Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

Amattsson

3 Posts

1764

May 11th, 2016 03:00

NFS and CIFS shares with AD as LDAP-source for UID - SID mapping.

Hi.

I cannot seem to get this to work, so I'm hoping that someone here might be able to help.

I have an Active Directory populated with posix attributes and want to use this for UID - SID mapping so that users can access the same filesystem via both NFS and CIFS in a mixed Windows/Linux/OSX environment.

I've configured ldap.conf and nsswitch.conf for AD LDAP and configured LDAP lookup with "server_ldap server_2 -set -p -basedn dc=x,dc=x,dc=x -servers 'ip-of-AD-server' -binddn cn=x,dc=x,dc=x,dc=x".

Then AD-joined the CIFS-server and created a share via Unisphere, and also added a NFS service principal with -option addservice=nfs in CLI.

To make user lookups compatible with AD, I've specified "server_param server_2 -facility cifs -modify resolver -value 1" and since we don't use dynamic DNS, I've turned this off with "server_param server_2 -facility dns -modify updateMode -value 0"

After contact with EMC-support regarding errors I got after this, I've turned off and deleted the local usermapper database with "server_usermapper server_2 -disable" and "server_usermapper server_2 -remove -all", and turned off usermapper auto discovery with "server_param server_2 -facility usrmap -modify autobroadcast -value 0"

The NT primary group isn't used, so I've added "server_param server_2 -facility cifs -modify acl.useUnixGid -value 1" to use the unix primary gid instead.


Error 1 is:

I can lookup users with "server_ldap VDM01 -lookup -uid 'uid-number'" or "server_ldap VDM01 -lookup -user 'username' -domain 'AD-domain'", and I can see the UID - SID mapping with "server_cifssupport VDM01 -secmap -list".

For some reason though, I *must* first do a uid-lookup before username-lookup works, and must then do a CIFS-connection wtih the user before it shows up in the secmap list. CIFS-connections also doesn't work unless I've done the uid-lookup first.


Error 2 is:

Even though I've specified acl-useUnixGid", I still get "NT_Access_Credential::RequestFromSID:usr=DOMAIN\username primary nt group not mapped, use unix primary" in the log.


Error 3 is:

After exporting the NFS-share with "server_export VDM01 -Protocol nfs /fs01", mounting the share from a client doesn't work, and I get the following error in the logs following a failed mount:

"RPC: 3: rpc parsing failed, version 0x4"



I'm quite new to the EMC NAS equipment, so I'm really reliant on the EMC documentation that doesn't really give any clues as to what might be wrong.


Regards,

Andreas M

No Responses!

View More

View All

No Events found!

Top