Unix root user is unable to access NTFS volume in ONTAP 9
Applies to
- ONTAP 9
- Amazon FSx for NetApp ONTAP
- NTFS security style
- NFS
Issue
This issue can manifest in multiple ways:
- When an NFS client attempts to access an NTFS volume as root (UID 0) user, they may get access denied/permission denied
Example for secd authentication show-creds
Error: Get user credentials procedure failed [ 0 ms] Determined UNIX id 0 is UNIX user 'root' [ 0] Trying to map 'root' to Windows user 'root' using implicit mapping [ 1] Using a cached connection to domain.local [ 2] Could not find Windows name 'root' **[ 2] FAILURE: Name mapping for UNIX user 'root' failed with transient errors.
Example:
Error: Get user credentials procedure failed
[ 2018] Determined UNIX id 0 is UNIX user 'root'
[ 2018] Mapping Successful for Unix-user 'root' to Windows user '<username>' at position 1
[ 2750] Hostname found in Name Service Cache
[ 2754] Successfully connected to ip <IP>, port 445 using TCP
[ 2761] Successfully connected to ip <IP>, port 88 using TCP
[ 2770] Successfully authenticated with DC <DC>
[ 2793] Could not find Windows name '<AD>\<username>'
[ 2793] FAILURE: Name mapping for UNIX user 'root' failed. Explicit Mapping failed and no default mapping found
- Sectrace confirms:
Node Index Filter Details Reason
--------------- ----- -------------------------- ------------------------------
LDSNASPA6-01 1 Security Style: NTFS and Access is denied because the
NT ACL UNIX user could not be mapped
to a valid NT user while
reading the user's access
rights on an object.
- If the SVM's root volume is NTFS and an NFS client is accessing a UNIX volume under the SVM, they may get access denied
