Lest we all forget.....NFSv4?
Solaris 10 has it, Mnay version of Linux has it.
Granted I have done very limited testing, but I am able to set and control ACLs using getfacl and setfacl under solaris and linux.
What is nice is that the ACL is obeyed by nfsv3 clients as well. I bet a lucky side-effect.
This "common" ACL support sure looks like it will beat mixed-mode.
When I worked for NTAP, I encouraged as many as possible not to use mixed mode unless they were very sure about what each and every action could do to file perms.
--tmac
Maglinger, Paul wrote:
Personally, although we run mixed-mode as a necessary evil, it is one of the most challenging tasks I have running the filer. I do wish they'd improve it.
Just my 2 cents...
*From:* owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] *On Behalf Of *Glenn Dekhayser *Sent:* Wednesday, March 15, 2006 11:54 *To:* JONES P.S.; Tracy Russell; toasters@mathworks.com *Subject:* RE: Mixed Mode
In my 10+ years of dealing with Netapp, I have never known them to remove a feature from OnTAP, and can't imagine them starting now- especially one used by thousands of installations today. Perhaps your users misunderstood what they heard in training? A trainer would also never disclose that kind of information in that forum as presumably not everyone in the room would be under NDA, and that kind of information, if true (and I suspect not) would be confidential.
*From:* owner-toasters@mathworks.com [mailto:owner-toasters@mathworks.com] *On Behalf Of *JONES P.S. *Sent:* Wednesday, March 15, 2006 10:13 AM *To:* Tracy Russell; toasters@mathworks.com *Subject:* RE: Mixed Mode
I trust this is an individual's surmise and no more. I have not heard of this remote possibility in any shape or form. We rely absolutely on mixed mode presentation to our users; its one of the keystone elements of our single authentication, single filestore architecture. Losing this would be too much to contemplate.
Paul Jones, B.Sc, M.Sc, Ph.D. - Head of Systems Services, Information Technology Service, Durham University, South Road, Durham DH1 3LE Email: p.s.jones@durham.ac.uk Phone/Fax: 0191 334 2749/2701
*From:* owner-toasters@mathworks.com on behalf of Tracy Russell *Sent:* Wed 3/15/2006 2:19 PM *To:* toasters@mathworks.com *Subject:* Mixed Mode
Does anyone know the future of the security mode -- "mixed mode"? Several co-workers returned from NetApp training stating that this particular mode is not encouraged and may be dropped in the not too distant future from NetApp support.
Has anyone else heard this or can confirm this to any degree? We are about to set up a new Filer and I'm trying to decide what to do with a volume that is currently configured for mixed mode security on an old Filer.
If anyone has experiences changes from mixed mode to either all CIFS or NFS, I'd appreciate their inputs as well.
Thanks.
Tracy
tmacmd@gmail.com (Tim McCarthy) writes:
Lest we all forget.....NFSv4?
Solaris 10 has it, Mnay version of Linux has it.
Granted I have done very limited testing, but I am able to set and control ACLs using getfacl and setfacl under solaris and linux.
If this with a qtree/volume in ntfs mode? Or do files in unix mode qtrees/volumes acquire ACLs if you use NFSv4 to them?
What is nice is that the ACL is obeyed by nfsv3 clients as well. I bet a lucky side-effect.
This "common" ACL support sure looks like it will beat mixed-mode.
I would certainly like to think that NFSv4 will solve everyone's problems. :-)
If there are toaster-readers who have practical experience with using NFSv4 to filers, with or without CIFS access to the same files, it would be great if they could describe that to the rest of us. When we've had people from NetApp come and talk to us, they've often said that yes, interworking between NFSv4 and CIFS is fine, but turn out to be short on nitty-gritty details when cross-examined.
A year or so ago, I was successful in getting NFSv4 to work between a R100 (DOT 6.4.5) using CIFS and NFS and a Solaris 8 client. I don't recall many of the details now, except that it was less than straight forward. And I do recall that I had difficulty repeating my success. Trouble shooting the layout included sniffing the network for clues, but even then it wasn't clear what was missing. Since we were using AD for authentication, one of the requirements was that the kerberos realm on the Solaris client had to be the same as our AD domain. My lack of AD expertise was likely a large part of the reason for my troubles. I think it was tricky to get the initial key set up on the AD server, and then propogated to the filer.
So, I can confirm that it can be done, but am unfortunately short on nitty-gritty too. I'm hoping to transition to DOT 7.x soon. I may give it another go, against Solaris 10, and MacOS X, and RedHat clients. The way we share filesystems to all types of clients, it doesn't make sense to bother with kerberos at all, unless we can make it work against all of our clients, and for some reason, MacOS X support for NFSv4 seems to come and go.
Re:
Subject: Re: Mixed Mode To: tmacmd@gmail.com (Tim McCarthy) Date: Thu, 16 Mar 2006 16:50:10 +0000 (GMT) Cc: toasters@mathworks.com From: Chris Thompson cet1@cus.cam.ac.uk
tmacmd@gmail.com (Tim McCarthy) writes:
Lest we all forget.....NFSv4?
Solaris 10 has it, Mnay version of Linux has it.
Granted I have done very limited testing, but I am able to set and control ACLs using getfacl and setfacl under solaris and linux.
If this with a qtree/volume in ntfs mode? Or do files in unix mode qtrees/volumes acquire ACLs if you use NFSv4 to them?
What is nice is that the ACL is obeyed by nfsv3 clients as well. I bet a lucky side-effect.
This "common" ACL support sure looks like it will beat mixed-mode.
I would certainly like to think that NFSv4 will solve everyone's problems. :-)
If there are toaster-readers who have practical experience with using NFSv4 to filers, with or without CIFS access to the same files, it would be great if they could describe that to the rest of us. When we've had people from NetApp come and talk to us, they've often said that yes, interworking between NFSv4 and CIFS is fine, but turn out to be short on nitty-gritty details when cross-examined.
-- Chris Thompson Email: cet1@cam.ac.uk
-
Brian Parent -
Chris Thompson -
Tim McCarthy