当用户域组范围为域本地时、CIFS访问被拒绝
适用场景
- ONTAP 9
- Active Directory安全组
问题描述
- 用户无法访问 CIFS共享
- Vserver已加入域DOMB 、 受信任域为DOMA
- 在共享权限中配置域用户组
- 如果用户属于DOMA、则无法为该用户授予安全组信息
- 以下是配置CIFS的示例
#可信 域A域:域A
。本地
用户:用户A
组:testgroupa (组范围为域本地)
#域B
域:域B。本地
用户:用户B
组:testgroupb (组范围是域本地)
#CIFS NetApp(由于权限拒绝而无法登录CIFS共享)
CIFS服务器:testcifs加入域:DomainB.Local共享:
cifsshare权限:
DomainA\ttestgroupa.
LAB_NA::*> secd authentication show-creds -node LAB_NA-01 -vserver testcifs -win-name domainA\usera
UNIX UID: pcuser <> Windows User: domainA\usera (Windows Domain User)
GID: pcuser
Supplementary GIDs:
pcuser
Primary Group SID: DomainA\Domain Users (Windows Domain group)
Windows Membership: >>> usera cannot be granted security group.
LEOLAB\Domain Users (Windows Domain group)
(Windows Well known group)
NT AUTHORITY\ (Windows Well known group)
User is also a member of Everyone, Authenticated Users, and Network Users
Privileges (0x2000):
SeChangeNotifyPrivilege