2011-09-20 11:35 AM
We are starting a domain migration, and I need to know what the best way to share resources between 2 domains is. The only thing on the netapp that will be shared right now is the CIFS shares. I will need to allow access to people in 2 domains at once... Thoughts anyone?
2011-09-20 11:06 PM
ONTAP doesn't supports multidomain unless you use vfilers which I don't think will solve your pupose, based on the details given by you. That said, it doesn't mean you can't do it since creating trust between domain should solve the problem.
Create the trust between your old and new domains and that should be enough to keep your shares accessible to users in both domain, just don't forget to add the permission on netapp shares for users from new domain.
2011-09-21 06:14 AM
If this is a domain migration, you should talk to your Windows admins about setting up(or if they have) a two way trust between the domains so that you can use credentials from both domains to access the same data.
So AD1 trusts user/machines from AD2 and AD2 trusts users/machines from AD1. You then put AD1/User1 on the share, as well as AD2/User1 on the share, and they can now access it using their credentials from either domain.
A one way trust will not work, we have just run into this issue. A one way trust runs into problems when users from the trusted domain try to access resources on the filer in the untrusted domain. The filer in the untrusted domain cannot look their groups up.
2011-09-22 08:58 AM
I assume you mean the actual share permissions...You can update the cifsconfig_share.cfg file in /etc.
But you need to be very careful as in the file it uses SID not username. Then you will need to terminate/restart CIFS, so you will have an outage. Otherwise you could create the update commands in Excel/Libre Office Calc and paste them into the CLI.