15 Replies Latest reply: Nov 11, 2013 11:29 AM by billshaffer RSS

Permission Denied - NFS Mount from linux host to Netapp Qtree/NFSExport w/ NTFS permissions

JLundfelt Sprinter
Currently Being Moderated

I have an issue with a NFS export on a controller with a NTFS qtree and NTFS permissions. What's weird is that I can mount the export from a linux host, and browse the directory tree, but only while logged in as root. If I login with any other account, I can mount, but not browse the export-

 

Client Error

[spice@irv-dev-ieapi1 ~]$ cd /mnt/Omniture

-bash: cd: /mnt/Omniture: Permission denied

 

fcstab / mounts

Works

  lv-gdc-san1b.prod.mycompany.com:/vol/Archive/PI/archive/export on /mnt/PIExport type nfs (rw,hard,intr,tcp,addr=10.20.96.101)

 

Doesn’t work

  irv-gdc-san1a.corp.mycompany.com:/vol/Archive/DA/Omniture on /mnt/Omniture type nfs (rw,hard,intr,tcp,addr=10.228.26.100)

 

  NetApp (irv-gdc-san1a)-

 

Qtree

Qtree         : DA

SecurityStyle : ntfs

Status        : normal

Volume        : Archive

Security      : ntfs

 

NFSExport

 

NetApp4.PNG

irv-gdc-san1a> wcc -u spice

Thu Nov  7 07:05:40 PST last message repeated 3 times

Thu Nov  7 07:05:42 PST [irv-gdc-san1a: auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: LSA lookup: Lookup of account "mycompany\#pcuser#" failed: STATUS_NONE_MAPPED (0xc0000073).

Mapped user not found

Thu Nov  7 07:05:42 PST [irv-gdc-san1a: auth.trace.authenticateUser.loginTraceMsg:info]: AUTH: LSA lookup: Located account "mycompany\pcuser" in domain "mycompany"..

 

irv-gdc-san1a> wcc -u pcuser

(NT - UNIX) account name(s):  (KBB\pcuser - pcuser)

        ***************

        UNIX uid = 65534

          NT membership

                KBB\pcuser

                KBB\KBBcomSP_ReadAccess

                KBB\CDM_ITFileShare

                KBB\WebBusAnalytics_Read_SP

                KBB\Domain Users

                KBB\CERTSVC_DCOM_ACCESS

                BUILTIN\Users

        User is also a member of Everyone, Network Users,

        Authenticated Users

        ***************

Usermap.cfg file-

 

#mycompany\"#pcuser" <= root

mycompany\"#pcuser" <= nz

mycompany\"#pcuser#" <= biadmin

mycompany\pcuser <= spice

#mycompany\"#pcuser#" <= *

 

I have tried every variation of syntax on the usermap.cfg file, and cannot get the configuration I need, for all unix users to get mapped to a windows account 'pcuser'. I have validated that account has permissions, and can get to that same location via CIFS from a windows system just fine. What's even more strange is that the mount that is working is going to a similar NetApp that doesn't even have any usermap.cfg, or passwd entries. Anyone have any thoughts on this? I definately don't want to change the qtree security style to Mixed or unix.

More Like This

  • Retrieving data ...

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points