Hi toasters,
we are currently testing expand boxes to boost our cifs access from remote locations to our centralized Netapp filers.
Sadly the expand boxes need to have access to the cifs files in order to replicate them to the remote boxes. When accessing files of course the normal user-rights of the user accessing the files are used.
What i did is, i put the service-user into the "Backup Operators" group on the filer, but without success. When i try to replicate the cifs-shares i always get error messages that the user is not allowed to open the files.
With the "Administrators" group on the filer it worked. But this is not an option in my eyes, as this right is too high and in case a user removes the "Administrators" group from a folder the expand box will fail to replicate this folder as well.
Has anybody a good idea or even deployed expand boxes for cifs-acceleration with netapp?
Regards and thanks in advance
Jochen
We use Expand boxes with our filers, though we don't do scheduled replication of data.
Have you attempted adding the service account as a CIFS superuser (which effectively gives it access to all files)? If you consider that too insecure, then you may have to reconsider caching files (after all, it can't cache them if it can't read them).
Darren
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Willeke, Jochen Sent: 08 July 2008 10:11 To: toasters@mathworks.com Subject: Backup Operators group on filer
Hi toasters,
we are currently testing expand boxes to boost our cifs access from remote locations to our centralized Netapp filers.
Sadly the expand boxes need to have access to the cifs files in order to replicate them to the remote boxes. When accessing files of course the normal user-rights of the user accessing the files are used.
What i did is, i put the service-user into the "Backup Operators" group on the filer, but without success. When i try to replicate the cifs-shares i always get error messages that the user is not allowed to open the files.
With the "Administrators" group on the filer it worked. But this is not an option in my eyes, as this right is too high and in case a user removes the "Administrators" group from a folder the expand box will fail to replicate this folder as well.
Has anybody a good idea or even deployed expand boxes for cifs-acceleration with netapp?
Regards and thanks in advance
Jochen
Hi Darren,
thanks for your hint. I have never heard about this cifs superuser.
Will give it a try!
Rgds
Jochen
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Darren Sykes Sent: Tuesday, July 08, 2008 5:57 PM To: Willeke, Jochen; toasters@mathworks.com Subject: RE: Backup Operators group on filer
We use Expand boxes with our filers, though we don't do scheduled replication of data.
Have you attempted adding the service account as a CIFS superuser (which effectively gives it access to all files)? If you consider that too insecure, then you may have to reconsider caching files (after all, it can't cache them if it can't read them).
Darren
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Willeke, Jochen Sent: 08 July 2008 10:11 To: toasters@mathworks.com Subject: Backup Operators group on filer
Hi toasters,
we are currently testing expand boxes to boost our cifs access from remote locations to our centralized Netapp filers.
Sadly the expand boxes need to have access to the cifs files in order to replicate them to the remote boxes. When accessing files of course the normal user-rights of the user accessing the files are used.
What i did is, i put the service-user into the "Backup Operators" group on the filer, but without success. When i try to replicate the cifs-shares i always get error messages that the user is not allowed to open the files.
With the "Administrators" group on the filer it worked. But this is not an option in my eyes, as this right is too high and in case a user removes the "Administrators" group from a folder the expand box will fail to replicate this folder as well.
Has anybody a good idea or even deployed expand boxes for cifs-acceleration with netapp?
Regards and thanks in advance
Jochen
Hi,
i just found out that the "cifs superuser" is only available in Ontap 10 :/
Sadly we do have 7.2.4 so still some way to go.
Rgds and thanks anyway
Jochen
-----Original Message----- From: Darren Sykes [mailto:Darren.Sykes@csr.com] Sent: Tuesday, July 08, 2008 5:57 PM To: Willeke, Jochen; toasters@mathworks.com Subject: RE: Backup Operators group on filer
We use Expand boxes with our filers, though we don't do scheduled replication of data.
Have you attempted adding the service account as a CIFS superuser (which effectively gives it access to all files)? If you consider that too insecure, then you may have to reconsider caching files (after all, it can't cache them if it can't read them).
