Step-by-step guide for access via CIFS (SMB) to NFSv4 exports hosted on NetApp.
1) Integrating Netapp filer with LDAP:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | ldap.ADdomain         ## here we set a domain to which we would like to join ldap.base          DC=com ldap.enable         on ldap.fast_timeout.enable on ldap.minimum_bind_level   simple ldap.name            ## from this account will be performed all requests to database ldap.nssmap.attribute.homeDirectory unixHomeDirectory ldap.nssmap.attribute.uid  sAMAccountName ldap.nssmap.objectClass.posixAccount User ldap.nssmap.objectClass.posixGroup Group ldap.port          3268 ldap.retry_delay     10 ldap.servers       ## domain controllers’ addresses ldap.usermap.attribute.unixaccount uid ldap.usermap.attribute.windowsaccount sAMAccountName |
Â
Run code above on target vFiler. Command options may vary depending on specific infrastructure (AD DC with FSMO role in this case).
2) Checking if this configuration works:
1 | NetApp0*> vfiler run VFILER01 getXXbyYY getpwbyname_r smith |
The output should look like:
1 2 3 4 5 6 7 | ===== VFILER01 pw_name = smith pw_passwd = {{******}} pw_uid = 10000, pw_gid = 10000 pw_gecos = smith, John pw_dir = /home/smith pw_shell = /bin/bash |
getXXbyYY and wcc commands can be run only in advanced mode.
3) Updating/etc/nsswitch.conf permissions:
1 2 | passwd: ldap nis files group: ldap nis files |
Add memberUid attribute for groups, that will have access both to Linux and Windows environments, memberUid attribute must be in lowercase!
4) Configuring NFSv4 on Netapp:
Create /Volume/qtree, export NFS there.
/etc/exports should look like
1 | /vol/xxx_VFILER01_nfs_vol00/ACL_test -sec=sys,rw,root=192.168.1.1,nosuid |
Switch on NFSv4 access control lists using these options
1 2 3 | nfs.v4.acl.enable      on nfs.v4.enable        on nfs.v4.id.allow_numerics on |
5) Configuring NFSv4 ACLs on Linux:
Mount export on the terminal Linux server using these options
1 | nfs acl,defaults,intr,hard,bg,tcp,auto,rw 0 0 |
Set ACLs according to required needs
1 | >$nfs4_setfacl –e example |
Keep in mind, that A stands for Allow, D stands for Deny
6) Creating CIFS share on Netapp:
Use cifs setup to configure services. Next, create CIFS share on the /vol/qtree from step 4
1 | NetApp0> vfiler run VFILER01 cifs shares -add ACL_test /vol/xxx_ VFILER01 _nfs_vol00/ACL_test |
Keep EVERYONE/FULLCONTROL permission to avoid excessive restrictions at share level
1 2 3 | NetApp0> vfiler run VFILER01 cifs shares ACL_example /vol/xxx_ VFILER01 _nfs_vol00/ACL_example                         everyone / Full Control |
7) Final tweaking:
Set permissions with NFSv4 ACLs tool. Try Windows access using Linux credentials. Check Linux permissions by means of Secureshare utility.