Patrick,
Tough to mandate dave or admitmac in a diverse higher education environment. 100's of macs show up after the Christmas holidays and they all expect to use university resources immediately.
Carl,
Our understanding from Apple is that the next Leopard update, 10.52, will address the CIFS access issue. It's in a testing phase now but not available to folks external to Apple.
-=-=- gerald villabroza <geraldv at stanford.edu> technical lead, its storage, stanford university
-----Original Message----- From: Patrick van Helden [mailto:pvh@databasement.eu] Sent: Wednesday, January 30, 2008 8:24 AM To: Carl Howell; Villabroza, Gerald Cc: toasters@mathworks.com Subject: RE: NetApp & Leopard
Hi Guys,
Why don't you guys use a 3rd party client like "Dave" or "Admitmac" from Thursby?
Admitmac even has Windows DFS support
Regards,
Patrick van Helden Databasement BV pvh@databasement.eu
-----Oorspronkelijk bericht----- Van: owner-toasters@mathworks.com namens Carl Howell Verzonden: wo 1/30/2008 15:56 Aan: geraldv@stanford.edu CC: toasters@mathworks.com Onderwerp: RE: NetApp & Leopard
Gerald,
Thanks for the feedback, and yes, feel free to reference us.
--Carl
-----Original Message----- From: Villabroza, Gerald [mailto:geraldv@stanford.edu] Sent: Wednesday, January 30, 2008 8:49 AM To: Carl Howell Cc: toasters@mathworks.com Subject: Re: NetApp & Leopard
Carl,
We're experiencing the same issue when accessing DOT 7.2.2 CIFS in Win 2k3 AD with OS X 10.5.1.
We've opened a case with Apple and here's what they came back with:
##### When a Leopard client opens a session, it sends three mechanisms in this
order, KRB5, some OID I don't what it is, and MS KRB5. The filer returns an unsupported error.
Apple thinks DOT is just bailing on the first unsupported mechanism
and
not checking the whole list. Tiger only sent the MS KRB5 mechanism so that is why it works.
Apple is working on building a test of their kerberos library that
puts
MS KRB5 as the first mechanism to validate the hypothesis. #####
Leopard can authenticate via K5 against MS WIN 2k3 systems fine in our environment, just not against DOT.
Luckily Apple and NetApp are both TSAnet members and can collaborate
on
the support case.
Do you mind if reference your experience at UWF with NetApp and Apple? And if you don't, do you have a case # with NetApp?
Its interesting to hear of other hi-ed's with this issue. Any others out there? Like other issues in our space it helps to band together.
-=-=- gerald villabroza <geraldv at stanford.edu> technical lead, its storage, stanford university
Carl Howell wrote:
I've stumbled across a problem we're having accessing filer hosted
CIFS
shares from Mac OS X Leopard 10.5.1. The Leopard boxes I've tried
this
on are all bound to our Win2k3 Active Directory. If you log into
Leopard
with your domain credentials and try to access a share on a
filer(this
happens on all of our filers and all are at 7.x and above), you will
be
prompted for your password. If you try to access the same CIFS share hosted on a Win2k3 box, you will get right in.
Has anyone else seen this?
Thanks,
--Carl
At least in my environment, this now partially works in 10.5.2. Based on my experimentation: What works is doing a "Go -> Connect to Server" and punching in cifs://netapp. What doesn't is trying to browse to it over the network. I'm not sure why one works and the other doesn't.
Regards,
Barry King
On Fri, Feb 8, 2008 at 2:53 PM, Villabroza, Gerald geraldv@stanford.edu wrote:
Patrick,
Tough to mandate dave or admitmac in a diverse higher education environment. 100's of macs show up after the Christmas holidays and they all expect to use university resources immediately.
Carl,
Our understanding from Apple is that the next Leopard update, 10.52, will address the CIFS access issue. It's in a testing phase now but not available to folks external to Apple.
