Get back

Multiprotocol NAS access to Netapp resources with ACLs

16.04.2018

Access via CIFS (SMB) to NFSv4 exports hosted on Netapp (step-by-step guide)

1) Integrating Netapp filer with LDAP:

Run code above on target vFiler. Command options may vary depending on specific infrastructure (AD DC with FSMO role in this case).
2) Checking if this configuration works:

The output should look like:

getXXbyYY and wcc commands can be run only in advanced mode.
3) Updating /etc/nsswitch.conf permissions:

Add memberUid attribute for groups, that will have access both to Linux and Windows environments, memberUid attribute must be in lowercase!
4) Configuring NFSv4 on Netapp:
Create /Volume/qtree, export NFS there.
/etc/exports should look like

Switch on NFSv4 access control lists using these options

5) Configuring NFSv4 ACLs on Linux:
Mount export on the terminal Linux server using these options

Set ACLs according to required needs

Keep in mind, that A stands for Allow, D stands for Deny
6) Creating CIFS share on Netapp:
Use cifs setup to configure services. Next, create CIFS share on the /vol/qtree from step 4

Keep EVERYONE/FULLCONTROL permission to avoid excessive restrictions at share level

7) Final tweaking:
Set permissions with NFSv4 ACLs tool. Try Windows access using Linux credentials. Check Linux permissions by means of Secureshare utility.