Thomas...
Taking your various issues one at a time...
It looks like while yes there is indeed NT server authentication happening now, no matter WHO I want to access the CIFS shares, they STILL have to MANUALLY PLACED into the /etc/passwd file!!!!
Right. That is the case in current Data ONTAP releases, and the root reason for this requirement is that the security model used by the WAFL file system today is a UNIX security model. In order to assess what a Windows user can and can not do to the files and directories resident on its file system, a filer has to associate each Windows connection (user) with a UNIX identity (a UID and GID(s)) so it can control the users access to data using the UNIX inode based security that it stores (read, write and execute for owning UID, owning GID and other). The /etc/passwd isn't really storing Windows users accounts per se, it's storing mappings between account names and UIDs/GIDs.
What is the POINT of full blown NT server (domain) authentication if I STILL have to input ALL of the users into the /etc/passwd file!
The Windows clients still get to authenticate themselves in the normal way with the domain infrastructure on startup. The full Windows security/authentication protocols are enforced on the wire, and the users also wind up being subject to all the correct limitations and restrictions that the Windows administrator may have assigned to their account (times of day they are allowed to use the network and so forth...).
We have TONS of UNIX users across campus who are on various NIS+ domains and as a result many have overlapping UIDs!
So called "overlapping UIDs" situations are not handled by the above mechanism today. If by overlapping UIDs you mean multiple users posessing the same UID, I thought this was generally regarded as a pretty bad idea even to start out with? Unless the accounts with identical UIDs have different lexigraphical user names, that's that. If they do, you could actually get to "break up" the different users with the same UIDs by allocating them different UIDs in the filers /etc/passwd file. However, if you configure the filer into your existing NIS infrastructure as a client, then the problem will remain. As an FYI, we have a utility available on our NOW web site that many of our customers have found useful. Check out CVTUSERS in the "Tools & Utilities" section of NOW. It will automatically generate passwd and group databases from a Windows NT domain infrastructure for you.
Is the ONLY way to get around this is by going to 5.x?
Not a current 5.X (5.0) release, no. The resolution to this "problem" as described above is actually quite a bit larger than you might imagine, and is embodied in a major enhancement to the Data ONTAP microkernel and WAFL file system that is already announced and about to be unleashed shortly. Specifically, the solution lies in enhancing WAFL to maintain true Windows NT style security attributes (NTFS Security Descriptors) such that Windows client users can be treated as exactly what they are, Windows client users who might not even have UNIX accounts at all! :-)
The new capability is briefly mentioned in the announcement of our previous Windows Network Software enhancement (WNS 2.0) at:
http://www.netapp.com/news/level3b/news_rel_971103.html
The new software is currently in external test, and has even been briefly reviewed by Windows NT Systems magazine in their article at:
http://www.netapp.com/news/level3b/news_rel_971103.html
(See the "Sidebar: Midyear Release" box toward the end of the article).
I'll save all the details for another time, but suffice to say that what you have coming your way is not just a "resolution", it's a whole new solution in its own right. :-)
Is there any way to MOUNT a NetApp file server directly to an NT file system and access it like unix does with a /mnt directory?
Well, yes. But apparently you already know about it because you write:
I know about the menthod of mounting to NT via a drive letter... but you can't re-share that as a resource under that the NT file system CAN you?
You mean "re-sharing" a network drive or the directories thereon? No, you can't do that with current versions of Windows NT, at least not without resorting to some undocumented tricks which nobody has ever been able to confirm to me *really* exist. It's like re-exporting NFS mounted file systems on a UNIX machine, arguably not a good idea and definately not allowed.
You know.. like this: given that NetApp box="\barium\C$"
and NT Server="\ntbox"
net use \ntbox\shares\share \barium\share net use \ntbox\shares\winapps \barium\winapps
What? Now there's a "net use" syntax that I've never seen before.
Anyone wanna tell me exactly why things can't be done like this?
Because it would be a syntax error? :-)
Keith