Dell Unity: Newly added users are unable to access share in a multiprotocol file system (User Correctable)

New Users unable to access the share in a multiprotocol file system.
Users are listed under the "unresolved" tag in "secmap" list.

Command:

Type        UID/GID     Origin     Date of creation           Name                       SID
Unresolved xxxxxx  secmap     Mon Jan 22 12:46:52 2024   xxxxx                xxxxxxxxxx

 

Automatic mapping for unmapped windows accounts is not enabled.

In a multiprotocol context, a Windows user must be matched to a UNIX user. However, a UNIX user has to be mapped to a Windows user only when the access policy is Windows. This matching is necessary so that file system security can be enforced, even if it is not native to the protocol.

The following components are involved in user mapping:

• UNIX Directory Services, local files, or both
•  Windows resolvers
•  Secure mapping (secmap) - a cache that contains all mappings between SIDs, and UID or GIDs used by a NAS server.
•  ntxmap

The function of secmap is to store all SID-to-UID and primary GID and UID-to-SID mappings to ensure coherency across all file systems of the NAS server.

During the SID to UID, primary GID mapping, the UDS (NIS server, LDAP server, or local files) is searched using the UNIX name.

1. If the UNIX username is found in the UDS, the UID and GID mapping is resolved.
2. If the UNIX name is not found, but the automatic mapping for unmapped Windows accounts feature is enabled, the UID is automatically assigned.
3. If the UNIX username is not found in the UDS but there is a default UNIX account, the UID and GID mapping is resolved to that of the default UNIX account.
4. If the SID is not resolvable, access is denied.

Step 1:- Retrieve the secmap details using the below command.

svc_cifssupport {<NAS_server_name> | ALL} -secmap -list

 

Step 2:- Check for the users in the list with below command:             

 svc_cifssupport {<NAS_server_name> | ALL} -secmap -list | grep "<username>"

The user can be found with the "unresolved" tag in the list as shown in the below example:

Type        UID/GID     Origin     Date of creation           Name                       SID
Unresolved xxxxxx  secmap     Mon Jan 22 12:46:52 2024   xxxxx                xxxxxxxxxx

Step 3: On UI, go to the associated NAS server > Sharing Protocols > Multiprotocol tab and Enable automatic mapping for unmapped Windows accounts and apply it as shown below:


Step 4: After 10-15 minutes, check for the user in the "secmap" list again using the same command given in step 2. 

The users get listed under the "user" tag, and they gain the access to the shares.

Sample output: 

Type        UID/GID     Origin     Date of creation           Name                       SID
User        xxxxxx  secmap     Mon Jan 22 13:46:52 2024   xxxxx                xxxxxxxxxx