Hello Again All,

 

Phase 2 of this puzzle is making this new setting work.

 

I’ve mounted a test volume on the 8.2 simulator to our HPC cluster and am su’d to an account that is a member of 17 groups. “id” shows me all seventeen groups. “ls –l” shows me directories that the user ‘s individual group owns, and directories owned by groups he’s a member of, and all with the appropriate permissions. But he’s unable to cd into any of them, or to write anything to the pwd (which is owned by a group he’s a member of).

 

I used cifs setup to add the filer to our AD and that fact that “id” gets all his groups suggests his AD account is resolving correctly on the client. Did I miss a step in setting up the filer?

 

Hope to hear from you,

 

Randy in Seattle

 

 

Figured this out with some help from you all.

 

We’re running 8.1 and this option is only supported 8.1.1 and onward for :  https://communities.netapp.com/thread/20549

 

Confirmed it on a 8.2 simulator. Still needed to use registry walk and set to even see/set the option but it is there. Once you’ve set it, even in non-privileged mode it appears if you run options nfs.

 

Thanks to all!

 

Randy

 

 

Hello All,

 

Trying to work around the 16 group limitation of NFS v3 on our 8.1 vfiler and finding references to a “hidden” option “nfs.authsys.extended_groups_ns.enable” that will effectively disable group lookups via auth_sys/RPC and instead look to the filer’s AD authentication for a user’s group memberships. This is similar in spirit to Isilon’s “mapuid” feature and “regular” NFS’s –manage-gid switch.

 

But I’ve tried in regular mode, priv set advanced and priv set diag, and I always get “No such option nfs.authsys.extended_groups_ns.enable” if I try to view or change the option.

 

Am I missing some step to make this hidden double-secret-probationary option available?

 

Randy