Quantcast
Channel: All Network and Storage Protocols posts
Viewing all 2150 articles
Browse latest View live

Re: Maximum IOPS for a RAID-DP

August 17, 2016, 5:57 pm
$
0
0

seeing as most the tech support are clueless with performance analysis I will help the OP out.

 

Run this command

 

statistics show-periodic -object disk:raid_group -instance /node1_aggr1/plex0/rg0  -counter read_ops|write_ops -interval 1 -iterations 60

 

you will need to be in Priveleged Mode - Advanced. 

 

From there you can work out your read/write % and actually work out how to fix it, DO NOT Involve netapp support - they will read off a script and ask for a perfstat then a week later they will say "buy more disk" rather than, oh you have high latency? maybe you need to re-balance the aggregate? or reallocate or add jumbo frames or anything constructive lol.

Search

Re: Files become inaccessible when marked as offline on Netapp CIFS shares.

August 19, 2016, 2:17 am

Re: Folder disappear after folder creation

August 23, 2016, 5:51 am

Get the proper Group & Owner from Netapp (using autofs, sssd)

August 29, 2016, 8:05 am
$
0
0

Hi,

I have a NAS (netapp). with a windows file server that has samba shares connect to AD.

I would like to mount some shares from the NAS onto my ubuntu 16.04 server. When I mount them, I get the group and owner listed as root. I would like to get the proper group and usernames that are listed on the NAS. I will have 20+ users connecting to the server to access the NAS, so i don't want to mount as a specific user, I just want the already established groups and owners to list when a user looks at the directory.  I have also tried using NFS to mount the shares, but instead of the root for group and user, and I get some arbritary number i.e.  4294967294
Here are my autofs config files

Code:
auto.master

/NAS /etc/auto.cifs-shares  --ghost
Code:
auto.cifs-shares

home -fstype=cifs,rw,sec=krb5 ://my-nas/home\$

sssd and kerberos are configured so I am able to login to the unbuntu server with my AD credentials and mount via autofs.

Thanks a lot for you help!
Thomas

Re: Get the proper Group & Owner from Netapp (using autofs, sssd)

August 29, 2016, 8:18 am
$
0
0

I meant to say that I have also tried using NFS, but it still doesn't work.    Also, if I specify a uid and gid, I get the arbritray number (however, I don't want to have to do this since there will be many users connected to the NAS, as mentioned above).

 

Thanks so much!

Re: Automatic Node Referrals and Regarding DNS Entry

August 31, 2016, 11:55 am
$
0
0

Hello,

I have been reading up on both Automatic Node Referrals and on-box-DNS.  Since you mentioned they are 2 separate topics can they both be implemented for the same cluster?

 

Thanks

 

Kathy

Hitting the 16 LUN Limit for one (!) virtual server

September 1, 2016, 7:25 am
$
0
0

Now, after some years of growth, we are really hitting the 16 LUN Limit for one (!) virtual server in near future.

I just want to know, how other admins are getting rid of this problem today.

 

 

I am using several Hyper-V Clusters with Windows 2012 R2. Each Cluster is connected to several iSCSI LUNs (16 TB each).

Due to the rich capacity growth (exchange servers with archiving, huge databases,..), we have some virtual servers which will reach the 16 TB limit soon.

 

I know I can spread out several vhdx files for each server in different CSV LUNs as I do it now manually, but is this the future?

 

When will NETAPP increase the LUN Limit to e.g. 100 TB as the flexvol limit is?

 

 

 

Dynamic Disks (no snapdrive) and volume mount points are no solution as I want to use CSV within the Hyper-V Cluster and snapvault for backup purposes.

 

by the way:

With Microsoft Scale Out File-Server Cluster, I can today use NoName Hardware to build a 64TB (VHDX) shared storage. (But I love Netapp and don`t want to change... :-)

 

Every answer would be appreciated. 

