Hey all...
I was told, by just about everyone, that if I wanted full CIFS without the "backout problems" possible with 5.x, then I should just go to 4.3.4...
Well.. I have.. and the major porblem I HAD with the NetApp implimentation of CIFS seems to still be there: It looks like while yes there is indeed NT server authentication happening now, no matter WHO I want to access the CIFS shares, they STILL have to MANUALLY PLACED into the /etc/passwd file!!!! What is the POINT of full blown NT server (domain) authentication if I STILL have to input ALL of the users into the /etc/passwd file! That's what my main problem is! We have TONS of UNIX users across campus who are on various NIS+ domains and as a result many have overlapping UIDs! i.e. we can NOT rely on single NIS+ uid mapping.. and would have the SAME problem if we tried to input all our users directly into a single /etc/passwd file on the server.
Is the ONLY way to get around this is by going to 5.x? Does 5.x even FIX this serious problem? What about the differences in the 5.x file system?
I don't HAVE a test file server to test this on.. 100% production... 8v/
Anyone here have this kind of expereince?
Thomas Weeks GTE SYSTEMS ENGINEER Testing-Integration Center "The Pit" Brooks AFB, DSN 240-5444
Well, a couple of things come to mind...
1. Use NIS (or NIS+ running with NIS compatibility mode) -> you can add/remove users at will and the Filer will parse -> the passwd file from NIS.
2. If in fact you are using a domain controller, and you do not care how the UID's map to a particular user...by this I mean:
From na_options: cifs.generic_account
The cifs.generic_account option can enable a user who has no password account in /etc/passwd on the filer or in the NIS password database to get access to the filer, provided that the filer uses a Domain Controller for authentication and the user is in a trusted domain. If the option is set to the name of an account, the user gets the UNIX user ID, group ID, and group set of that account. If the option is blank, generic access is disabled.
EXAMPLE- So you could add a user to the filer's /etc/passwd or NIS such as: pcuser::65534:100:::
Any user that does not have an entry in either passwd file will be known to the filer as UID->65534 and GID 100
Weeks, Thomas wrote:
Hey all...
I was told, by just about everyone, that if I wanted full CIFS without the "backout problems" possible with 5.x, then I should just go to 4.3.4...
Well.. I have.. and the major porblem I HAD with the NetApp implimentation of CIFS seems to still be there: It looks like while yes there is indeed NT server authentication happening now, no matter WHO I want to access the CIFS shares, they STILL have to MANUALLY PLACED into the /etc/passwd file!!!! What is the POINT of full blown NT server (domain) authentication if I STILL have to input ALL of the users into the /etc/passwd file! That's what my main problem is! We have TONS of UNIX users across campus who are on various NIS+ domains and as a result many have overlapping UIDs! i.e. we can NOT rely on single NIS+ uid mapping.. and would have the SAME problem if we tried to input all our users directly into a single /etc/passwd file on the server.
Is the ONLY way to get around this is by going to 5.x? Does 5.x even FIX this serious problem? What about the differences in the 5.x file system?
I don't HAVE a test file server to test this on.. 100% production... 8v/
Anyone here have this kind of expereince?
Thomas Weeks GTE SYSTEMS ENGINEER Testing-Integration Center "The Pit" Brooks AFB, DSN 240-5444
-- Timothy A. McCarthy --> System Engineer, Eastern Region. Network Appliance http://www.netapp.com 301-230-5840 Office \ / Page Me at: 301-230-5852 Fax / 800-654-9619
-
Timothy A. McCarthy -
Weeks, Thomas