Darren
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Willeke, Jochen Sent: 08 July 2008 10:11 To: toasters@mathworks.com Subject: Backup Operators group on filer
Hi toasters,
we are currently testing expand boxes to boost our cifs access from remote locations to our centralized Netapp filers.
Sadly the expand boxes need to have access to the cifs files in order to replicate them to the remote boxes. When accessing files of course the normal user-rights of the user accessing the files are used.
What i did is, i put the service-user into the "Backup Operators" group on the filer, but without success. When i try to replicate the cifs-shares i always get error messages that the user is not allowed to open the files.
With the "Administrators" group on the filer it worked. But this is not an option in my eyes, as this right is too high and in case a user removes the "Administrators" group from a folder the expand box will fail to replicate this folder as well.
Has anybody a good idea or even deployed expand boxes for cifs-acceleration with netapp?
Regards and thanks in advance
Jochen
Jochen,
We don't use the Expand boxes, but the steelheads from Riverbed, they also offer caching of Cifs data, which you can do on a per share/directory basis.
The best option we have found is to create a windows AD account that had the required access to all the shares/directories, and then use that account, from experience we found that to get all of the rights needed, we ended up assigning "domain admins" membership which is a bit of a bull in a china shop approach, but having gone through the rights of various files and folders, the only group that had consistent access was any account with "domain admins" membership.
I would take serious look at the steelhead boxes, from my experience they work a lot better than the rest of WAN optimisation appliances I worked with.
Feel free to contact me off list if you would like any more information.
Cheers
Matt
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Willeke, Jochen Sent: 09 July 2008 09:29 To: Darren Sykes; toasters@mathworks.com Subject: RE: Backup Operators group on filer
Hi,
i just found out that the "cifs superuser" is only available in Ontap 10 :/
Sadly we do have 7.2.4 so still some way to go.
Rgds and thanks anyway
Jochen
-----Original Message----- From: Darren Sykes [mailto:Darren.Sykes@csr.com] Sent: Tuesday, July 08, 2008 5:57 PM To: Willeke, Jochen; toasters@mathworks.com Subject: RE: Backup Operators group on filer
We use Expand boxes with our filers, though we don't do scheduled replication of data.
Have you attempted adding the service account as a CIFS superuser (which effectively gives it access to all files)? If you consider that too insecure, then you may have to reconsider caching files (after all, it can't cache them if it can't read them).
Darren
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Willeke, Jochen Sent: 08 July 2008 10:11 To: toasters@mathworks.com Subject: Backup Operators group on filer
Hi toasters,
we are currently testing expand boxes to boost our cifs access from remote locations to our centralized Netapp filers.
Sadly the expand boxes need to have access to the cifs files in order to replicate them to the remote boxes. When accessing files of course the normal user-rights of the user accessing the files are used.
What i did is, i put the service-user into the "Backup Operators" group on the filer, but without success. When i try to replicate the cifs-shares i always get error messages that the user is not allowed to open the files.
With the "Administrators" group on the filer it worked. But this is not an option in my eyes, as this right is too high and in case a user removes the "Administrators" group from a folder the expand box will fail to replicate this folder as well.
Has anybody a good idea or even deployed expand boxes for cifs-acceleration with netapp?
Regards and thanks in advance
Jochen
-- WINCOR NIXDORF International GmbH Sitz der Gesellschaft: Paderborn Registergericht Paderborn HRB 3507 Geschäftsführer: Eckard Heidloff (Vorsitzender), Stefan Auerbach, Dr. Jürgen Wunram Vorsitzender des Aufsichtsrats: Karl-Heinz Stiller Steuernummer: 339/5884/0020 - Ust-ID Nr.: DE812927716 - WEEE-Reg.-Nr. DE44477193
Diese E-Mail enthält vertrauliche Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
This e-mail may contain confidential information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
-- WINCOR NIXDORF International GmbH Sitz der Gesellschaft: Paderborn Registergericht Paderborn HRB 3507 Geschäftsführer: Eckard Heidloff (Vorsitzender), Stefan Auerbach, Dr. Jürgen Wunram Vorsitzender des Aufsichtsrats: Karl-Heinz Stiller Steuernummer: 339/5884/0020 - Ust-ID Nr.: DE812927716 - WEEE-Reg.-Nr. DE44477193
Diese E-Mail enthält vertrauliche Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
This e-mail may contain confidential information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
_____________________________________________________________ This e-mail (including all attachments) is confidential and may be privileged. It is for the exclusive use of the addressee only. If you are not the addressee, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately at help@generalatlantic.com mailto:help@generalatlantic.com. Thank You.
