Why can authentication show-creds not be used for NFS user credentials?
Applies to
- ONTAP 9
- CIFS
- NFS
Answer
-
authentication show-creds
will fail if CIFS is not configured as it requires both Unix and Windows parts of the credentials due to namemapping
Example:
cluster1::*> vserver services access-check authentication show-creds -node cluster1-01 -vserver svm1 -unix-user-name root
Vserver: svm1 (internal ID: 6)
Error: Get user credentials procedure failed
[ 0 ms] Determined UNIX id 12345 is UNIX user 'userx'
[ 0] Trying to map 'userx' to Windows user 'userx' using
implicit mapping
[ 0] Could not find Windows name 'userx'
[ 0] Unable to map 'userx'. No default Windows user defined.
**[ 0] FAILURE: Name mapping for UNIX user 'userx' failed. No
** mapping found
Error: command failed: Failed to get user credentials. Reason: "SecD Error: Name mapping does not exist".
- To check unix user credentials:
- If only unix security style volumes or qtrees configured, and no need for CIFS:
authentication show-creds
is not useful - If mixed or ntfs security style volumes or qtrees configured, and cannot set up CIFS: convert volume and/or qtree to unix security style
- Otherwise, set up CIFS
Additional Information
qtree show
displays security styles of volumes or qtrees- What the security styles and their effects are