NFS: 16 group limit with auth_sys

We had a requirement where we needed more than 16 groups but it seems NFS on Ontap have a limitation of 16, which is actually a NFS issue. Redhat had introduced an option "-g" in rpc.mountd daemon, where with this option the limit of 16 goes away. When we created a Netapp ticket to fix this, support engineer informed me that this is not supported as of now. The only workaround is to switch to kerberos V5 authentication, which is not a option for us as we cannot switch. So how can I make this a feature upgrade in future version of Ontap?

Re: NFS: 16 group limit with auth_sys

This is supported in 7-mode, but not in clustered Data ONTAP yet.

The way to accomplish this in 7-mode is via the following options:




Turn on the support and set the max aux groups. If your client supports it, it should work fine.

Support for this is coming in a future release of clustered Data ONTAP.

Re: NFS: 16 group limit with auth_sys

I could find the first command in 7 mode, but not the 2nd one. Pls let me know i I am missing soemething..

See below:

tanka*> options nfs.max_num_aux_groups

  1. nfs.max_num_aux_groups       32

tanka*> options nfs.authsys.extended_groups_ns.enable on

Setting invalid option nfs.authsys.extended_groups_ns.enable failed.

No such option nfs.authsys.extended_groups_ns.enable

Re: NFS: 16 group limit with auth_sys

It’s there for me:

fas8020-rtp> options nfs.authsys.extended_groups_ns.enable

nfs.authsys.extended_groups_ns.enable off

What version of 7mode are you running?

Re: NFS: 16 group limit with auth_sys

The version of our filer is 8.1P1 7-Mode



Re: NFS: 16 group limit with auth_sys

Doesn’t look like it made it into 8.1.

Go to 8.1.4. It’s in there:

fas6070-rtp> version

NetApp Release 8.1.4 7-Mode: Wed Nov 20 16:16:17 PST 2013

fas6070-rtp> priv set diag

Warning: These diagnostic commands are for use by NetApp

personnel only.

fas6070-rtp*> options nfs.authsys.extended_groups_ns.enable

nfs.authsys.extended_groups_ns.enable off

Re: NFS: 16 group limit with auth_sys

Ok, we will plan in our next downtime. Thanks anyway..