Network and Storage Protocols

CIFS Multi Domain

henk_vonk
6,165 Views

Hi,

I have a FAS3140 and this filer must act as a fileserver for two trusted Domains. Of course this filer has a CIFS license but no MultiStore license!!

The only information I could find on the NetApp site is something about the option cifs.search_domain. This option can be used to allow users from trusted domains to access the filer.

Could anyone provide me some extra information (or tell me where to look) about my current FAS3140 configuration (CIFS without MultiStore license) ?

Thanks. Henk

6 REPLIES 6

i3_nheusel
6,165 Views

If there is a two-way transitive trust between the two domains I don't see what the big deal is (certainly, Multistore is overkill for this application).

The filer will act like any other Windows server with regard to domain SID resolution.  Pick a domain to host the filer, and use AD global groups & local groups to map users to resources across the trust as needed.

The cifs.search_domain option is only useful for prioritizing the domain search order.  If you leave it blank it will search all trusted domains for mapping usernames.  With only two domains this is not necessary.

marinkatic
6,165 Views

If there is no domain trust, shouldn't it be possible to create locar users with identical names as domain users and then map those users to domain user names thus enabling access from another domain?

peter_lehmann
6,165 Views

How do you handle the password change of the user? It can work this way, but is "unmanagable"... IMO

Peter

aborzenkov
6,165 Views

You can’t map one CIFS user to another CIFS user. What you can is to let domain users connect resources as local users, but as already mentioned it quickly becomes rather unmanageable …

marinkatic
6,165 Views

It is unmanageable for enterprise scenarios, but in Small Business with few than 100 users it could be cheaper then buying additional licenses.

i3_nheusel
6,165 Views

Buying additional licenses for what?

Public