-=-=- gerald villabroza <geraldv at stanford.edu> technical lead, its storage, stanford university
-----Original Message----- From: Patrick van Helden [mailto:pvh@databasement.eu] Sent: Wednesday, January 30, 2008 8:24 AM To: Carl Howell; Villabroza, Gerald Cc: toasters@mathworks.com Subject: RE: NetApp & Leopard
Hi Guys,
Why don't you guys use a 3rd party client like "Dave" or "Admitmac" from Thursby?
Admitmac even has Windows DFS support
Regards,
Patrick van Helden Databasement BV pvh@databasement.eu
-----Oorspronkelijk bericht----- Van: owner-toasters@mathworks.com namens Carl Howell Verzonden: wo 1/30/2008 15:56 Aan: geraldv@stanford.edu CC: toasters@mathworks.com Onderwerp: RE: NetApp & Leopard
Gerald,
Thanks for the feedback, and yes, feel free to reference us.
--Carl
-----Original Message----- From: Villabroza, Gerald [mailto:geraldv@stanford.edu] Sent: Wednesday, January 30, 2008 8:49 AM To: Carl Howell Cc: toasters@mathworks.com Subject: Re: NetApp & Leopard
Carl,
We're experiencing the same issue when accessing DOT 7.2.2 CIFS in Win 2k3 AD with OS X 10.5.1.
We've opened a case with Apple and here's what they came back with:
##### When a Leopard client opens a session, it sends three mechanisms in this
order, KRB5, some OID I don't what it is, and MS KRB5. The filer returns an unsupported error.
Apple thinks DOT is just bailing on the first unsupported mechanism
and
not checking the whole list. Tiger only sent the MS KRB5 mechanism so that is why it works.
Apple is working on building a test of their kerberos library that
puts
MS KRB5 as the first mechanism to validate the hypothesis. #####
Leopard can authenticate via K5 against MS WIN 2k3 systems fine in our environment, just not against DOT.
Luckily Apple and NetApp are both TSAnet members and can collaborate
on
the support case.
Do you mind if reference your experience at UWF with NetApp and Apple? And if you don't, do you have a case # with NetApp?
Its interesting to hear of other hi-ed's with this issue. Any others out there? Like other issues in our space it helps to band together.
-=-=- gerald villabroza <geraldv at stanford.edu> technical lead, its storage, stanford university
Carl Howell wrote:
I've stumbled across a problem we're having accessing filer hosted
CIFS
shares from Mac OS X Leopard 10.5.1. The Leopard boxes I've tried
this
on are all bound to our Win2k3 Active Directory. If you log into
Leopard
with your domain credentials and try to access a share on a
filer(this
happens on all of our filers and all are at 7.x and above), you will
be
prompted for your password. If you try to access the same CIFS share hosted on a Win2k3 box, you will get right in.
Has anyone else seen this?
Thanks,
--Carl
back on the Leopard and Data ONTAP CIFS train:
As some of us have found, 10.5.2 doesn't play nice with ONTAP cifs.
NetApp has created a BURT:
http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=283117
Its classified as a severity 3 (serious inconvenience) because there's a work around by passing credentials over NTLM after kerberos fails.
The workaround fails in our environment. We think its because NTLM works but we disallow NTLM and only allow kerberos or NTLMv2.
We've heard that the issue is scheduled to be fixed in 7.2.6 slated for October.
If you have similar issues or if you'd like it fixed earlier, please open a case and reference the BURT. The more customers that report the problem gives them a bigger reason to release a fix sooner.
-=-=- gerald villabroza <geraldv at stanford.edu http://stanford.edu> technical lead, its storage, stanford university
Barry King wrote:
At least in my environment, this now partially works in 10.5.2. Based on my experimentation: What works is doing a "Go -> Connect to Server" and punching in cifs://netapp. What doesn't is trying to browse to it over the network. I'm not sure why one works and the other doesn't.
