Mapping Unix account through ADlookup not working
Recently, we had a case where mapping Unix account through ADlookup was not working. Windows 2008 R2 as hosting the NFS share and Windows 2003 R2 was the DC. We performed the steps below:
- Populated User’s attribute in AD
- Configured the Netbios name in the NFS properties page
- Updated the NFS related drivers
- Configured NFS share and gave proper NTFS permission (where the mapped user was made the owner and added into the NTFS permission).
This was a cluster environment. While accessing the shares from Unix clients we were getting “Permission denied”. We checked the permission on the User’s container in the AD and added READ permission for the authenticated users. Restarting the Server for NFS service had no impact. Still we got the same error.
Moving forward we collected NFS WMI traces along with the netmon (Network) traces. Though the Netmon traces did not give much input but from the NFS traces we could see that there was a conflict due to duplicate GID, which was causing the issue. This was an important learning, as NFS access over NFS checks UID and GID and both needs to be unique to get proper access from UNIX side.
Getting ldifde exports for the users, pointed to the duplicate entry. Removing the duplicate entry for the group resolved the issue.