Jochen,
We use both GX and 7G so I'm continually confusing the technology! I've certainly done something similar on 7G previously.
I'll have a play with our 7G boxes and attempt to get them working with caching.
Also, have you tried speaking to Expand. I'm told they use Netapp and their own products internally so they may have first hand experience of this.
Thanks, Darren.
-----Original Message----- From: Willeke, Jochen [mailto:Jochen.Willeke@wincor-nixdorf.com] Sent: 09 July 2008 09:29 To: Darren Sykes; toasters@mathworks.com Subject: RE: Backup Operators group on filer
Hi,
i just found out that the "cifs superuser" is only available in Ontap 10 :/
Sadly we do have 7.2.4 so still some way to go.
Rgds and thanks anyway
Jochen
-----Original Message----- From: Darren Sykes [mailto:Darren.Sykes@csr.com] Sent: Tuesday, July 08, 2008 5:57 PM To: Willeke, Jochen; toasters@mathworks.com Subject: RE: Backup Operators group on filer
We use Expand boxes with our filers, though we don't do scheduled replication of data.
Have you attempted adding the service account as a CIFS superuser (which effectively gives it access to all files)? If you consider that too insecure, then you may have to reconsider caching files (after all, it can't cache them if it can't read them).
Darren
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Willeke, Jochen Sent: 08 July 2008 10:11 To: toasters@mathworks.com Subject: Backup Operators group on filer
Hi toasters,
we are currently testing expand boxes to boost our cifs access from remote locations to our centralized Netapp filers.
Sadly the expand boxes need to have access to the cifs files in order to replicate them to the remote boxes. When accessing files of course the normal user-rights of the user accessing the files are used.
What i did is, i put the service-user into the "Backup Operators" group on the filer, but without success. When i try to replicate the cifs-shares i always get error messages that the user is not allowed to open the files.
With the "Administrators" group on the filer it worked. But this is not an option in my eyes, as this right is too high and in case a user removes the "Administrators" group from a folder the expand box will fail to replicate this folder as well.
Has anybody a good idea or even deployed expand boxes for cifs-acceleration with netapp?
Regards and thanks in advance
Jochen
Hi Darren,
no problem about the cifs superuser :D. At least i do know now, that this is available in Ontag GX.
Of course we have asked expand but no feedback so far. The only hint we got from them was that netapps "cifs homedir" can cause some kind of problems. But we do not use this functionality at all.
Let's see if we get this working without the need of domain or filer-admin account.
Rgds
Jochen
-----Original Message----- From: Darren Sykes [mailto:Darren.Sykes@csr.com] Sent: Wednesday, July 09, 2008 2:02 PM To: Willeke, Jochen; toasters@mathworks.com Subject: RE: Backup Operators group on filer
Jochen,
We use both GX and 7G so I'm continually confusing the technology! I've certainly done something similar on 7G previously.
I'll have a play with our 7G boxes and attempt to get them working with caching.
Also, have you tried speaking to Expand. I'm told they use Netapp and their own products internally so they may have first hand experience of this.
Thanks, Darren.
-----Original Message----- From: Willeke, Jochen [mailto:Jochen.Willeke@wincor-nixdorf.com] Sent: 09 July 2008 09:29 To: Darren Sykes; toasters@mathworks.com Subject: RE: Backup Operators group on filer
Hi,
i just found out that the "cifs superuser" is only available in Ontap 10 :/
Sadly we do have 7.2.4 so still some way to go.
