Verify that domain accounts map to the default UNIX user

Contributors

Hyper-V and SQL Server use domain accounts to create SMB connections to continuously available shares. To successfully create the connection, the computer account must successfully map to a UNIX user. The most convenient way to accomplish this is to map the computer account to the default UNIX user.

About this task

Hyper-V and SQL Server use the domain computer accounts to create SMB connections. In addition, SQL Server uses a domain user account as the service account that also makes SMB connections.

When you create a storage virtual machine (SVM), ONTAP automatically creates the default user named “pcuser” (with a UID of 65534) and the group named “pcuser” (with a GID of 65534), and adds the default user to the “pcuser” group. If you are configuring a Hyper-V over SMB solution on anSVM that existed prior to upgrading the cluster to Data ONTAP 8.2, the default user and group might not exist. If they do not, you must create them before configuring the CIFS server’s default UNIX user.

Steps
  1. Determine whether there is a default UNIX user:

    vserver cifs options show -vserver vserver_name

  2. If the default user option is not set, determine whether there is a UNIX user that can be designated as the default UNIX user:

    vserver services unix-user show -vserver vserver_name

  3. If the default user option is not set and there is not a UNIX user that can be designated as the default UNIX user, create the default UNIX user and the default group, and add the default user to the group.

    Generally, the default user is given the user name “pcuser” and must be assigned the UID of 65534. The default group is generally given the group name “pcuser”. The GID assigned to the group must be 65534.

    1. Create the default group: + vserver services unix-group create -vserver vserver_name -name pcuser -id 65534

    2. Create the default user and add the default user to the default group: + vserver services unix-user create -vserver vserver_name -user pcuser -id 65534 -primary-gid 65534

    3. Verify that the default user and default group are configured correctly: + vserver services unix-user show -vserver vserver_name + vserver services unix-group show -vserver vserver_name -members

  4. If the CIFS server’s default user is not configured, perform the following:

    1. Configure the default user:

      vserver cifs options modify -vserver *vserver_name -default-unix-user pcuser*

    2. Verify that the default UNIX user is configured correctly:

      vserver cifs options show -vserver vserver_name

  5. To verify that the application server’s computer account correctly maps to the default user, map a drive to a share residing on the SVM and confirm the Windows user to UNIX user mapping by using the vserver cifs session show command.

    For more information about using this command, see the man pages.

Example

The following commands determine that the CIFS server’s default user is not set, but determines that the “pcuser” user and “pcuser” group exist. The “pcuser” user is assigned as the CIFS server’s default user on SVM vs1.

cluster1::> vserver cifs options show

Vserver: vs1

  Client Session Timeout : 900
  Default Unix Group     : -
  Default Unix User      : -
  Guest Unix User        : -
  Read Grants Exec       : disabled
  Read Only Delete       : disabled
  WINS Servers           : -



cluster1::> vserver services unix-user show
          User            User   Group  Full
Vserver   Name            ID     ID     Name
--------- --------------- ------ ------ ----------------
vs1       nobody          65535  65535  -
vs1       pcuser          65534  65534  -
vs1       root            0      1      -

cluster1::> vserver services unix-group show -members
Vserver        Name                ID
vs1            daemon              1
       Users: -
vs1            nobody              65535
       Users: -
vs1            pcuser              65534
       Users: -
vs1            root                0
       Users: -

cluster1::> vserver cifs options modify -vserver vs1 -default-unix-user pcuser

cluster1::> vserver cifs options show

Vserver: vs1

  Client Session Timeout : 900
  Default Unix Group     : -
  Default Unix User      : pcuser
  Guest Unix User        : -
  Read Grants Exec       : disabled
  Read Only Delete       : disabled
  WINS Servers           : -