NFS access denied due to invalid name mapping after upgrading to ONTAP 9.12.1+
Applies to
- ONTAP 9.12.1 and later
- NFS
- CIFS Local Users and Groups
Issue
- After upgrading to ONTAP 9.12.1 and later user is denied access when mounting or accessing a directory that was previously accessible
- Security trace indicates:
Access is denied because the UNIX user could not be mapped to a valid NT user while reading the user's access rights on an object.
- One of the volumes in the path to the target volume is NTFS security style, this may include the root volume
::> vol show -vserver svm1 -volume svm1_root -fields security-style
vserver volume security-style
------------- ------------------ --------------
svm1 svm1_root ntfs
- The Unix account that is being denied access is explicitly mapped to a local Windows account
::> vserver name-mapping show -vserver svm1 -direction unix-win
Vserver: svm1
Direction: unix-win
Position Hostname IP Address/Mask
-------- ---------------- ----------------
1 - - Pattern: root
Replacement: SVM1\\Administrator
-
The local account is disabled, this is the default for the preconfigured CIFS local-user "Administrator"
::> local-user show -fields is-account-disabled
(vserver cifs users-and-groups local-user show)
vserver user-name is-account-disabled
------------- ------------------- -------------------
svm1 SVM1\Administrator true