Rgds and thanks anyway
Jochen
-----Original Message----- From: Darren Sykes [mailto:Darren.Sykes@csr.com] Sent: Tuesday, July 08, 2008 5:57 PM To: Willeke, Jochen; toasters@mathworks.com Subject: RE: Backup Operators group on filer
We use Expand boxes with our filers, though we don't do scheduled replication of data.
Have you attempted adding the service account as a CIFS superuser (which effectively gives it access to all files)? If you consider that too insecure, then you may have to reconsider caching files (after all, it can't cache them if it can't read them).
Darren
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Willeke, Jochen Sent: 08 July 2008 10:11 To: toasters@mathworks.com Subject: Backup Operators group on filer
Hi toasters,
we are currently testing expand boxes to boost our cifs access from remote locations to our centralized Netapp filers.
Sadly the expand boxes need to have access to the cifs files in order to replicate them to the remote boxes. When accessing files of course the normal user-rights of the user accessing the files are used.
What i did is, i put the service-user into the "Backup Operators" group on the filer, but without success. When i try to replicate the cifs-shares i always get error messages that the user is not allowed to open the files.
With the "Administrators" group on the filer it worked. But this is not an option in my eyes, as this right is too high and in case a user removes the "Administrators" group from a folder the expand box will fail to replicate this folder as well.
Has anybody a good idea or even deployed expand boxes for cifs-acceleration with netapp?
Regards and thanks in advance
Jochen
That interesting (re: home folders), it was me who told them about that too :-)
I'll drop you a mail directly when I get chance to look at our environment.
Thanks, Darren.
-----Original Message----- From: Willeke, Jochen [mailto:Jochen.Willeke@wincor-nixdorf.com] Sent: 09 July 2008 14:00 To: Darren Sykes; toasters@mathworks.com Subject: RE: Backup Operators group on filer
Hi Darren,
no problem about the cifs superuser :D. At least i do know now, that this is available in Ontag GX.
Of course we have asked expand but no feedback so far. The only hint we got from them was that netapps "cifs homedir" can cause some kind of problems. But we do not use this functionality at all.
Let's see if we get this working without the need of domain or filer-admin account.
Rgds
Jochen
-----Original Message----- From: Darren Sykes [mailto:Darren.Sykes@csr.com] Sent: Wednesday, July 09, 2008 2:02 PM To: Willeke, Jochen; toasters@mathworks.com Subject: RE: Backup Operators group on filer
Jochen,
We use both GX and 7G so I'm continually confusing the technology! I've certainly done something similar on 7G previously.
I'll have a play with our 7G boxes and attempt to get them working with caching.
Also, have you tried speaking to Expand. I'm told they use Netapp and their own products internally so they may have first hand experience of this.
Thanks, Darren.
-----Original Message----- From: Willeke, Jochen [mailto:Jochen.Willeke@wincor-nixdorf.com] Sent: 09 July 2008 09:29 To: Darren Sykes; toasters@mathworks.com Subject: RE: Backup Operators group on filer
Hi,
i just found out that the "cifs superuser" is only available in Ontap 10 :/
Sadly we do have 7.2.4 so still some way to go.
Rgds and thanks anyway
Jochen
-----Original Message----- From: Darren Sykes [mailto:Darren.Sykes@csr.com] Sent: Tuesday, July 08, 2008 5:57 PM To: Willeke, Jochen; toasters@mathworks.com Subject: RE: Backup Operators group on filer
We use Expand boxes with our filers, though we don't do scheduled replication of data.
Have you attempted adding the service account as a CIFS superuser (which effectively gives it access to all files)? If you consider that too insecure, then you may have to reconsider caching files (after all, it can't cache them if it can't read them).
Darren
-----Original Message----- From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Willeke, Jochen Sent: 08 July 2008 10:11 To: toasters@mathworks.com Subject: Backup Operators group on filer
Hi toasters,
we are currently testing expand boxes to boost our cifs access from remote locations to our centralized Netapp filers.
