Skip to main content
NetApp Knowledge Base

Unable to access CIFS due to deny rule present in ACE list

  1. Last updated
  2. Save as PDF
Views:
199
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
nas
Last Updated:

Applies to

  • ONTAP 9 and later
  • CIFS

Issue

  • Users are able to access the storage via windows and same volume is not accessible from unix using CIFS.
  • Sectrace show below error:
vserver1   5     Security Style: NTFS and        Access is denied. The
                      NT ACL                     requested permissions are not
                                                 granted by the ACE while
                                                 opening existing file or
                                                 directory. Access is not
                                                 granted for: "Read
                                                 Attributes", "Read"
                      Protocol: cifs
                      Volume: -
                      Share: share1
                      Path: /vol/file
                      Win-User: nas\user1
                      UNIX-User: pcuser
                      Session-ID: 17159277530640102807
  • Permission denied error from client:
root@host1 ls -la 
ls: reading directory '.': Permission denied
  • Deny ACE rule added in the list:
::> vserver security file-directory show -vserver vserver1 -path /vol/file
         Vserver: vserver1
              File Path: /vol/file
      File Inode Number: 57936462
         Security Style: ntfs
        Effective Style: ntfs
         DOS Attributes: 10
 DOS Attributes in Text: ----D---
Expanded Dos Attributes: -
           UNIX User Id: 0
          UNIX Group Id: 1
         UNIX Mode Bits: 777
 UNIX Mode Bits in Text: rwxrwxrwx
                   ACLs: NTFS Security Descriptor
                         Control:0xbf14
                         Owner:BUILTIN\administrators
                         Group:AMAT\Domain Users
                         DACL - ACEs
                           ALLOW-BUILTIN\administrators-0x1f01ff-OI|CI
                           ALLOW-nas\user1-0x10000
                           ALLOW-NT AUTHORITY\SYSTEM-0x1f01ff-OI|CI
                           DENY-nas\user1-CHANGE-0x10000

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.