Skip to main content
NetApp Knowledge Base

ONTAP 9.6+: NFS access to NTFS security volume fails with NIS in NS-SWITCH but not configured

Views:
908
Visibility:
Public
Votes:
0
Category:
not set
Specialty:
NAS
Last Updated:

Applies to

ONTAP 9.6+

Issue

  • NFS access to NTFS security volume fails name-mapping with unknown UID although the unix UID is known
  • Example ems journal 
    • secd.nfsAuth.noNameMap: vserver (vserver) Cannot map UNIX name to CIFS name. Error: Get user credentials procedure failed 
    • [ 11] Mapping an unknown UID to default windows user
    • [ 11] Unable to map '123'. No default Windows user defined.
    • **[ 11] FAILURE: Name mapping for UNIX user '123' failed. No mapping found
  • Example secd journal showing transient NIS error resulting from NIS in NS-SWITCH but NIS not configured
    • ERR  :  Configuration for NIS is disabled/not found { in SecdCbNsJournal() at src/utils/secd_ns_utils.cpp:91 }
      info :  Source: NIS unavailable. Entry for user-id:123 not found in any of the available sources { in SecdCbNsJournal() at src/utils/secd_ns_utils.cpp:95 }
      debug:  nswrapper::getpwuid_r() returned error code=2, files_err=5, nis_err=19, ldap_err=5, dns_err=0  { in getUserInfoViaLibC() at src/utils/secd_ns_utils.cpp:448 }
      ERR  :  nswrapper::getpwuid_r() has a transient error  { in getUserInfoViaLibC() at src/utils/secd_ns_utils.cpp:454 }
      ERR  :  RESULT_ERROR_SECD_LIBC_TRANSIENT_ERROR:7035 in getUserInfoViaLibC() at src/utils/secd_ns_utils.cpp:455
      ERR  :  RESULT_ERROR_SECD_LIBC_TRANSIENT_ERROR:7035 in _getUserPasswdInfo() at src/authorization/secd_unix_authorization.cpp:738
      ERR  :  RESULT_ERROR_SECD_LIBC_TRANSIENT_ERROR:7035 in _getUserInfo() at src/authorization/secd_unix_authorization.cpp:485
      ERR  :  RESULT_ERROR_SECD_LIBC_TRANSIENT_ERROR:7035 in getCredsFromUserIdViaLibc() at src/authorization/secd_unix_authorization.cpp:112

      debug:  Logged secd.nfsAuth.noNameMap to EMS  { in logEmsEventWithJournalForNfsAuthError() at src/utils/secd_ems_utils.cpp:1236 }
  • NS switch configured database group and/or passwd with NIS
    • ::> vserver services ns-switch show -vserver vserver1
                                     Source
      Vserver         Database       Order
      --------------- ------------   ---------
      vserver1        hosts          files,
                                     dns
      vserver1        group          files,
                                     nis
      vserver1        passwd         files,
                                     nis
      vserver1        netgroup       files
      vserver1        namemap        files
  • NIS not configured example
    • ::> vserver services nis-domain show -vserver vserver1
      There are no entries matching your query.

       
  • Local unix user configured example
    • ::> vserver services unix-user show -vserver vserver -id 123
                     User            User   Group  Full
      Vserver        Name            ID     ID     Name
      -------------- --------------- ------ ------ --------------------------------
      vserver1       root            123    123
  • No local unix group configured example
  • ::> vserver services unix-Group  show -vserver vserver1 -id 123
    There are no entries matching your query.

     

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.