Regards,
Barry King
On Fri, Feb 8, 2008 at 2:53 PM, Villabroza, Gerald <geraldv@stanford.edu mailto:geraldv@stanford.edu> wrote:
Patrick, Tough to mandate dave or admitmac in a diverse higher education environment. 100's of macs show up after the Christmas holidays and they all expect to use university resources immediately. Carl, Our understanding from Apple is that the next Leopard update, 10.52, will address the CIFS access issue. It's in a testing phase now but not available to folks external to Apple. -=-=- gerald villabroza <geraldv at stanford.edu <http://stanford.edu>> technical lead, its storage, stanford university > -----Original Message----- > From: Patrick van Helden [mailto:pvh@databasement.eu <mailto:pvh@databasement.eu>] > Sent: Wednesday, January 30, 2008 8:24 AM > To: Carl Howell; Villabroza, Gerald > Cc: toasters@mathworks.com <mailto:toasters@mathworks.com> > Subject: RE: NetApp & Leopard > > Hi Guys, > > Why don't you guys use a 3rd party client like "Dave" or "Admitmac" > from Thursby? > > Admitmac even has Windows DFS support > > Regards, > > Patrick van Helden > Databasement BV > pvh@databasement.eu <mailto:pvh@databasement.eu> > > > > -----Oorspronkelijk bericht----- > Van: owner-toasters@mathworks.com <mailto:owner-toasters@mathworks.com> namens Carl Howell > Verzonden: wo 1/30/2008 15:56 > Aan: geraldv@stanford.edu <mailto:geraldv@stanford.edu> > CC: toasters@mathworks.com <mailto:toasters@mathworks.com> > Onderwerp: RE: NetApp & Leopard > > Gerald, > > Thanks for the feedback, and yes, feel free to reference us. > > --Carl > > -----Original Message----- > From: Villabroza, Gerald [mailto:geraldv@stanford.edu <mailto:geraldv@stanford.edu>] > Sent: Wednesday, January 30, 2008 8:49 AM > To: Carl Howell > Cc: toasters@mathworks.com <mailto:toasters@mathworks.com> > Subject: Re: NetApp & Leopard > > Carl, > > We're experiencing the same issue when accessing DOT 7.2.2 CIFS in Win > 2k3 AD with OS X 10.5.1. > > We've opened a case with Apple and here's what they came back with: > > ##### > When a Leopard client opens a session, it sends three mechanisms in > this > > order, KRB5, some OID I don't what it is, and MS KRB5. The filer > returns an unsupported error. > > Apple thinks DOT is just bailing on the first unsupported mechanism and > not checking the whole list. Tiger only sent the MS KRB5 mechanism so > that is why it works. > > Apple is working on building a test of their kerberos library that puts > MS KRB5 as the first mechanism to validate the hypothesis. > ##### > > Leopard can authenticate via K5 against MS WIN 2k3 systems fine in our > environment, just not against DOT. > > Luckily Apple and NetApp are both TSAnet members and can collaborate on > the support case. > > Do you mind if reference your experience at UWF with NetApp and Apple? > And if you don't, do you have a case # with NetApp? > > Its interesting to hear of other hi-ed's with this issue. Any others > out there? Like other issues in our space it helps to band together. > > -=-=- > gerald villabroza <geraldv at stanford.edu <http://stanford.edu>> > technical lead, its storage, stanford university > > > Carl Howell wrote: > > I've stumbled across a problem we're having accessing filer hosted > CIFS > > shares from Mac OS X Leopard 10.5.1. The Leopard boxes I've tried > this > > on are all bound to our Win2k3 Active Directory. If you log into > Leopard > > with your domain credentials and try to access a share on a > filer(this > > happens on all of our filers and all are at 7.x and above), you will > be > > prompted for your password. If you try to access the same CIFS share > > hosted on a Win2k3 box, you will get right in. > > > > > > > > Has anyone else seen this? > > > > > > > > Thanks, > > > > > > > > --Carl > > > > > > > > > > > > > > >
-- Barry King barryking93@gmail.com mailto:barryking93@gmail.com
I run 10.5.2 with CIFS on Data ONTap without any issue. I would want to know more about the client¹s environment before I pointed the finger @ NetApp.