CIFS, cDOT 8.3, and Lexmark MFPs

September 1, 2016, 3:17 pm
$
0
0

I've run into an issue head-first that I can't seem to get past. Looks like it's been a prevalent issue on a lot of other mult-function printers as well. Scanning to Network, the device can reach anything the Windows DC provides directly. Like most MFPs, these Lexmark CX410s don't seem to want to play nice with my FAS2552's CIFS SVM. What's worse is that the FAS's log shows nothing related to CIFS (unless I missed something), meaning I have to go only on my MFP's log.

 

---

 

I get a connection error on the MFP when attempting to connect. To keep things simple, I use "\\x.x.x.x\sharename" just in case DNS isn't playing. Domain just reads the netbios name, not the FQDN. Tried connecting to the root share and to the intended destination folder. Still no joy. MFP reports "unable to connect, ensure lwiod and lsassd are running".

 

---

 

The credentials are good. The scanner+service account successfully connects with a test share on the DC. The SVM is connecting to the DC, and is seeing that all types of authentication are accepted. The SVM recognizes domain accounts and can set the Share Permissions based on domain or local accounts. The SVM can see the Default Domain policy. I have tried with both local and domain scanner accounts set to full control and to read/write. Device still refuses to connect. SMB signing is not currently required anywhere on the network. No requirements for SMB2 or 3 have been set on the DC, and none set on the SVM (as far as I am aware).

 

I've read some ridiculous workarounds, including building an iSCSI and have one of the servers just share a small target through Windows. I am not a fan of this idea as it requires that specific server/VM running. Anyone have experience defeating the roadblock and scanning directly to their network folder?

Search

Re: CIFS, cDOT 8.3, and Lexmark MFPs

September 1, 2016, 6:17 pm
$
0
0

You probably want to open a case so support can have a look at it, but try updating the firmware on the scanner. 

 

Re: CIFS, cDOT 8.3, and Lexmark MFPs

September 1, 2016, 6:41 pm
$
0
0

I am really hoping I don't have to, but yeah. I see that too.

 

Yes, the MFP's firmware is the absolutely newest non-beta version.

Changing SIDs/UIDs/GIDs safely in mixed qtrees

September 3, 2016, 9:29 am
$
0
0

We use a FAS3220 MDL filer with Data ONTAP 8.1.4P6 7-MODE as a
combined CIFS and NFS server with mostly mixed-type qtrees, where
files and folders occur with both NFSv3 and NTFS access permissions.
Users are authenticated via Active Directory Kerberos and Unix
passwd/group information is provided via an LDAP server.

 

We are planning to migrate our old Active Directory domain to a new
domain. As part of such a domain migration, all SIDs of CIFS users
will change. Microsoft's domain migration tool ADMT includes a
"Security Translation Wizard" that (among other things) offers to walk
over every file tree in every CIFS/NTFS server in the domain to
replace in every NTFS security descriptor every old-domain SID with
the equivalent new-domain SID.

 

Likewise, we sometimes find it necessary to change the UID/GID of some
Unix users, and then we could use a chown shell script on an NFS
client to replace on the filer in every inode the old UID/GID with the
equivalent new one.

 

All of this is easy in pure Unix- of NTFS-mode qtrees, because there
are tools available for each to do this.

 

But what about our many mixed-mode qtrees, where our users keep a wild
mix of files and folders with either Unix- or NTFS-style security
intermingled?

 

If we use chmod via NFSv3 on a mixed-mode qtree, we would destroy all
NTFS security data, and if we used a Windows equivalent, like
Microsoft's "Security Translation Wizard", we would surely destroy all
security information in Unix-style files.

 

How can we safely translate UIDs/GIDs/SIDs in a mixed-mode qtree,
without changing the security type of any file or folder?

 

Is it even possible to do this from either an NFS or CIFS client?

 

How can an NFS or CIFS client even see what security-style a file or
folder uses, to avoid changing ownership and ACLs via the wrong protocol?

 

Is there any tool built onto, or available for, Data ONTAP 7-mode
that can safely translate UIDs/GIDs/SIDs in a mixed-mode qtrees?

