [netapp1a:auth.trace.authenticateUser.loginTraceMag:info]: Auth: Error in passwd look up of uid 1851786435 during login from 10.10.10.123

             


            So it's not liking the UID that Likewise is providing it.  Are there options that need to be set to make it work?  If I accidentally figure it out I'll come back and post it here.

More Like This

  • Retrieving data ...

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points