Cheers,
Vaughn Stewart | Virtualization Evangelist
From: "Villabroza, Gerald" geraldv@stanford.edu Organization: Stanford University Reply-To: geraldv@stanford.edu Date: Sat, 05 Apr 2008 10:56:25 -0700 To: Barry King barryking93@gmail.com Cc: toasters@mathworks.com Subject: Re: NetApp & Leopard
back on the Leopard and Data ONTAP CIFS train:
As some of us have found, 10.5.2 doesn't play nice with ONTAP cifs.
NetApp has created a BURT:
http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=283117
Its classified as a severity 3 (serious inconvenience) because there's a work around by passing credentials over NTLM after kerberos fails.
The workaround fails in our environment. We think its because NTLM works but we disallow NTLM and only allow kerberos or NTLMv2.
We've heard that the issue is scheduled to be fixed in 7.2.6 slated for October.
If you have similar issues or if you'd like it fixed earlier, please open a case and reference the BURT. The more customers that report the problem gives them a bigger reason to release a fix sooner.
-=-=- gerald villabroza <geraldv at stanford.edu http://stanford.edu> technical lead, its storage, stanford university
Barry King wrote:
At least in my environment, this now partially works in 10.5.2. Based on my experimentation: What works is doing a "Go -> Connect to Server" and punching in cifs://netapp. What doesn't is trying to browse to it over the network. I'm not sure why one works and the other doesn't.
Regards,
Barry King
On Fri, Feb 8, 2008 at 2:53 PM, Villabroza, Gerald <geraldv@stanford.edu mailto:geraldv@stanford.edu> wrote:
Patrick, Tough to mandate dave or admitmac in a diverse higher education environment. 100's of macs show up after the Christmas holidays and they all expect to use university resources immediately. Carl, Our understanding from Apple is that the next Leopard update, 10.52, will address the CIFS access issue. It's in a testing phase now but not available to folks external to Apple. -=-=- gerald villabroza <geraldv at stanford.edu <http://stanford.edu>> technical lead, its storage, stanford university > -----Original Message----- > From: Patrick van Helden [mailto:pvh@databasement.eu <mailto:pvh@databasement.eu>] > Sent: Wednesday, January 30, 2008 8:24 AM > To: Carl Howell; Villabroza, Gerald > Cc: toasters@mathworks.com <mailto:toasters@mathworks.com> > Subject: RE: NetApp & Leopard > > Hi Guys, > > Why don't you guys use a 3rd party client like "Dave" or "Admitmac" > from Thursby? > > Admitmac even has Windows DFS support > > Regards, > > Patrick van Helden > Databasement BV > pvh@databasement.eu <mailto:pvh@databasement.eu> > > > > -----Oorspronkelijk bericht----- > Van: owner-toasters@mathworks.com <mailto:owner-toasters@mathworks.com> namens Carl Howell > Verzonden: wo 1/30/2008 15:56 > Aan: geraldv@stanford.edu <mailto:geraldv@stanford.edu> > CC: toasters@mathworks.com <mailto:toasters@mathworks.com> > Onderwerp: RE: NetApp & Leopard > > Gerald, > > Thanks for the feedback, and yes, feel free to reference us. > > --Carl > > -----Original Message----- > From: Villabroza, Gerald [mailto:geraldv@stanford.edu <mailto:geraldv@stanford.edu>] > Sent: Wednesday, January 30, 2008 8:49 AM > To: Carl Howell > Cc: toasters@mathworks.com <mailto:toasters@mathworks.com> > Subject: Re: NetApp & Leopard > > Carl, > > We're experiencing the same issue when accessing DOT 7.2.2 CIFS in Win > 2k3 AD with OS X 10.5.1. > > We've opened a case with Apple and here's what they came back with: > > ##### > When a Leopard client opens a session, it sends three mechanisms in > this > > order, KRB5, some OID I don't what it is, and MS KRB5. The filer > returns an unsupported error. > > Apple thinks DOT is just bailing on the first unsupported mechanism and > not checking the whole list. Tiger only sent the MS KRB5 mechanism