Have you read the NetApp Storage System Multiprotocol User Guide? http://media.netapp.com/documents/tr-3490.pdf
On Mon, Jun 27, 2011 at 1:36 PM, Ski Kacoroski <[email protected]> wrote: > John, > > Thanks for your reply. > > > On 06/27/2011 01:19 PM, John Stoffel wrote: > >> "Ski" == Ski Kacoroski<[email protected]> writes: >>>>>>> >>>>>> I think what you're trying to do isn't going to work well, if only >> >> because NFS and NTFS have such different permissions models. The >> closest you might get is to use NFSv4, but I'm sure there are still >> problems there. >> > > Agreed > > > >> In my experience, mixed mode qtrees leads to all kinds of hell, >> because a user applies NTFS ACLs, then a unix user tries to access the >> file and can't, even though the Unix permissions look fine, because >> they NTFS ACLs deny the access. >> >> And it's hell to debug. In this case, it might be smarted to use your >> Unix web server to access the Netapp purely through CIFS, and to give >> the web server process access. >> > > I agree with you on Mixed mode. I played with it over 10 years ago and it > was a mess back then. > > > >> >> Ski> PS: If you have answers to these specific questions that would be >> helpful: >> >> Ski> 1. Can I use widelinks between head nodes and have cifs follow >> Ski> the wide link ok (e.g. put /Student on node1 and put /Staff and >> Ski> /Class on node1 for leveling the load). >> >> You mean /Staff and /Class on node2, right? Are you clustering your >> Netapps? If so, I *think* widelinks should work, but honestly I odn't >> know and I don't have a system to test on. Sorry. >> > > Perhaps I will try opening a call with the NetApp tech support :). > > > >> Ski> 2. What settings do I need so a process can write via NFS and >> Ski> folks can read the files from CIFS. >> >> Do you want to allow the users to re-set permissions from the CIFS >> side? And do your usernames/password match between NFS/CIFS land? >> > > I already keep the passwords in sync between unix and AD. The users do not > make any permission changes. I have a unix database that writes out reports > to our current NAS via NFS. Users can then see the reports via CIFS. Users > can also put spreadsheets into an upload directory via CIFs and the unix > database will read them in. > > > >> Again, I'd probably just NOT share the volume via NFS that's running >> CIFS and instead use smbfs on linux (or some other Unixy OS) to mount >> the CIFS filesystem. >> > > I could do this I suppose. Just lots more work on the cut over. > > > >> Another reason I suggest all this is that you're in a school >> environment, and students tend to have lots of time to spend looking >> for holes in your security. So making your setup as *simple* as >> possible is key. Because through simplicity comes better management >> and it's easier to verify you got things locked down properly. >> > > I agree with KISS. I was just trying to get as close to what we have now > because other than the NAS system not being supported any more, it works > pretty well. > > cheers, > > ski > > > -- > "When we try to pick out anything by itself, we find it > connected to the entire universe" John Muir > > Chris "Ski" Kacoroski, [email protected], 206-501-9803 > or ski98033 on most IM services > ______________________________**_________________ > Tech mailing list > [email protected] > https://lists.lopsa.org/cgi-**bin/mailman/listinfo/tech<https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech> > This list provided by the League of Professional System Administrators > http://lopsa.org/ >
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
