Philip,

I take it that your going to use a filer anyway (NetApp CIFS/NFS vs. NetApp NFS + Samba)..?? Samba is an interesting application but there are limitations that you should be aware of, especially when considering deployment in a multiprotocol environment and from the perspective of NT only administrators.

Since the underlying file system that Samba uses is a UNIX file system, the mocked up NTFS permissions that Samba provides will be based on UNIX and limited to a maximum of three ACEs (access control entries) for each ACL (access control list). One ACE for "owner," one for "group" and one for "world." Because of this, one must set NT file permissions using the individual bits under "Special Access" (you won't be able to use the canned ACEs like "Full Control, Change" etc.). Though not a problem for many, NT admins may not necessarily be comfortable with this. I've actually heard of NT admins who were unaware that the "Change," "Full Control" etc. entries actually represented the lower level permissions bits. NetApp's CIFS makes the filer look just like an NT member server rather than providing an NT facility to manipulate UNIX permissions. If one needs to manipulate UNIX permissions under NT, the SecureShare Access tool (available on NOW and on the DOT CD) can be installed. The tool adds a page to the file properties dialog.

Share level ACLs are not only based on UNIX groups, they are set by editing the smb.conf file (by way of vi or SWAT), not Server Manager. Another possible issue for NT admins.

Beginning with Data ONTAP 5.3, a limited implementation of Windows NT access logging became available. Success or failure of file reads or writes can be audited. Furthermore, auditing can be set up for files residing in "NTFS" or "Mixed" qtrees. Samba doesn't provide this.

Samba also has weaknesses in a true multiprotocol environment. The DOS "archive," "system" and "hidden" bits are mapped to the UNIX "X" bits. If a UNIX admin removes an X bit or if an NT admin flips the archive bit, NT users will be in for a surprise when they can't execute program. Something else to consider is that when a Windows user hides a file, a leading period is not added and the file is NOT hidden for the UNIX user. The reverse _may_ also be true (files hidden with a leading period in UNIX may not be hidden from Windows users). Data ONTAP keeps track of these separately. Furthermore, WAFL keeps an archive bit for UNIX files so that an NT based backup program can do an "incremental" backup of UNIX data (backing up over CIFS retains NT ACLs as well as UNIX permissions).

Multiprotocol environments add an interesting twist with respect to file permissions. Remember that Samba can only use UNIX permissions but NetApp filers can be configured to use UNIX and NTFS permissions. Another NT-like edge that WAFL has over Samba is inherited permissions. When a file is copied to a directory or a new file is created in a directory with NTFS-style permissions, that file inherits the permissions of the parent directory. This is also true (as of Data ONTAP 5.3) if a file with UNIX-style permissions is copied to a directory with NTFS-style permissions.

The overhead of Samba's group mapping doesn't exist with filers. Because filers map _users_ on the fly, there is no need for group mapping (this is frequently misunderstood and viewed as a limitation).

Consider centralized support and administration. If you were to use NetApp's CIFS, you'd have one stop shopping for support, bypassing being stuck between two vendors on some support issues. If Samba support beyond mailing lists is desired, there _is_ cost involved. Administration is centralized on the filer versus filer administration + Samba administration.

Again, assuming that you're going to use a filer anyway: **Samba = UNIX rules + two levels of support and administration + painful for NT admins + multiprotocol weaknesses** **NetApp's CIFS = just like NT + centralized support and administration**

Hope this helps.

Best Regards,

Paul Benn Network Appliance

-----Original Message----- From: Philip Thomas [mailto:thomas@act.sps.mot.com] Sent: Friday, May 26, 2000 10:03 PM To: toasters@mathworks.com Subject: Samba Vs CIFFS

Hi, Why should some one pay good money to buy CIFFS license from NetApp when apparently the similar functionality is available "free", Samba? I am hoping folks out there, with experience in both products would be willing to share their knowledge as much their internal policy allows. I am specifically looking for pros and cons with respect to (a) performance (what ever than means) (b) scalibility (500+ users) (c) reliability (d) functionality (e) coexistence with Windows Terminal Server (f) 'cost' (not just dollars) (g) administration (h) interaction or lack of it with commercial apps ...any thing else ?? Perhaps this list is biased to CIFFS, by definition of the mailing list. But I have seen folks willing to speak out in the past. [BTW, please don't shoot the messenger:-)] Thanks.

Philip Thomas Motorola - DDL-ITG, M/S M360 2200 W. Broadway Rd Mesa, AZ 85202 rxjs80@email.sps.mot.com (480) 655-3678 (480) 655-3881 (fax)