so > that is why it works. > > Apple is working on building a test of their kerberos library that puts > MS KRB5 as the first mechanism to validate the hypothesis. > ##### > > Leopard can authenticate via K5 against MS WIN 2k3 systems fine in our > environment, just not against DOT. > > Luckily Apple and NetApp are both TSAnet members and can collaborate on > the support case. > > Do you mind if reference your experience at UWF with NetApp and Apple? > And if you don't, do you have a case # with NetApp? > > Its interesting to hear of other hi-ed's with this issue. Any others > out there? Like other issues in our space it helps to band together. > > -=-=- > gerald villabroza <geraldv at stanford.edu <http://stanford.edu>> > technical lead, its storage, stanford university > > > Carl Howell wrote: > > I've stumbled across a problem we're having accessing filer hosted > CIFS > > shares from Mac OS X Leopard 10.5.1. The Leopard boxes I've tried > this > > on are all bound to our Win2k3 Active Directory. If you log into > Leopard > > with your domain credentials and try to access a share on a > filer(this > > happens on all of our filers and all are at 7.x and above), you will > be > > prompted for your password. If you try to access the same CIFS share > > hosted on a Win2k3 box, you will get right in. > > > > > > > > Has anyone else seen this? > > > > > > > > Thanks, > > > > > > > > --Carl > > > > > > > > > > > > > > >
-- Barry King barryking93@gmail.com mailto:barryking93@gmail.com
Gerald,
Thanks for staying on top of this. Burt 283117 is exactly what we're experiencing.
Vaughn, we run a standard Windows 2003 Active Directory. I've tested this against every filer we have, and it always behaves the same. If I recreate one of the shares we have on a filer on a Windows 2003 box, I can log right in using Leopard.
To be fair, this appears to be more a Leopard+Kerberos issue than a problem with OnTap.
--Carl
From: owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] On Behalf Of Vaughn Stewart Sent: Sunday, April 06, 2008 3:49 PM To: geraldv@stanford.edu; Barry King Cc: toasters@mathworks.com Subject: Re: NetApp & Leopard
I run 10.5.2 with CIFS on Data ONTap without any issue. I would want to know more about the client's environment before I pointed the finger @ NetApp.
Cheers,
Vaughn Stewart | Virtualization Evangelist
________________________________
From: "Villabroza, Gerald" geraldv@stanford.edu Organization: Stanford University Reply-To: geraldv@stanford.edu Date: Sat, 05 Apr 2008 10:56:25 -0700 To: Barry King barryking93@gmail.com Cc: toasters@mathworks.com Subject: Re: NetApp & Leopard
back on the Leopard and Data ONTAP CIFS train:
As some of us have found, 10.5.2 doesn't play nice with ONTAP cifs.
NetApp has created a BURT:
http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=283117
Its classified as a severity 3 (serious inconvenience) because there's a
work around by passing credentials over NTLM after kerberos fails.
The workaround fails in our environment. We think its because NTLM works but we disallow NTLM and only allow kerberos or NTLMv2.
We've heard that the issue is scheduled to be fixed in 7.2.6 slated for October.
If you have similar issues or if you'd like it fixed earlier, please open a case and reference the BURT. The more customers that report the problem gives them a bigger reason to release a fix sooner.
-=-=- gerald villabroza <geraldv at stanford.edu http://stanford.edu http://stanford.edu > technical lead, its storage, stanford university
Barry King wrote:
At least in my environment, this now partially works in 10.5.2. Based
on my experimentation: What works is doing a "Go -> Connect to
Server"
and punching in cifs://netapp. What doesn't is trying to browse to it
over the network. I'm not sure why one works and the other doesn't.
