toasters

toasters@lists.teaparty.net

3 participants
13514 discussions

Mtime goes wonkie via Sharity
by Ben Rockwood 08 Sep '05

08 Sep '05

Hey All. I'm using Sharity 2.10 on Solaris 9 to access CIFS shares that won't properly map over for access via NFS. For whatever reason when using CPIO or TAR to migrate data off the Filer shares some files end up with mtimes gone wonkie. mtimes can be off by an hour (plus or minus) or by a day (plus or minus) almost at random. If all the times were off by some constant value it'd be an easy fix. I'm running out of ideas. Has anyone seen a problem like this before? Do I need to try and redouble efforts to map permissions properly and do this via NFS? I'll take any ideas at this point. :) benr.

1 0

Be a real man. Rolex Watch
by Marci Moran 06 Sep '05

06 Sep '05

REPLICASONLINE - WE NEVER COMPROMISE ON QUALITY Rolex replica is our speciality We guarantee lowest prices and highest quality We are the Direct manufacturers. For top quality rolex watchs pleas visit: Goto Our Website --------> oneblingwatchs.net <--------- uduhrkfw tpuaarc

1 0

NFS access problem going from 6.4.4 to 7.0.1R1
by Steve Losen 06 Sep '05

06 Sep '05

We recently replaced our F820c pair running 6.4.4 with a FAS3050c pair running 7.0.1R1. Formerly we were doing something admittedly questionable to protect unauthorized NFS mounts from networks where we do not have complete physical control. We have a public lab of Unix workstations that NFS mount home directories from our filers. This is insecure because someone can bring in a Unix laptop configured with the same IP address as a workstation and move the network cable from the workstation to the laptop, and thereby get NFS access on the laptop. The laptop owner has root so he can su to any UID that he wants, thereby getting access to any user's files. Our solution was to write a "netgroup server" that temporarily added a NFS client to a netgroup just long enough for the client to mount and then removed the client from the netgroup. Only root on the NFS client had access to the shared secret that authenticated the client to the netgroup server. While not perfect, this made the laptop attack much more difficult. This worked fine under 6.4.4. Once the NFS client had its mounts, it did not seem to matter to the filer that the client disappeared from the netgroup. However, this is not the case under 7.0.1R1. We have found that certain NFS operations cause the filer to recheck the netgroup information and when it discovers that the client is no longer in the netgroup, it denies further access. I realize that we need to be looking at a "real" solution (NFSv4 ? NFS over IPsec ?). But I was wondering if there was something simple that I could do in the meantime, perhaps an obscure NFS option on the filer. Steve Losen scl(a)virginia.edu phone: 434-924-0640 University of Virginia ITC Unix Support

3 2

HOW DO I UN SUBSCRIBE?
by Joe Everett 06 Sep '05

06 Sep '05

--- Steve Losen <scl(a)sasha.acc.virginia.edu> wrote: > To: toasters(a)mathworks.com > Subject: NFS access problem going from 6.4.4 to 7.0.1R1 > Date: Sun, 04 Sep 2005 10:02:55 -0400 > From: Steve Losen <scl(a)sasha.acc.virginia.edu> > > > We recently replaced our F820c pair running 6.4.4 with a > FAS3050c pair running 7.0.1R1. > > Formerly we were doing something admittedly questionable to > protect unauthorized NFS mounts from networks where we do > not have complete physical control. We have a public lab > of Unix workstations that NFS mount home directories from > our filers. This is insecure because someone can bring in > a Unix laptop configured with the same IP address as a > workstation and move the network cable from the workstation > to the laptop, and thereby get NFS access on the laptop. > The laptop owner has root so he can su to any UID that he > wants, thereby getting access to any user's files. > > Our solution was to write a "netgroup server" that temporarily > added a NFS client to a netgroup just long enough for the client > to mount and then removed the client from the netgroup. Only > root on the NFS client had access to the shared secret that > authenticated the client to the netgroup server. While > not perfect, this made the laptop attack much more difficult. > > This worked fine under 6.4.4. Once the NFS client had its mounts, > it did not seem to matter to the filer that the client disappeared > from the netgroup. However, this is not the case under 7.0.1R1. > We have found that certain NFS operations cause the filer to > recheck > the netgroup information and when it discovers that the client is > no longer in the netgroup, it denies further access. > > I realize that we need to be looking at a "real" solution (NFSv4 ? > NFS over IPsec ?). But I was wondering if there was something > simple that I could do in the meantime, perhaps an obscure NFS > option on the filer. > > Steve Losen scl(a)virginia.edu phone: 434-924-0640 > > University of Virginia ITC Unix Support > > >

1 0

Unix dot-files on Windows
by Adrian Gschwend 06 Sep '05

06 Sep '05

Hi guys, As written before we use NetApp on Linux with NFS and CIFS for Windows, so far so good. One remaining problem is that Windows-Users keep seeing the dot-files (.gnome or whatever), which is a bit disturbing for the normal user. I thought there are some flags I can set that those files are shown as hidden files on Windows, but I couldn't find anything useful in the docs. Anyone knows how I can do that (if at all)? Again, OnTap at the moment is 6.5.4 cu Adrian -- Adrian Gschwend System Administrator Berne University of Applied Sciences Biel, Switzerland

2 2

Index
by Alex Soo 06 Sep '05

06 Sep '05

Hi, Can any body help on this? I am trying to index a folder on F740 so that all user can search the folder with their window default search tools. I have a window 2003 server and a bunch of XP work station. Regards, Alex Soo CONFIDENTIAL NOTE: The information contained in this email is intended only for the use of the individual or entity named above and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this message in error, please immediately notify the sender and delete the mail. Thank you.

1 0

Kerberos & sys security on the same export
by Adrian Gschwend 06 Sep '05

06 Sep '05

Hi all, At our university we just used NFS exports for our old Solaris 8 clients so far, now we have Linux in place on all clients and thus a lot more machines that connect to the filers with NFS. Because we are an academic environment sys-security is too weak. Some students would find out pretty fast that it is easy to boot Knoppix or connect their laptops on the same cable and try to access home directories from our professors. So we decided to use Kerberos on Linux as well (via AD Kerberos services which is connected to the filer), that works just fine with one exception: If I mix sys & krb5 security *every* client can still do sys, not just the /24 IP block I would need for the old Solaris setup. On a test-environment running on Linux I can do two exports for the exact same share, like one with sys, the second one with krb5 security. Thus I can do one sys export for the /24 IP block and a krb5 one for the rest. Unfortunately this seems not to work on NetApp, if I do two shares, the first one gets overwritten by the second one. I also tried something like this: /vol/sugus -sec=sys,rw=147.87.64.0/24,sec=krb5,rw=147.87.0.0/16 I don't get any special error messages with this export but it doesn't work as expected. Is this possible after all with OnTap? I'm running V6.5.4 on the filers. Thanks Adrian -- Adrian Gschwend System Administrator Berne University of Applied Sciences Biel, Switzerland

2 3

rescan without reboot to locate DLT library ?
by Frank Bonnet 05 Sep '05

05 Sep '05

Hello I'am in trouble with a DLT library which is not "seen" by the filer because the DLT was not powered when the filer boot up. Is there a command to rescan the SCSI but to let the filer discover the library without reboot the toaster ? Thanks PS : the box is a F87 running 6.5.5 -- Cordialement/Regards Frank Bonnet

2 1

�j weboldal
by Hotv�th Zolt�n 05 Sep '05

05 Sep '05

1 0

Say goodbye to insane gas prices
by Titor 03 Sep '05

03 Sep '05

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

toasters