Verify that domain accounts map to the default UNIX user in ONTAP
Suggest changes
PDFs
Hyper-V and SQL Server use domain accounts to create SMB connections to continuously available shares. To successfully create the connection, the computer account must successfully map to a UNIX user. The most convenient way to accomplish this is to map the computer account to the default UNIX user.
Hyper-V and SQL Server use the domain computer accounts to create SMB connections. In addition, SQL Server uses a domain user account as the service account that also makes SMB connections.
When you create a storage virtual machine (SVM), ONTAP automatically creates the default user named pcuser (with a UID of 65534) and the group named pcuser (with a GID of 65534), and adds the default user to the pcuser group. If you are configuring a Hyper-V over SMB solution on anSVM that existed prior to upgrading the cluster to Data ONTAP 8.2, the default user and group might not exist. If they do not, you must create them before configuring the CIFS server's default UNIX user.
-
Determine whether there is a default UNIX user:
vserver cifs options show -vserver <vserver_name> -
If the default user option is not set, determine whether there is a UNIX user that can be designated as the default UNIX user:
vserver services unix-user show -vserver <vserver_name> -
If the default user option is not set and there is not a UNIX user that can be designated as the default UNIX user, create the default group and the default UNIX user, and add the default user to the group.
Generally, the default user is given the user name "pcuser" and must be assigned the UID of
65534. The default group is generally given the group name "pcuser". The GID assigned to the group must be65534.-
Create the default group:
vserver services unix-group create -vserver <vserver_name> -name pcuser -id 65534 -
Create the default user and add the default user to the default group:
vserver services unix-user create -vserver <vserver_name> -user pcuser -id 65534 -primary-gid 65534 -
Verify that the default user and default group are configured correctly:
vserver services unix-user show -vserver <vserver_name>vserver services unix-group show -vserver <vserver_name> -members
-
-
If the CIFS server's default user is not configured, perform the following:
-
Configure the default user:
vserver cifs options modify -vserver <vserver_name> -default-unix-user pcuser -
Verify that the default UNIX user is configured correctly:
vserver cifs options show -vserver <vserver_name>
-
-
To verify that the application server's computer account correctly maps to the default user, map a drive to a share residing on the SVM and confirm the Windows user to UNIX user mapping by using the
vserver cifs session showcommand.Learn more about
vserver cifs optionsin the ONTAP command reference.
The following commands determine that the CIFS server's default user is not set, but determines that the pcuser user and pcuser group exist. The pcuser user is assigned as the CIFS server's default user on SVM vs1.
cluster1::> vserver cifs options show
Vserver: vs1
Client Session Timeout : 900
Default Unix Group : -
Default Unix User : -
Guest Unix User : -
Read Grants Exec : disabled
Read Only Delete : disabled
WINS Servers : -
cluster1::> vserver services unix-user show
User User Group Full
Vserver Name ID ID Name
--------- --------------- ------ ------ ----------------
vs1 nobody 65535 65535 -
vs1 pcuser 65534 65534 -
vs1 root 0 1 -
cluster1::> vserver services unix-group show -members
Vserver Name ID
vs1 daemon 1
Users: -
vs1 nobody 65535
Users: -
vs1 pcuser 65534
Users: -
vs1 root 0
Users: -
cluster1::> vserver cifs options modify -vserver vs1 -default-unix-user pcuser
cluster1::> vserver cifs options show
Vserver: vs1
Client Session Timeout : 900
Default Unix Group : -
Default Unix User : pcuser
Guest Unix User : -
Read Grants Exec : disabled
Read Only Delete : disabled
WINS Servers : -