事件消息：secd.nfsAuth.noNameMap

最后更新
另存为PDF

Views:: 62

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: nas<a>NAS</a><a>1005658</a>

Last Updated:

状态信息

适用场景

ONTAP 9.
NFS

问题描述

secd: secd.nfsAuth.noNameMap:warning 系统将为一个或多个Vserver记录此错误：

Wed Dec 14 03:21:19 EST [cluster1-01: secd: secd.nfsAuth.noNameMap:warning]: vserver (nas_vserver) Cannot map UNIX name to CIFS name. Error: Get user credentials procedure failed [ 0 ms] Determined UNIX id 0 is UNIX user 'root' [ 1] Using a cached connection to dc01.us.example.com [ 3] Trying to map 'root' to Windows user 'root' using implicit mapping [ 5] Successfully connected to 10.1.1.X:445 using TCP [ 20] Successfully connected to 10.1.1.Y:88 using TCP [ 27] Successfully authenticated with DC dc02.us.example.com [ 32] Could not find Windows name 'root' [ 32] Unable to map 'root'. No default Windows user defined. **[ 32] FAILURE: Name mapping for UNIX user 'root' failed. No mapping found

UID is 可以转换(UID 0转换为用户名：root)
在NFS客户端请求中、不能将UNIX用户名映射到Windows/CCIFS用户名
当NFS客户端访问采用NTFS安全模式的卷(或qtree)时、通常会出现此问题。

确保已配置适当的UNIX至Windows名称映射规则。如果未配置，我们可以为被拒绝访问的ID创建显式的UNIX－win名称映射－下面的操作计划－
- 要解决此错误、您需要映射此错误中列出的任何UID。
- 为此、您需要为每个用户配置一个本地名称映射： vserver name-Mapping create -vserver <vserver>-direction UNIX-win -position <int>-mode-pcuser -redirection <domain\user>
- 此外、请确保要映射到的AD用户具有访问NTFS安全模式数据的正确权限。

检查当前名称映射以验证受影响用户是否具有名称映射：

::> set d -c off;diag secd name-mapping show -node <node> -vserver <vserver> -direction unix-win -name root;set admin

示例

::*> diag secd name-mapping show -node node1 -vserver vserver -direction unix-win -name root

Vserver: vserver (internal ID: 14)

Error: RPC map name request procedure failed [ 0 ms] Trying to map 'root' to Windows user 'root' using implicit mapping [ 1] Using a cached connection to dc1.domain.local [ 2] Encountered unknown NT Error (0x103) for SMB command Read [ 8] Could not find Windows name 'root' [ 8] Unable to map 'root'. No default Windows user defined. **[ 8] FAILURE: Name mapping for UNIX user 'root' failed. No ** mapping found

Error: command failed: Failed to find mapping for the user. Reason: "SecD Error: Name mapping does not exist".

有关详细信息，请参阅如何验证名称映射是否按预期工作。
要查找NFS请求的源IP地址、请按相同的时间戳检查消息中列出的节点的SECD日志

示例：: [ 85] Unable to map '0'. No default Windows user defined. **[ 85] FAILURE: Name mapping for UNIX user '0' failed. No mapping found Details: debug: Worker Thread 12345678901 processing RPC 153:secd_rpc_auth_get_creds with request ID:12345 which sat in the queue for 0 seconds. { in run() at src/server/secd_rpc_server.cpp:2306 } debug: Client IP as found in the request: 10.1.1.2 { in secd_rpc_auth_get_creds_1_svc() at src/authorization/secd _rpc_authorization.cpp:1443 }

确定如何配置名称映射：

::> vserver services name-service ns-switch show -vserver <vserver> -database namemap

示例

vserver services name-service ns-switch show -vserver vserver -database namemap

Vserver: vserver Name Service Switch Database: namemap Name Service Source Order: files

根据源顺序中的内容、从上一步的输出中检查适用的名称映射：
对于文件、运行 ::> vserver name-mapping show -vserver <verver> -direction unix-win
- 查看要映射的UNIX用户条目的输出。

此外、 Unix用户名不应与AD中的用户名相同