Sadly the expand boxes need to have access to the cifs files in order to replicate them to the remote boxes. When accessing files of course the normal user-rights of the user accessing the files are used.
What i did is, i put the service-user into the "Backup Operators" group on the filer, but without success. When i try to replicate the cifs-shares i always get error messages that the user is not allowed to open the files.
With the "Administrators" group on the filer it worked. But this is not an option in my eyes, as this right is too high and in case a user removes the "Administrators" group from a folder the expand box will fail to replicate this folder as well.
Has anybody a good idea or even deployed expand boxes for cifs-acceleration with netapp?
Regards and thanks in advance
Jochen
This doesn't answer your question but explains why it probably doesn't work. The Backup operators group is only relevant when using the backup api.
Jack
On 7/8/08, Willeke, Jochen Jochen.Willeke@wincor-nixdorf.com wrote:
Hi toasters,
we are currently testing expand boxes to boost our cifs access from remote locations to our centralized Netapp filers.
Sadly the expand boxes need to have access to the cifs files in order to replicate them to the remote boxes. When accessing files of course the normal user-rights of the user accessing the files are used.
What i did is, i put the service-user into the "Backup Operators" group on the filer, but without success. When i try to replicate the cifs-shares i always get error messages that the user is not allowed to open the files.
With the "Administrators" group on the filer it worked. But this is not an option in my eyes, as this right is too high and in case a user removes the "Administrators" group from a folder the expand box will fail to replicate this folder as well.
Has anybody a good idea or even deployed expand boxes for cifs-acceleration with netapp?
Regards and thanks in advance
Jochen
-- WINCOR NIXDORF International GmbH Sitz der Gesellschaft: Paderborn Registergericht Paderborn HRB 3507 Geschäftsführer: Eckard Heidloff (Vorsitzender), Stefan Auerbach, Dr. Jürgen Wunram Vorsitzender des Aufsichtsrats: Karl-Heinz Stiller Steuernummer: 339/5884/0020 - Ust-ID Nr.: DE812927716 - WEEE-Reg.-Nr. DE44477193
Diese E-Mail enthält vertrauliche Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
This e-mail may contain confidential information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Ok, that's really a reason why the backup operatos group is not sufficient.
Regards
Jochen
-----Original Message----- From: Jack Lyons [mailto:jack1729@gmail.com] Sent: Wednesday, July 09, 2008 2:08 PM To: Willeke, Jochen; toasters@mathworks.com Subject: Re: Backup Operators group on filer
This doesn't answer your question but explains why it probably doesn't work. The Backup operators group is only relevant when using the backup api.
Jack
On 7/8/08, Willeke, Jochen Jochen.Willeke@wincor-nixdorf.com wrote:
Hi toasters,
we are currently testing expand boxes to boost our cifs access from remote locations to our centralized Netapp filers.
Sadly the expand boxes need to have access to the cifs files in order to replicate them to the remote boxes. When accessing files of course the normal user-rights of the user accessing the files are used.
What i did is, i put the service-user into the "Backup Operators" group on the filer, but without success. When i try to replicate the cifs-shares i always get error messages that the user is not allowed to open the files.
With the "Administrators" group on the filer it worked. But this is not an option in my eyes, as this right is too high and in case a user removes the "Administrators" group from a folder the expand box will fail to replicate this folder as well.
Has anybody a good idea or even deployed expand boxes for cifs-acceleration with netapp?
Regards and thanks in advance
Jochen
-- WINCOR NIXDORF International GmbH Sitz der Gesellschaft: Paderborn Registergericht Paderborn HRB 3507 Geschäftsführer: Eckard Heidloff (Vorsitzender), Stefan Auerbach, Dr. Jürgen Wunram Vorsitzender des Aufsichtsrats: Karl-Heinz Stiller Steuernummer: 339/5884/0020 - Ust-ID Nr.: DE812927716 - WEEE-Reg.-Nr. DE44477193
Diese E-Mail enthält vertrauliche Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.
This e-mail may contain confidential information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
-
Darren Sykes -
Davies,Matt -
Jack Lyons -
Willeke, Jochen