Regards,
Barry King
On Fri, Feb 8, 2008 at 2:53 PM, Villabroza, Gerald
<geraldv@stanford.edu
mailto:geraldv@stanford.edu mailto:geraldv@stanford.edu > wrote:
Patrick, Tough to mandate dave or admitmac in a diverse higher education environment. 100's of macs show up after the Christmas holidays
and
they all expect to use university resources immediately. Carl, Our understanding from Apple is that the next Leopard update,
10.52,
will address the CIFS access issue. It's in a testing phase now
but not
available to folks external to Apple. -=-=- gerald villabroza <geraldv at stanford.edu <http://stanford.edu>
technical lead, its storage, stanford university > -----Original Message----- > From: Patrick van Helden [mailto:pvh@databasement.eu <mailto:pvh@databasement.eu> <mailto:pvh@databasement.eu> ] > Sent: Wednesday, January 30, 2008 8:24 AM > To: Carl Howell; Villabroza, Gerald > Cc: toasters@mathworks.com <mailto:toasters@mathworks.com>
> Subject: RE: NetApp & Leopard > > Hi Guys, > > Why don't you guys use a 3rd party client like "Dave" or
"Admitmac"
> from Thursby? > > Admitmac even has Windows DFS support > > Regards, > > Patrick van Helden > Databasement BV > pvh@databasement.eu <mailto:pvh@databasement.eu>
> > > > -----Oorspronkelijk bericht----- > Van: owner-toasters@mathworks.com <mailto:owner-toasters@mathworks.com>
mailto:owner-toasters@mathworks.com namens Carl Howell
> Verzonden: wo 1/30/2008 15:56 > Aan: geraldv@stanford.edu <mailto:geraldv@stanford.edu>
> CC: toasters@mathworks.com <mailto:toasters@mathworks.com>
> Onderwerp: RE: NetApp & Leopard > > Gerald, > > Thanks for the feedback, and yes, feel free to reference us. > > --Carl > > -----Original Message----- > From: Villabroza, Gerald [mailto:geraldv@stanford.edu <mailto:geraldv@stanford.edu> <mailto:geraldv@stanford.edu> ] > Sent: Wednesday, January 30, 2008 8:49 AM > To: Carl Howell > Cc: toasters@mathworks.com <mailto:toasters@mathworks.com>
> Subject: Re: NetApp & Leopard > > Carl, > > We're experiencing the same issue when accessing DOT 7.2.2 CIFS in Win > 2k3 AD with OS X 10.5.1. > > We've opened a case with Apple and here's what they came back
with:
> > ##### > When a Leopard client opens a session, it sends three
mechanisms in
> this > > order, KRB5, some OID I don't what it is, and MS KRB5. The
filer
> returns an unsupported error. > > Apple thinks DOT is just bailing on the first unsupported
mechanism
and > not checking the whole list. Tiger only sent the MS KRB5 mechanism so > that is why it works. > > Apple is working on building a test of their kerberos library
that
puts > MS KRB5 as the first mechanism to validate the hypothesis. > ##### > > Leopard can authenticate via K5 against MS WIN 2k3 systems fine in our > environment, just not against DOT. > > Luckily Apple and NetApp are both TSAnet members and can
collaborate
on > the support case. > > Do you mind if reference your experience at UWF with NetApp and Apple? > And if you don't, do you have a case # with NetApp? > > Its interesting to hear of other hi-ed's with this issue. Any
others
> out there? Like other issues in our space it helps to band
together.
