Skip to main content
NetApp Knowledge Base

How does name-mapping work when NFS clients are accessing an NTFS security style resource?

Views:
758
Visibility:
Public
Votes:
1
Category:
not set
Specialty:
not set
Last Updated:
7/26/2024, 1:59:02 PM

Applies to

  • ONTAP 9
  • NTFS
  • NFS

Answer

Name resolution
  • The client will send the UID and GID(s) in the RPC header of the NFS operation.
  • ONTAP will attempt to resolve the UID and GID(s) to their respective names
  • This name resolution is performed via the sources defined in the ns-switch for passwd and group
    • ::> vserver services name-service ns-switch show -vserver SVM

Note: 

  • Name services are: files, ldap, nis
  • If 'files' is set, a unix-user must be created for each user on the SVM
    • ::> vserver services unix-user create -user tsmith -id 4219 -primary-gid 100 -full-name "Tom Smith" -vserver SVM01
Name mapping
  • After resolving names, ONTAP attempts to map the resulting name to a valid Windows user in the following order:
  1. Explicit name-mapping: ONTAP attempts to match the resolved UNIX user utilizing string comparison as per the explicit name-mapping 'unix-win' rules defined

::> vserver name-mapping show -vserver SVM01 -direction unix-win

  • If a rule is matched successfully, ONTAP attempts to lookup the mapped Windows user in Active Directory to retrieve the credentials for that user.

Note: It is an error if the Windows name is a group, but it will be silently ignored if a default user is configured.

  1. Implicit name-mapping: if no explicit rules are matched, ONTAP attempts mapping the UNIX user to a Windows user implicitly to retrieve the credentials by checking local CIFS users. If no match is found, Active Directory will be tried next.

Example: Filer will attempt to map UNIX user 'User01' to Windows user 'User01'.

  1. Default Windows User - if both methods above fail for any reason, ONTAP will map the UNIX user to the "Default Windows User", if set in the NFS server settings.

::> vserver nfs show -vserver SVM01 -fields default-win-user

Note: This option is blank by default

  • Access is granted or denied on the Windows credentials, because the volume is an NTFS security style.

 

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.