Unix root 用户无法访问 ONTAP 9 中的 NTFS 卷,因为"UNIX 用户 'root' 的名称映射失败"
适用于
- ONTAP 9
- Amazon FSx for NetApp ONTAP
- NTFS 安全模式
- NFS
问题描述
此问题可以以多种方式表现:
- 当 NFS 客户端尝试以 root (UID 0) 用户身份访问 NTFS 卷时,他们可能会被拒绝访问/权限被拒绝
示例 for secd authentication show-creds
Error: Get user credentials procedure failed [ 0 ms] Determined UNIX id 0 is UNIX user 'root' [ 0] Trying to map 'root' to Windows user 'root' using implicit mapping [ 1] Using a cached connection to domain.local [ 2] Could not find Windows name 'root' **[ 2] FAILURE: Name mapping for UNIX user 'root' failed with transient errors.
示例:
Error: Get user credentials procedure failed
[ 2018] Determined UNIX id 0 is UNIX user 'root'
[ 2018] Mapping Successful for Unix-user 'root' to Windows user '<username>' at position 1
[ 2750] Hostname found in Name Service Cache
[ 2754] Successfully connected to ip <IP>, port 445 using TCP
[ 2761] Successfully connected to ip <IP>, port 88 using TCP
[ 2770] Successfully authenticated with DC <DC>
[ 2793] Could not find Windows name '<AD>\<username>'
[ 2793] FAILURE: Name mapping for UNIX user 'root' failed. Explicit Mapping failed and no default mapping found
- Sectrace 确认:
Node Index Filter Details Reason --------------- ----- -------------------------- ------------------------------ LDSNASPA6-01 1 Security Style: NTFS and Access is denied because the NT ACL UNIX user could not be mapped to a valid NT user while reading the user's access rights on an object.
- 如果 SVM 的根卷是 NTFS 并且 NFS 客户端正在访问 SVM 下的 UNIX 卷,则它们可能会被拒绝访问