> > -=-=- > gerald villabroza <geraldv at stanford.edu
http://stanford.edu http://stanford.edu >
> technical lead, its storage, stanford university > > > Carl Howell wrote: > > I've stumbled across a problem we're having accessing filer
hosted
> CIFS > > shares from Mac OS X Leopard 10.5.1. The Leopard boxes I've
tried
> this > > on are all bound to our Win2k3 Active Directory. If you log
into
> Leopard > > with your domain credentials and try to access a share on a > filer(this > > happens on all of our filers and all are at 7.x and above),
you
will > be > > prompted for your password. If you try to access the same
CIFS
share > > hosted on a Win2k3 box, you will get right in. > > > > > > > > Has anyone else seen this? > > > > > > > > Thanks, > > > > > > > > --Carl > > > > > > > > > > > > > > >
-- Barry King barryking93@gmail.com mailto:barryking93@gmail.com
NetApp published a BURT (283117) and a p release (7.2.4p9) in response to how ONTAP deals with Kerberos auth.
See: (http://now.netapp.com/NOW/download/software/ontap/7.2.4P9/)
To be fair, ONTAP works just fine with Leopard in many cases, just not when MIT Kerberos 5 and NTLMv2 are the only two allowed CIFS authentication protocols. Environments with weaker security (NTLMv1) are fine. Tiger works because it sent MS Kerberos first, which ONTAP knows how to deal with.
Anyone planning on deploying 7.2.4p9? I am, but I've missed my change window and may have to wait until after mid June (University finals and graduation time).
-=-=- gerald villabroza <geraldv at stanford.edu http://stanford.edu> technical lead, its storage, stanford university
Carl Howell wrote:
Gerald,
Thanks for staying on top of this. Burt 283117 is exactly what we’re experiencing.
Vaughn, we run a standard Windows 2003 Active Directory. I’ve tested this against every filer we have, and it always behaves the same. If I recreate one of the shares we have on a filer on a Windows 2003 box, I can log right in using Leopard.
To be fair, this appears to be more a Leopard+Kerberos issue than a problem with OnTap.
--Carl
*From:* owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] *On Behalf Of *Vaughn Stewart *Sent:* Sunday, April 06, 2008 3:49 PM *To:* geraldv@stanford.edu; Barry King *Cc:* toasters@mathworks.com *Subject:* Re: NetApp & Leopard
I run 10.5.2 with CIFS on Data ONTap without any issue. I would want to know more about the client’s environment before I pointed the finger @ NetApp.
Cheers,
Vaughn Stewart | Virtualization Evangelist
*From: *"Villabroza, Gerald" geraldv@stanford.edu *Organization: *Stanford University *Reply-To: *geraldv@stanford.edu *Date: *Sat, 05 Apr 2008 10:56:25 -0700 *To: *Barry King barryking93@gmail.com *Cc: *toasters@mathworks.com *Subject: *Re: NetApp & Leopard
back on the Leopard and Data ONTAP CIFS train:
As some of us have found, 10.5.2 doesn't play nice with ONTAP cifs.
NetApp has created a BURT:
http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=283117 http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=283117
Its classified as a severity 3 (serious inconvenience) because there's a work around by passing credentials over NTLM after kerberos fails.
The workaround fails in our environment. We think its because NTLM works but we disallow NTLM and only allow kerberos or NTLMv2.
We've heard that the issue is scheduled to be fixed in 7.2.6 slated for October.
If you have similar issues or if you'd like it fixed earlier, please open a case and reference the BURT. The more customers that report the problem gives them a bigger reason to release a fix sooner.
-=-=- gerald villabroza <geraldv at stanford.edu http://stanford.edu> technical lead, its storage, stanford university
Barry King wrote:
At least in my environment, this now partially works in 10.5.2. Based on my experimentation: What works is doing a "Go -> Connect to Server" and punching in cifs://netapp. What doesn't is trying to browse to it over the network. I'm not sure why one works and the other doesn't.
