Okay here's an interesting one! I'm looking to improve security on our NetApp clusters. We are running OnTAP 9.12.1P11. I've just read up on multi-admin authentication and snapshot locking. Because I'm *primarily* interested in protecting snapshots from malicious deletion, it seems that it would make sense to implement one of these two features but not both. Both would seem like overkill - requiring multiple admins to delete snapshots that were protected via locking anyway. Has anyone implemented one or both or either of these features? How did you find that it/they worked in practice? Any thoughts on which of the two might be a better choice in my scenario? Would love to hear any and all thoughts!
... View more
We already have our clusters connected to Active Directory and I have been using my AD account for SSH logins for years. Following the steps https://docs.netapp.com/us-en/ontap/authentication/configure-cisco-duo-mfa-task.html#bypass-duo-authentication-for-users in we ran: security login duo create -vserver Cardinal -integration-key <ikey here> -secret-key <skey here> -apihost <apihost here>
<create the "Duo Users - NetApps" group in Active Directory>
security login duo group create -vserver Cardinal -group-name "Duo Users - NetApp" However when I SSH to the cluster I am never prompted with a Duo challenge. "security logon duo show" says that the status is "OK". We then tried to make a new AD group just called duo_netapp but the same issue exists where we never receive the challenge.
... View more
Hi Team, How can I add the LIFs to network route lifs? I have ran the command Network route show and Network route show-lifs, Please check the screenshot attached for more details. Thanks, Atish Lohade
... View more
I think the nfs volume is exported with 700 as the permissions and root:root as owner. I cannot change it at the system level, and that needs to be done by IT on the volume/filer itself. Can you please ask them to change permissions to 755 so you can cd to it. this is issue - What should be change from filer end in the export-policy ? Superuser Security Types: sys -> this option should be changed to ?
... View more
Hi All, I am looking to upgrade our SVM's from NFS v3 to NFS 4.1 / 4.2. The SVM's host volumes for VMware Datastores (Vsphere 7), Linux Servers, Oracle, Linux NFS mapped storage and CIFS shares presented to Windows and Linux clients. Our Linux infrastructure is Red Hat 7 and we are in the process of rebuilding to Red Hat 9. We have seen some NFS file locking issues in Red Hat 9 and a suggestion has been made that upgrading to NFS 4.1 / 4.2 may solve this issue. Enabling NFS 4.1 / 4.2 looks as simple as a tick box in the SVM settings and ensuring that all Export Policies in the SVM allow for NFSv4 access protocols. Is there anything else I need to look out for? Is the transition to NFS 4.1 / 4.2 seamless from a client perspective? Looking at VMWare, it appears that there wont be an impact and that NFS 4 datastores will only be used when creating new datastores. Any pieces of advice would be welcome. It looks like a fairly simple change, but the impact if something goes wrong would be large. Thanks, Ben
... View more