 

Migrating DC with different domain name

September 8, 2016, 3:54 am
$
0
0

Hi All,

       One of our customer is planning to move the NetApp storage with 7-Mode to another domain as the organisation has merged with another organisation.

The storage is specifiaclly being used for CIFS shares access. There are only10-15 users.

 

My query is how to map the shares to the users in both the case i.e. if the AD migrated with SID and without SID?

 

Thank you.

Re: Migrating DC with different domain name

September 11, 2016, 10:08 pm

Re: Migrating DC with different domain name

September 11, 2016, 11:33 pm
$
0
0

Hi Sahana,

         Thanks and appreciate for your reply. 

The link which you shared is about migrating the users with SID's. In my case the customer has not yet decided to migrate the users with SID's or without it.

So I want to know if without same SID's how to go forward.

 

 

Thanks,

Praveen.

Re: CIFS - creating new mount points on the volume

September 17, 2016, 5:52 am
$
0
0

Still I'm facing issue in creating share...Volume & qtree already exist...Please advise..

 


s199f013>
s199f013> cifs shares -add E199_G10001$ /vol/s199f001_nas_vol002/E199_G10001
The share name 'E199_G10001$' will not be accessible by some MS-DOS workstations
Directory "/vol/s199f001_nas_vol002/E199_G10001" does not exist.
s199f013>

Search

CIFS Share Level Permissions Issue

September 19, 2016, 9:18 am
$
0
0

I just got a Clustered Netapp with 8.3.2SP2 on it and it is functioning except when I apply Windows AD security Groups to a CIFS share and remove (uncheck) the everyone access. So I go into the share and edit the permissions and set the security groups I use to restrict access (in this case it is a security group entitled LCCA-IT-NAS - RW and LCCA-IT-NAS - RO. The RW gets full control and the RO gets READ.

 

Once I set those groups and remove the everyone, I cannot access the shares.

 

Any idea what is missing? I have had a heck of a time with this since I got it and being new to Netapp the commands are not like anything I have encountered in Windows and linux.

 

Appreciate the help. Any comannds I need to run to display information to help let me know.

 

Thanks

 

 

Re: CIFS Share Level Permissions Issue

September 19, 2016, 9:56 am
$
0
0

Also, I cannot access the share even if I type the credentials of a user that is in the security group.

Re: CIFS Share Level Permissions Issue

September 19, 2016, 12:21 pm
$
0
0

I figured it out. Apparently once a VSERVER is created and volumns are set then the rest of the permissions set are done at the Windows level. So I just went into the properties of the shares and removes the everyone and then added the security groups there with the proper security settings (Read, Read/Write).

Re: CIFS Share Level Permissions Issue

September 19, 2016, 12:36 pm
$
0
0

Metuckness -

 

You've hit on one of the key features of CIFS on NetApp.  Once you create an SVM (vServer) you can treat it very much as a Windows file server from management point of view.  CIFS shares have the same "dual" security as does Windows - Share level access and NTFS filesystem level access semantics, which you can mix and match in the same ways as you would on a Windows server.

 

At current levels of cDot (which you have) you can also establish members of the "Local Administrators" group on the SVM so in case someone does something really bad with file permissions, you have a user that can re-take ownership and re-establish the security you want - just as you would on a Windows server.

 

To the greatest extent possible, including honoring relevant GPO settings, an SVM can be considered a "Windows" file server when using CIFS.  Once you're good with that, then the fun can really start.

 

 

 

Bob Greenwald

Senior Systems Engineer | cStor

NCIE SAN ONTAP, Data Protection

 

 

Kudos and accepted solutions are always appreciated.

 

 

Re: Migrating DC with different domain name

September 20, 2016, 4:00 am
$
0
0

Hi All,

       Please correct me if I am wrong if the new domain users do not share same SID's

 

1) I will integrate the storage with New Domain .

2) Map the users from new domain to the same shares and assign same permissions manually.

 

Does the above steps works?

 

Regards,

Praveen.

Viewing all 2150 articles
Browse latest View live
Search