Hi all,
At our university we just used NFS exports for our old Solaris 8 clients so far, now we have Linux in place on all clients and thus a lot more machines that connect to the filers with NFS. Because we are an academic environment sys-security is too weak. Some students would find out pretty fast that it is easy to boot Knoppix or connect their laptops on the same cable and try to access home directories from our professors.
So we decided to use Kerberos on Linux as well (via AD Kerberos services which is connected to the filer), that works just fine with one exception: If I mix sys & krb5 security *every* client can still do sys, not just the /24 IP block I would need for the old Solaris setup.
On a test-environment running on Linux I can do two exports for the exact same share, like one with sys, the second one with krb5 security. Thus I can do one sys export for the /24 IP block and a krb5 one for the rest. Unfortunately this seems not to work on NetApp, if I do two shares, the first one gets overwritten by the second one.
I also tried something like this:
/vol/sugus -sec=sys,rw=147.87.64.0/24,sec=krb5,rw=147.87.0.0/16
I don't get any special error messages with this export but it doesn't work as expected.
Is this possible after all with OnTap? I'm running V6.5.4 on the filers.
Thanks
Adrian