Table of ContentsView in Frames

How Data ONTAP handles NFS client authentication

NFS clients must be properly authenticated before they can access data on the Storage Virtual Machine (SVM). Data ONTAP authenticates the clients by checking their UNIX credentials against name services you configure.

When an NFS client connects to the SVM, Data ONTAP obtains the UNIX credentials for the user by checking different name services, depending on the name services configuration of the SVM. Data ONTAP can check credentials for local UNIX accounts, NIS domains, and LDAP domains. At least one of them must be configured so that Data ONTAP can successfully authenticate the user. You can specify multiple name services and the order in which Data ONTAP searches them.

In a pure NFS environment with UNIX volume security styles, this configuration is sufficient to authenticate and provide the proper file access for a user connecting from an NFS client.

If you are using mixed, NTFS, or unified volume security styles, Data ONTAP must obtain a CIFS user name for the UNIX user for authentication with a Windows domain controller. This can happen either by mapping individual users using local UNIX accounts or LDAP domains, or by using a default CIFS user instead. You can specify which name services Data ONTAP searches in which order, or specify a default CIFS user.