No UNIX user is mapped to the Win user
Applies to
ONTAP 9
Issue
- CIFS authentication due to no UNIX user being mapped to a valid windows user
- secd logs:
| [000.005.980] ERR : RESULT_ERROR_SECD_NAME_MAPPING_DOES_NOT_EXIST:6916 in secdGetUnixCredsForWindowsUser() at authentication/secd_rpc_auth.cpp:676
| [000.005.990] ERR : RESULT_ERROR_SECD_NAME_MAPPING_DOES_NOT_EXIST:6916 in secdLoadUnixCredsFromContext() at authentication/secd_rpc_auth.cpp:276
| [000.005.999] ERR : RESULT_ERROR_SECD_NAME_MAPPING_DOES_NOT_EXIST:6916 in secdLoadResponseFromContext() at authentication/secd_rpc_auth.cpp:396
| [000.006.009] ERR : RESULT_ERROR_SECD_NAME_MAPPING_DOES_NOT_EXIST:6916 in secd_rpc_auth_extended_1_svc() at authentication/secd_rpc_auth.cpp:761
| [000.006.020] debug: SecD RPC Server sending reply to RPC 151: secd_rpc_auth_extended { in secdSendRpcResponse() at server/secd_rpc_server.cpp:1405 }
| [000.006.232] ERR : RESULT_ERROR_SECD_NAME_MAPPING_DOES_NOT_EXIST:6916 in getFailureCode() at utils/secd_thread_task_journal.cpp:292
| [000.006.262] ERR : Error: User authentication procedure failed
| [000.006.268] ERR : [ 5] User 'CIFSLABAdministrator' authenticated using NTLMv2 security
| [000.006.273] ERR : [ 5] Trying to map 'CIFSLABAdministrator' to UNIX user 'administrator' using implicit mapping
| [000.006.279] ERR : [ 5] Name 'administrator' not found in UNIX authorization source LOCAL
| [000.006.284] ERR : [ 5] Could not get an ID for name 'administrator' using any NS-SWITCH authorization source
| [000.006.289] ERR : [ 5] Trying to map user to the default UNIX name 'none'
| [000.006.295] ERR : [ 5] Name 'none' not found in UNIX authorization source LOCAL
| [000.006.300] ERR : [ 5] Could not get an ID for name 'none' using any NS-SWITCH authorization source
| [000.006.306] ERR : **[ 5] FAILURE: Unable to map Windows user 'CIFSLABAdministrator' to appropriate UNIX user
Note: Implicit mapping returns not found
, default user mapping returns not found
, hence user mapping fails, indicating user mapping is not configured.
- No name mapping rule matches CIFSLABAdministrator
::> vserver name-mapping show
Vserver Direction Position
-------------- --------- --------
vserver2 win-unix 1 Pattern: cifslab\\Administrator
Replacement: root
vserver2 win-unix 2 Pattern: NFSQA-CIFS\\Administrator
Replacement: root
vserver2 win-unix 3 Pattern: NFSQA\\Administrator
Replacement: root
vserver2 unix-win 1 Pattern: root
Replacement: cifslab\\Administrator
4 entries were displayed.
- Default unix user not configured
::> cifs options show -vserver vserver1 Vserver: vserver1 Default UNIX User: none Read Grants Exec for Mode Bits: disabled Windows Internet Name Service (WINS) Addresses: 172.17.152.42
Default UNIX Group: