当用户域组范围为域本地时、CIFS访问被拒绝
- Views:
- 14
- Visibility:
- Public
- Votes:
- 0
- Category:
- ontap-9
- Specialty:
- cifs<a>2009年173486</a><a>用于翻译</a>
- Last Updated:
适用场景
- ONTAP 9
- Active Directory安全组
问题描述
- 用户无法访问CIFS共享
- Vserver已加入域DOMB、受信任域为DOMA
- 使用共享权限配置域用户组
- 如果用户属于DOMA、则不能为其授予安全组信息
- 以下是配置CIFS的示例
#可信 域A
域:DomainA.Local
用户:用户A
组:testgroupa (组范围为域本地)
#Domain B
Domain:DomainB.Local
User:UserB
Group:testgroupb (组范围为域本地)
#NetApp CIFS(由于权限拒绝而无法登录CIFS共享)
CIFS服务器:testcifs
join Domain:DomainB.Local
Share:cifsshare
permission:DomainA\testgrouppa
LAB_NA::*> secd authentication show-creds -node LAB_NA-01 -vserver testcifs -win-name domainA\usera
UNIX UID: pcuser <> Windows User: domainA\usera (Windows Domain User)
GID: pcuser
Supplementary GIDs:
pcuser
Primary Group SID: DomainA\Domain Users (Windows Domain group)
Windows Membership: >>> usera cannot be granted security group.
LEOLAB\Domain Users (Windows Domain group)
(Windows Well known group)
NT AUTHORITY\ (Windows Well known group)
User is also a member of Everyone, Authenticated Users, and Network Users
Privileges (0x2000):
SeChangeNotifyPrivilege