Event message: secd.nfsAuth.noNameMap
Applies to
- ONTAP 9
- NFS
Issue
- The error
secd: secd.nfsAuth.noNameMap:warningwill be logged for one or more Vservers:
Wed Dec 14 03:21:19 EST [cluster1-01: secd: secd.nfsAuth.noNameMap:warning]: vserver (nas_vserver) Cannot map UNIX name to CIFS name. Error: Get user credentials procedure failed
[ 0 ms] Determined UNIX id 0 is UNIX user 'root'
[ 1] Using a cached connection to dc01.us.example.com
[ 3] Trying to map 'root' to Windows user 'root' using implicit mapping
[ 5] Successfully connected to 10.1.1.X:445 using TCP
[ 20] Successfully connected to 10.1.1.Y:88 using TCP
[ 27] Successfully authenticated with DC dc02.us.example.com
[ 32] Could not find Windows name 'root'
[ 32] Unable to map 'root'. No default Windows user defined.
**[ 32] FAILURE: Name mapping for UNIX user 'root' failed. No mapping found
- The UID is able to be translated (UID 0 translates to Username: root)
- The UNIX username cannot be mapped to a Windows/CIFS username as part of an NFS client request
- Commonly seen when NFS clients are accessing a volume (or qtree) with an NTFS security style.
- Ensure appropriate UNIX-to-Windows name mapping rule is configured. In case , it is not configure, we can create Explicit unix-win name mappings for the UIDs that are being denied access – action plan below-
- To resolve the error, you will need to map any UID listed in the error.
- For this, you will need to configure a local name mapping for each user: vserver name-mapping create -vserver <vserver> -direction unix-win -position <int> -pattern pcuser -replacement <domain\user>
- Also, ensure that the AD user you’re mapping to has the correct permissions to access the NTFS security style data.
- Inspect current name mapping to validate if the impacted user has a name mapping:
::> set d -c off;diag secd name-mapping show -node <node> -vserver <vserver> -direction unix-win -name root;set admin
- Example
-
::*> diag secd name-mapping show -node node1 -vserver vserver -direction unix-win -name rootVserver: vserver (internal ID: 14)Error: RPC map name request procedure failed
[ 0 ms] Trying to map 'root' to Windows user 'root' using
implicit mapping
[ 1] Using a cached connection to dc1.domain.local
[ 2] Encountered unknown NT Error (0x103) for SMB command Read
[ 8] Could not find Windows name 'root'
[ 8] Unable to map 'root'. No default Windows user defined.
**[ 8] FAILURE: Name mapping for UNIX user 'root' failed. No
** mapping foundError: command failed: Failed to find mapping for the user. Reason: "SecD Error: Name mapping does not exist".
- For more information, see How to verify the name-mapping is working as intended.
- To find the source IP address of the NFS request, check the SECD log of the node listed in the message at the same timestamp
- Example:
[ 85] Unable to map '0'. No default Windows user defined.
**[ 85] FAILURE: Name mapping for UNIX user '0' failed. No mapping found
Details:
debug: Worker Thread 12345678901 processing RPC 153:secd_rpc_auth_get_creds with request ID:12345 which sat in the queue for 0 seconds. { in run() at src/server/secd_rpc_server.cpp:2306 }
debug: Client IP as found in the request: 10.1.1.2 { in secd_rpc_auth_get_creds_1_svc() at src/authorization/secd _rpc_authorization.cpp:1443 }
- Determine how name mapping is configured:
::> vserver services name-service ns-switch show -vserver <vserver> -database namemap
- Example
-
vserver services name-service ns-switch show -vserver vserver -database namemapVserver: vserver
Name Service Switch Database: namemap
Name Service Source Order: files
- Based on what is in the source order, from the output in the previous step, check for applicable name mapping:
-
For Files, run
::> vserver name-mapping show -vserver <verver> -direction unix-win-
Review output for an entry for the UNIX user that is being mapped.
-
- Additionally, Unix username should not be the same as the username in AD