Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Kneeal

5 Posts

1866

June 3rd, 2014 05:00

Multiprotocol Environment User mapping

We have a FS which is mounted with NATIVE access policy and supposed to be used for both Windows and Unix Clients. The Unix servers have been integrated with the Active directory using IdMU. We did some test wherein we exported the FS using both NFS and CIFS. The CIFS permissions have been set to a AD group created for DBA's. Similarly Unix permissions have been set to root as owner and the same AD group for DBA's. A user created a test file in Windows and was trying to access the same file from a Linux server. Eventhough he is able to read the file he is not able to edit the file. Also the Owner and the Group in Unix for this test file is showing a numeric ID i.e. UID and GID.

Is there a way that the files created on windows can be edited in Unix and Numeric UID's and GID's to display the username and the group name.?

umichklewis

3 Apprentice

 • 

1.2K Posts

June 4th, 2014 13:00

Because the filesystem is set to NATIVE access policy, the umask will give the owner Full access, but no write permissions to groups or others.  You can read a bit more about this in the EMC document, Managing a Multiprotocol Environment on VNX.

I'm assuming the Celerra is using the native CIFS Usermapper.  You can read more about it in the EMC document, Configuring UserMapper on VNX.  This covers a lot of information on how the VNX uses its internal Usermapper for handling Windows SIDs.

Basically, the first time a VNX sees a Windows SID, it will create a unique UNIX UID/GID in the Usermapper database.  This UID/GID combination is almost certainly different from the UID and GID on your Linux host, hence, the UNIX user cannot edit the file from a UNIX host. 

So, there might be several ways to solve your problem.  One way might to change the default umask by changing the VNX parameter, share.default.umask.  Another way, might be to investigate using the ntxmap.conf feature, if you had a limited set of UNIX users that needed access.  You can find more information about ntxmap in the document, Using NTXmap for CIFS User Mapping on VNX.

Let us know if that helps!

Karl

Was this post helpful?

View All

No Events found!

Top