Setting up multiprotocol can be tricky, the Celerra offers many capabilities, I would suggest you engage Professional Services.
For example, I assume you do not have usermapper running (otherwise, if an entry is missing in local passwd or group file of server_2, usermapper will create that mapping, then it will be added to secmap and the Data Mover will never look again at local files since the mapping will be available in secmap.
Any way, have you checked the setting of "acl.useUnixGid" (you could check by creating a file from CIFS in a directory where you have access), that would also tell you if the UID of the Windows user is mapped to 902 or to some other UID from usermapper:
server_param server_2 -f cifs -i acl.useUnixGid -v server_2 : name = acl.useUnixGid facility_name = cifs default_value = 0 current_value = 0 configured_value = user_action = none change_effective = immediate range = (0,1) description = Set the unix GID for CIFS created files (default:off)
detailed_description Sets the GID mapping for files created on a Windows client. param cifs useUnixGid=0 Assigns the GID of the Primary Domain group to which the user belongs. param cifs useUnixGid=1 Assigns the Windows user's GID (as found in the GID field of the /.etc/passwd file or NIS database entry).
You also need an entry in the group file for GID 300 with a group the Windows user belongs to.
There are some discussions on the forum on multiprotocol as well.
I believe this issue is with the usermapper, check wether the usermapper sevice is started and if not enable it .
Sameer Kulkarni
DONT blindly play with usermapper
Usually if you want to do multi-protocol you want a defined static mapping and NOT usermapper
usermapper just hands out unique UID/GID's and is meant for CIFS only environments where the mapping doesnt make a difference
usermapper has NOTHING to do with the "static" mapping methods like passwd/NIS/LDAP/ntxmap/AD - in most multi-protocol cases it just complicates matter when it automatically maps a CIFS user and stores the mapping in the secmap (which NEVER gets updated or expired unless you manually remove the cached mapping there)
yes, there are cases when usermapper and static mappings are used together - but then its imperative that you understand how it works and that your user provisioning process makes sure that the static mapping is in place BEFORE the user first connects to the Celerra.
multi-protocol isnt the simplest setup - there is a reason the customer class spends a day on it (not because of Celerra but because the Windows and Unix account and permissioning concepts are quite different).
bergec
275 Posts
0
July 23rd, 2010 04:00
Setting up multiprotocol can be tricky, the Celerra offers many capabilities, I would suggest you engage Professional Services.
For example, I assume you do not have usermapper running (otherwise, if an entry is missing in local passwd or group file of server_2, usermapper will create that mapping, then it will be added to secmap and the Data Mover will never look again at local files since the mapping will be available in secmap.
Any way, have you checked the setting of "acl.useUnixGid" (you could check by creating a file from CIFS in a directory where you have access), that would also tell you if the UID of the Windows user is mapped to 902 or to some other UID from usermapper:
server_param server_2 -f cifs -i acl.useUnixGid -v
server_2 :
name = acl.useUnixGid
facility_name = cifs
default_value = 0
current_value = 0
configured_value =
user_action = none
change_effective = immediate
range = (0,1)
description = Set the unix GID for CIFS created files (default:off)
detailed_description
Sets the GID mapping for files created on a Windows client. param cifs useUnixGid=0 Assigns the GID of the Primary Domain group to which the user belongs. param cifs useUnixGid=1 Assigns the Windows user's GID (as found in the GID field of the /.etc/passwd file or NIS database entry).
You also need an entry in the group file for GID 300 with a group the Windows user belongs to.
There are some discussions on the forum on multiprotocol as well.
Claude
SAMEERK1
296 Posts
0
July 23rd, 2010 05:00
I believe this issue is with the usermapper, check wether the usermapper sevice is started and if not enable it .
Sameer Kulkarni
Rainer_EMC
4 Operator
•
8.6K Posts
0
July 23rd, 2010 06:00
DONT blindly play with usermapper
Usually if you want to do multi-protocol you want a defined static mapping and NOT usermapper
usermapper just hands out unique UID/GID's and is meant for CIFS only environments where the mapping doesnt make a difference
usermapper has NOTHING to do with the "static" mapping methods like passwd/NIS/LDAP/ntxmap/AD - in most multi-protocol cases it just complicates matter when it automatically maps a CIFS user and stores the mapping in the secmap (which NEVER gets updated or expired unless you manually remove the cached mapping there)
yes, there are cases when usermapper and static mappings are used together - but then its imperative that you understand how it works and that your user provisioning process makes sure that the static mapping is in place BEFORE the user first connects to the Celerra.
multi-protocol isnt the simplest setup - there is a reason the customer class spends a day on it (not because of Celerra but because the Windows and Unix account and permissioning concepts are quite different).
Rainer