Skip to main content
NetApp Knowledge Base

NFS client gets permission denied error because mapped Windows user fail to authenticate

  1. Last updated
  2. Save as PDF
Views:
173
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

Issue

  • Users able to mount volume/qtree on linux client using NFSv3.
  • But when they run "cd" or "ls" command, it failed with permission denied error:
ls -al /mnt/folder/
ls: cannot open directory /mnt/folder/: Permission denied
  • This is NTFS security style volume.
  • Name mapping exist for unix user:
vserver name-mapping show -vserver svm1
Vserver:   svm1
Direction: unix-win
Position Hostname         IP Address/Mask
-------- ---------------- ----------------
1       -                 -                   Pattern: user1
                                          Replacement: domain\\user1
 
  • Mapped windows user not able to authenticate and fail with below error:
cluster::*> diag secd authentication show-creds -node node1 -vserver svm1 -win-name domain\user1
Vserver: svm1 (internal ID: 3)
Error: Get user credentials procedure failed
  ...
  [ 11817] Unable to SASL bind to LDAP server using GSSAPI: Local
           error
  [ 11877] Could not authenticate as
           'svm1$@domain.com': Invalid Credentials
           (KRB5KDC_ERR_PREAUTH_FAILED).
  [ 11880] Unable to connect to LDAP (Active Directory) service on
           dc1.domain.com (Error: Local error)
  .....
  .........
  [ 12003] Unable to SASL bind to LDAP server using GSSAPI: Local
           error
  ....
  ........
  [ 12051] No servers available for MS_LDAP_AD, vserver: 3, domain:
           domain.com.
  [ 12051] Could not get credentials via LDAP for Windows user
           'user1' based on SID
           'S-x-x-xx-xxxxxxx-xxxxxxxx-xxxxxxxx-xxxxx'
  [ 12051] Could not get credentials for Windows user
           'user1' or SID
           'S-x-x-xx-xxxxxxx-xxxxxxxx-xxxxxxxx-xxxxx'
Error: command failed: Failed to get user credentials. Reason: "SecD Error: no server available".
  • secd log show below error:

0000002c.000f83fe 004d0118 Fri May 31 2024 09:36:12 +00:00 [kern_secd:info:10882] | [006.038.331]  debug:  Connection timed out after 2 second(s)  { in _connect() at src/connection_manager/secd_connection_shim.cpp:494 }
0000002c.000f83ff 004d0118 Fri May 31 2024 09:36:12 +00:00 [kern_secd:info:10882] | [006.038.357]  info :  TCP connection to ip 10.xx.xx.10, port 88 failed: Operation timed out. { in _connect() at src/connection_manager/secd_connection_shim.cp

  • This is also applicable to trusted domain

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.