跳转到主内容

当用户域组范围为域本地时、CIFS访问被拒绝

Views:
9
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs<a>2009年173486</a><a>用于翻译</a>
Last Updated:

适用场景

  • ONTAP 9
  • Active Directory安全组

问题描述

  • 用户无法访问CIFS共享
  • Vserver已加入域DOMB、受信任域为DOMA
  • 使用共享权限配置域用户组
  • 如果用户属于DOMA、则不能为其授予安全组信息
  • 以下是配置CIFS的示例

#可信 域A
域:DomainA.Local
用户:用户A
组:testgroupa (组范围为域本地)

#Domain B
Domain:DomainB.Local
User:UserB
Group:testgroupb (组范围为域本地)

#NetApp CIFS(由于权限拒绝而无法登录CIFS共享)
CIFS服务器:testcifs
join Domain:DomainB.Local
Share:cifsshare
permission:DomainA\testgrouppa

LAB_NA::*> secd authentication show-creds -node LAB_NA-01 -vserver testcifs -win-name domainA\usera

 UNIX UID: pcuser <> Windows User: domainA\usera (Windows Domain User)

 GID: pcuser
 Supplementary GIDs: 
  pcuser

 Primary Group SID: DomainA\Domain Users (Windows Domain group)

 Windows Membership: >>> usera cannot be granted security group.
  LEOLAB\Domain Users (Windows Domain group)
  (Windows Well known group)
  NT AUTHORITY\ (Windows Well known group)
 User is also a member of Everyone, Authenticated Users, and Network Users

 Privileges (0x2000):
  SeChangeNotifyPrivilege

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.