No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Quota tree access failed by Windows to Unix mapping user on 5500V3 storage

Publication Date:  2018-02-21 Views:  62 Downloads:  0
Issue Description

Storage version: V300R003C20SPC200

Fault symptom: Customer created quota tree and share by NFS protocol, he can mount the NFS share on Linux client, but when he access the directory, it always report "You don't have the permission".

Handling Process

1. Check the configuration, storage only joined AD domain controller, and customer created user mapping rules as below(AD->NIS). In this case, NFS user can get authentication for AD domain controller. 

2016-04-28 17:50:52    0x200F403E0019    Event    Informational    --    None    admin succeeded in creating a user mapping rule, including mapping type (1){0:Windows to UNIX;1:UNIX to Windows}, source user (*), target user (com\1), and mapping priority (10).
2016-04-28 17:50:20    0x200F403E0019    Event    Informational    --    None    admin succeeded in creating a user mapping rule, including mapping type (0){0:Windows to UNIX;1:UNIX to Windows}, source user (com\*), target user (\1), and mapping priority (10).
2016-04-18 15:47:24    0x200F403E0019    Event    Informational    --    None    admin succeeded in creating a user mapping rule, including mapping type (1){0:Windows to UNIX;1:UNIX to Windows}, source user (*), target user (big\1), and mapping priority (10).
2016-04-18 15:46:58    0x200F403E0019    Event    Informational    --    None    admin succeeded in creating a user mapping rule, including mapping type (0){0:Windows to UNIX;1:UNIX to Windows}, source user (big\*), target user (\1), and mapping priority (10).

As the event log, there're two user mapping rules with the same mapping priority, normally, with this configuration, only one user mapping rule is working. But confirmed with customer, the two domains (com and big) are trusted domains. So, the rules are both working.

2. Confirm with customer, he tried to access the NFS share by user "big/wen". In this case, we understand the problem is user mapping rule.

Root Cause

The user mapping rule "source user (*), target user (big\1)" means customer want to map users to "big" domain. But, in Unix OS like Linux, "\" is escape character, which means this user mapping is mapping users to domain group "1". So, user "big/wen" can't get permission from AD domain controller.  

Solution

1. Modify current user mapping rule, change "big\1" to "big\\1", also change "com\1" to "com\\1".

2. Clear user mapping cache in CLI command line.

1). Login CLI command line by admin account, change user mode to developer mode.

2). Execute command "clear identity_mapping cache controller=0A" and "clear identity_mapping cache controller=0B".

Note, if there're more than 2 controllers, like 6800V3, you need to clear other controllers.

END