Skip to main content

Handle NFS access to NTFS volumes or qtrees for unknown UNIX users

Contributors netapp-thomi netapp-aherbin

If ONTAP cannot identify UNIX users attempting to connect to volumes or qtrees with NTFS security style, it therefore cannot explicitly map the user to a Windows user. You can configure ONTAP to either deny access to such users for stricter security or map them to a default Windows user to ensure a minimum level of access for all users.

What you'll need

A default Windows user must be configured if you want to enable this option.

About this task

If a UNIX user tries to access volumes or qtrees with NTFS security style, the UNIX user must first be mapped to a Windows user so that ONTAP can properly evaluate the NTFS permissions. However, if ONTAP cannot look up the name of the UNIX user in the configured user information name service sources, it cannot explicitly map the UNIX user to a specific Windows user. You can decide how to handle such unknown UNIX users in the following ways:

  • Deny access to unknown UNIX users.

    This enforces stricter security by requiring explicit mapping for all UNIX users to gain access to NTFS volumes or qtrees.

  • Map unknown UNIX users to a default Windows user.

    This provides less security but more convenience by ensuring that all users get a minimum level of access to NTFS volumes or qtrees through a default Windows user.

Steps
  1. Set the privilege level to advanced:

    set -privilege advanced

  2. Perform one of the following actions:

    If you want the default Windows user for unknown UNIX users…​

    Enter the command…​

    Enabled

    vserver nfs modify -vserver vserver_name -map-unknown-uid-to-default-windows-user enabled

    Disabled

    vserver nfs modify -vserver vserver_name -map-unknown-uid-to-default-windows-user disabled

  3. Return to the admin privilege level:

    set -privilege admin