跳转到主内容

在升级到NFS.12.1+后、由于名称映射无效、ONTAP 9访问被拒绝

  1. 最后更新
  2. 另存为PDF
Views:
19
Visibility:
Public
Votes:
1
Category:
ontap-9
Specialty:
nas
Last Updated:

适用场景

  • ONTAP 9 .12.1及更高版本
  • NFS访问(NTFS sec模式的卷)、CIFS访问(NTFS或Unix sec模式)
  • CIFS 本地用户和组

问题描述

  • 升级到ONTAP 9.12.1及更高版本后,挂载或访问 以前可访问的目录时,用户将被拒绝访问
  • 安全跟踪表示:

Access is denied because the UNIX user could not be mapped to a valid NT user while reading the user's access rights on an object.

  • 目标卷路径中的一个卷采用NTFS安全模式、其中可能包括根卷

::> vol show -vserver svm1 -volume svm1_root -fields security-style
vserver     volume        security-style
------------- ------------------ --------------
svm1          svm1_root          ntfs
​​​​​

  • 被拒绝访问的Unix帐户会显式映射到本地Windows帐户

::> vserver name-mapping show -vserver svm1 -direction unix-win
Vserver:   svm1
Direction: unix-win
Position Hostname      IP Address/Mask
-------- ---------------- ----------------
1     -          -           Pattern: root
                      Replacement: SVM1\\Administrator

  • 本地帐户 已禁用、这是预配置的CIFS本地用户"Administrator (管理员)"的默认帐户

::> local-user show -fields is-account-disabled
  (vserver cifs users-and-groups local-user show)
vserver       user-name           is-account-disabled
------------- ------------------- -------------------
svm1          SVM1\Administrator true

  • EMS日志:

    secd.nfsAuth.noCifsCred:error]: vserver (SVM) NFS authorization cannot retrieve CIFS credentials.
    Error: Get user credentials procedure failed
    [  0 ms] Determined UNIX id 0 is UNIX user 'root'
    [     0] UNIX user 'root' mapped to Windows user 'SVM\administrator'
    [     0] Using cached 'SVM\administrator' SID mapping. **
    [     0] FAILURE: Account is disabled for local user 'Administrator'
    [     0] Could not get credentials for Windows user 'administrator' or SID 'S-1-5-21-xxxxx'

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.