Hi,
IHAC that has a CIFS volume (NTFS security style) and would like to make this volume available to Red Hat 7 and 8 clients. Linux clients currently authenticate against Active Directory. The export policy has been configured to let all hosts mount. CIFS share and volume permissions - Everyone/Full Control
The RH client has mounted the export and export-policy check-access passed:
cluster::*> export-policy check-access -vserver datasvm -volume cifs_testing -client-ip 10.11.109.18 -authentication-method krb5 -protocol nfs3 -access-type read-write
Policy Policy Rule
Path Policy Owner Owner Type Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/ default datasvm_root volume 1 read
/cifs_testing cifs_test cifs_testing volume 1 read-write
cluster::*> export-policy check-access -vserver datasvm -volume cifs_testing -client-ip 10.11.109.18 -authentication-method sys -protocol nfs3 -access-type read-write
Policy Policy Rule
Path Policy Owner Owner Type Index Access
----------------------------- ---------- --------- ---------- ------ ----------
/ default datasvm_root volume 1 read
/cifs_testing cifs_test cifs_testing volume 1 read-write
Name mapping seems to be OK by shortname:
cluster::*> secd name-mapping show -node cluster-03 -vserver svmcifsnfs -direction unix-win -name fflinstone
'fflinstone' maps to 'DOMAIN01A\fflinstone'
But seems to be a bit off when specifying Domain\account:
cluster::*> secd name-mapping show -node cluster-03 -vserver svmcifsnfs -direction unix-win -nameDOMAIN01A\fflinstone
'DOMAIN01A\fflinstone' maps to 'DOMAIN01A\fflinstone'
How should I be thinking about this? I'm not clear on how this architecture should be.
How should RedHat clients access NTFS volumes via nfs when the usernames are managed by AD? Since RH clients auth against AD, I don't see how username mapping should come into play, but if the name maps back to itself, shouldn't that work?