What version of the filer are you running? Is it 5.3 or later?
The filer has always supported multiprotocol access to files. With 5.3 we have completed our security model that is described in the following paper. http://now.netapp.com/NOW/knowledge/docs/olio/guides/53_troubleshooting/conc... .shtml
Assuming you are using a UNIX qtree (the default) then you have two options of how the NT users will interact with the UNIX style security. The first option is to use strict UNIX type security. Each NT user is mapped to a UNIX identity and vanilla UNIX type security is used. In this case option cifs.perm_check_use_gid should be set to ON.
The second option is closer to the NT style of FAT security. If cifs.perm_check_use_gid is OFF, then everyone except the owner is considered a member of the "group". The main control on security is the share level ACL (just like NT). This is controlled by cifs access entries. We allow a further tuning of the ACL by also requiring any access be permitted by the group permissions on the file. The world permissions are not used by PCs (if everyone is permitted access by the share ACL, then world is a member of the "group").
The filer will appear to be a FAT file system to the PC clients. They will probably want to install Secure Share Access to allow them to control the security on files.
SecureShare(tm) Access (176KB) SecureShare Access is a DLL for Win95 and Windows NT 4.0 which adds a page to the Properties... sheet for files which reside on NetApp filers. Double-clicking SSACCESS.EXE causes a self-extracting installer to run, installing the DLL and making the appropriate registry entries. The DLL can be uninstalled at any time by using the Add/Remove programs utility on the Control Panel. SecureShare Access is believed to work on Win98 and Windows NT 5.0, but has not been tested on these platforms and is not supported on them.
http://now.netapp.com/NOW/tools/supported.shtml
You may also wish to look at the following burt since that affects some of the fine points of UNIX style access. http://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=21019
-----Original Message----- From: Elizabeth Schwartz [mailto:eschwart@genuity.net] Sent: Friday, June 09, 2000 12:55 PM To: Muhlestein, Mark Cc: eschwart@genuity.net; toasters@mathworks.com Subject: RE: Unix group permissiosn and NT access on a filer
Thanks!
IT sounds like what we need is a "cred-GID" am I reading this right?
I want to give an NT user the right to access files from his NT box that members of his unix group can access on the Unix side, on a filer set to unix file perms
At 11:21 AM 6/9/00 -0700, mark.muhlestein@netapp.com wrote:
This is controlled via the option cifs.perm_check_use_gid. See
http://now.netapp.com/NOW/knowledge/docs/olio/guides/53_troubleshooting/faq .shtm l#anchor1392048
"My CIFS clients are seeing strange group access with UNIX-style security files"
Mark Muhlestein -- mmm@netapp.com
-----Original Message----- From: Elizabeth Schwartz [mailto:eschwart@genuity.net] Sent: Friday, June 09, 2000 8:19 AM To: toasters@mathworks.com Subject: Unix group permissiosn and NT access on a filer
Please forgive any NT terminology mangling, I'm a Unix person:
We've got a filer that is set up as a Unix filesystem (as opposed to multiprotocol.) Our NT users access their home directories as NT shares on this filer. Their NT login names match their Unix user id's.
On the unix side, I created a group and made a group-writeable directory that is not readable to others. When the NT users log into our unix machine, they can write files in this directory. When they access this directory from the Unix side, only the owner can write files.
Is this fixable? Without making dramatic changes to the filer? (I do have enough space to make a small extra partition if I really had to) -- Elizabeth Schwartz 781-262-6565 Unix System Administrator eschwart@bbnplanet.com Genuity, Inc
-- Elizabeth Schwartz 781-262-6565 Unix System Administrator eschwart@bbnplanet.com Genuity, Inc
-
rob.hawley@netapp.com