Regards,
Barry King
On Fri, Feb 8, 2008 at 2:53 PM, Villabroza, Gerald <geraldv@stanford.edu mailto:geraldv@stanford.edu> wrote:
Patrick, Tough to mandate dave or admitmac in a diverse higher education environment. 100's of macs show up after the Christmas holidays and they all expect to use university resources immediately. Carl, Our understanding from Apple is that the next Leopard update, 10.52, will address the CIFS access issue. It's in a testing phase now
but not
available to folks external to Apple. -=-=- gerald villabroza <geraldv at stanford.edu <http://stanford.edu>> technical lead, its storage, stanford university > -----Original Message----- > From: Patrick van Helden [mailto:pvh@databasement.eu <mailto:pvh@databasement.eu>] > Sent: Wednesday, January 30, 2008 8:24 AM > To: Carl Howell; Villabroza, Gerald > Cc: toasters@mathworks.com <mailto:toasters@mathworks.com> > Subject: RE: NetApp & Leopard > > Hi Guys, > > Why don't you guys use a 3rd party client like "Dave" or "Admitmac" > from Thursby? > > Admitmac even has Windows DFS support > > Regards, > > Patrick van Helden > Databasement BV > pvh@databasement.eu <mailto:pvh@databasement.eu> > > > > -----Oorspronkelijk bericht----- > Van: owner-toasters@mathworks.com <mailto:owner-toasters@mathworks.com> namens Carl Howell > Verzonden: wo 1/30/2008 15:56 > Aan: geraldv@stanford.edu <mailto:geraldv@stanford.edu> > CC: toasters@mathworks.com <mailto:toasters@mathworks.com> > Onderwerp: RE: NetApp & Leopard > > Gerald, > > Thanks for the feedback, and yes, feel free to reference us. > > --Carl > > -----Original Message----- > From: Villabroza, Gerald [mailto:geraldv@stanford.edu <mailto:geraldv@stanford.edu>] > Sent: Wednesday, January 30, 2008 8:49 AM > To: Carl Howell > Cc: toasters@mathworks.com <mailto:toasters@mathworks.com> > Subject: Re: NetApp & Leopard > > Carl, > > We're experiencing the same issue when accessing DOT 7.2.2 CIFS in Win > 2k3 AD with OS X 10.5.1. > > We've opened a case with Apple and here's what they came back with: > > ##### > When a Leopard client opens a session, it sends three mechanisms in > this > > order, KRB5, some OID I don't what it is, and MS KRB5. The filer > returns an unsupported error. > > Apple thinks DOT is just bailing on the first unsupported mechanism and > not checking the whole list. Tiger only sent the MS KRB5 mechanism so > that is why it works. > > Apple is working on building a test of their kerberos library that puts > MS KRB5 as the first mechanism to validate the hypothesis. > ##### > > Leopard can authenticate via K5 against MS WIN 2k3 systems fine in our > environment, just not against DOT. > > Luckily Apple and NetApp are both TSAnet members and can
collaborate
on > the support case. > > Do you mind if reference your experience at UWF with NetApp and Apple? > And if you don't, do you have a case # with NetApp? > > Its interesting to hear of other hi-ed's with this issue. Any
others
> out there? Like other issues in our space it helps to band
together.
> > -=-=- > gerald villabroza <geraldv at stanford.edu <http://stanford.edu>> > technical lead, its storage, stanford university > > > Carl Howell wrote: > > I've stumbled across a problem we're having accessing filer
hosted
> CIFS > > shares from Mac OS X Leopard 10.5.1. The Leopard boxes I've tried > this > > on are all bound to our Win2k3 Active Directory. If you log into > Leopard > > with your domain credentials and try to access a share on a > filer(this > > happens on all of our filers and all are at 7.x and above), you will > be > > prompted for your password. If you try to access the same CIFS share > > hosted on a Win2k3 box, you will get right in. > > > > > > > > Has anyone else seen this? > > > > > > > > Thanks, > > > > > > > > --Carl > > > > > > > > > > > > > > >
-- Barry King barryking93@gmail.com mailto:barryking93@gmail.com