Gerald,
Thanks for staying on top of this. Burt 283117 is exactly what we're experiencing.
Vaughn, we run a standard Windows 2003 Active Directory. I've tested this against every filer we have, and it always behaves the same. If I recreate one of the shares we have on a filer on a Windows 2003 box, I can log right in using Leopard.
To be fair, this appears to be more a Leopard+Kerberos issue than a problem with OnTap.
--Carl
From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Vaughn Stewart Sent: Sunday, April 06, 2008 3:49 PM To: geraldv@stanford.edu; Barry King Cc: toasters@mathworks.com Subject: Re: NetApp & Leopard
I run 10.5.2 with CIFS on Data ONTap without any issue. I would want to know more about the client's environment before I pointed the finger @ NetApp.
Cheers,
Vaughn Stewart | Virtualization Evangelist
________________________________
From: "Villabroza, Gerald" geraldv@stanford.edu Organization: Stanford University Reply-To: geraldv@stanford.edu Date: Sat, 05 Apr 2008 10:56:25 -0700 To: Barry King barryking93@gmail.com Cc: toasters@mathworks.com Subject: Re: NetApp & Leopard
back on the Leopard and Data ONTAP CIFS train:
As some of us have found, 10.5.2 doesn't play nice with ONTAP cifs.
NetApp has created a BURT:
http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=283117
Its classified as a severity 3 (serious inconvenience) because there's a
work around by passing credentials over NTLM after kerberos fails.
The workaround fails in our environment. We think its because NTLM works but we disallow NTLM and only allow kerberos or NTLMv2.
We've heard that the issue is scheduled to be fixed in 7.2.6 slated for October.
If you have similar issues or if you'd like it fixed earlier, please open a case and reference the BURT. The more customers that report the problem gives them a bigger reason to release a fix sooner.
-=-=- gerald villabroza <geraldv at stanford.edu http://stanford.edu http://stanford.edu > technical lead, its storage, stanford university
Barry King wrote:
At least in my environment, this now partially works in 10.5.2. Based
on my experimentation: What works is doing a "Go -> Connect to
Server"
and punching in cifs://netapp. What doesn't is trying to browse to it
over the network. I'm not sure why one works and the other doesn't.
Regards,
Barry King
On Fri, Feb 8, 2008 at 2:53 PM, Villabroza, Gerald
<geraldv@stanford.edu
mailto:geraldv@stanford.edu mailto:geraldv@stanford.edu > wrote:
Patrick, Tough to mandate dave or admitmac in a diverse higher education environment. 100's of macs show up after the Christmas holidays
and
they all expect to use university resources immediately. Carl, Our understanding from Apple is that the next Leopard update,
10.52,
will address the CIFS access issue. It's in a testing phase now
but not
available to folks external to Apple. -=-=- gerald villabroza <geraldv at stanford.edu <http://stanford.edu>
technical lead, its storage, stanford university > -----Original Message----- > From: Patrick van Helden [mailto:pvh@databasement.eu <mailto:pvh@databasement.eu> <mailto:pvh@databasement.eu> ] > Sent: Wednesday, January 30, 2008 8:24 AM > To: Carl Howell; Villabroza, Gerald > Cc: toasters@mathworks.com <mailto:toasters@mathworks.com>
> Subject: RE: NetApp & Leopard > > Hi Guys, > > Why don't you guys use a 3rd party client like "Dave" or
"Admitmac"
> from Thursby? > > Admitmac even has Windows DFS support > > Regards, > > Patrick van Helden > Databasement BV > pvh@databasement.eu <mailto:pvh@databasement.eu>
> > > > -----Oorspronkelijk bericht----- > Van: owner-toasters@mathworks.com <mailto:owner-toasters@mathworks.com>
mailto:owner-toasters@mathworks.com namens Carl Howell
> Verzonden: wo 1/30/2008 15:56 > Aan: geraldv@stanford.edu <mailto:geraldv@stanford.edu>
> CC: toasters@mathworks.com <mailto:toasters@mathworks.com>
> Onderwerp: RE: NetApp & Leopard > > Gerald, > > Thanks for the feedback, and yes, feel free to reference us. > > --Carl > > -----Original Message----- > From: Villabroza, Gerald [mailto:geraldv@stanford.edu <mailto:geraldv@stanford.edu> <mailto:geraldv@stanford.edu> ] > Sent: Wednesday, January 30, 2008 8:49 AM > To: Carl Howell > Cc: toasters@mathworks.com <mailto:toasters@mathworks.com>
> Subject: Re: NetApp & Leopard > > Carl, > > We're experiencing the same issue when accessing DOT 7.2.2 CIFS in Win > 2k3 AD with OS X 10.5.1. > > We've opened a case with Apple and here's what they came back
with:
> > ##### > When a Leopard client opens a session, it sends three
mechanisms in
> this > > order, KRB5, some OID I don't what it is, and MS KRB5. The
filer
> returns an unsupported error. > > Apple thinks DOT is just bailing on the first unsupported
mechanism
and > not checking the whole list. Tiger only sent the MS KRB5 mechanism so > that is why it works. > > Apple is working on building a test of their kerberos library
that
puts > MS KRB5 as the first mechanism to validate the hypothesis. > ##### > > Leopard can authenticate via K5 against MS WIN 2k3 systems fine in our > environment, just not against DOT. > > Luckily Apple and NetApp are both TSAnet members and can
collaborate
on > the support case. > > Do you mind if reference your experience at UWF with NetApp and Apple? > And if you don't, do you have a case # with NetApp? > > Its interesting to hear of other hi-ed's with this issue. Any
others
> out there? Like other issues in our space it helps to band
together.
> > -=-=- > gerald villabroza <geraldv at stanford.edu
http://stanford.edu http://stanford.edu >
> technical lead, its storage, stanford university > > > Carl Howell wrote: > > I've stumbled across a problem we're having accessing filer
hosted
> CIFS > > shares from Mac OS X Leopard 10.5.1. The Leopard boxes I've
tried
> this > > on are all bound to our Win2k3 Active Directory. If you log
into
> Leopard > > with your domain credentials and try to access a share on a > filer(this > > happens on all of our filers and all are at 7.x and above),
you
will > be > > prompted for your password. If you try to access the same
CIFS
share > > hosted on a Win2k3 box, you will get right in. > > > > > > > > Has anyone else seen this? > > > > > > > > Thanks, > > > > > > > > --Carl > > > > > > > > > > > > > > >-- Barry King barryking93@gmail.com mailto:barryking93@gmail.com