Network and Storage Protocols

NFS: 16 group limit with auth_sys

rajdeepsengupta
11,748 Views

We had a requirement where we needed more than 16 groups but it seems NFS on Ontap have a limitation of 16, which is actually a NFS issue. Redhat had introduced an option "-g" in rpc.mountd daemon, where with this option the limit of 16 goes away. When we created a Netapp ticket to fix this, support engineer informed me that this is not supported as of now. The only workaround is to switch to kerberos V5 authentication, which is not a option for us as we cannot switch. So how can I make this a feature upgrade in future version of Ontap?

6 REPLIES 6

parisi
11,748 Views

This is supported in 7-mode, but not in clustered Data ONTAP yet.

The way to accomplish this in 7-mode is via the following options:

nfs.authsys.extended_groups_ns.enable

nfs.max_num_aux_groups

nfs.authsys.extended_groups_ns.enable

Turn on the support and set the max aux groups. If your client supports it, it should work fine.

Support for this is coming in a future release of clustered Data ONTAP.

rajdeepsengupta
11,748 Views

I could find the first command in 7 mode, but not the 2nd one. Pls let me know i I am missing soemething..

See below:

tanka*> options nfs.max_num_aux_groups

  1. nfs.max_num_aux_groups       32

tanka*> options nfs.authsys.extended_groups_ns.enable on

Setting invalid option nfs.authsys.extended_groups_ns.enable failed.

No such option nfs.authsys.extended_groups_ns.enable

parisi
11,749 Views

It’s there for me:

fas8020-rtp> options nfs.authsys.extended_groups_ns.enable

nfs.authsys.extended_groups_ns.enable off

What version of 7mode are you running?

rajdeepsengupta
11,749 Views

The version of our filer is 8.1P1 7-Mode

Thanks

Rajdeep

parisi
11,749 Views

Doesn’t look like it made it into 8.1.

Go to 8.1.4. It’s in there:

fas6070-rtp> version

NetApp Release 8.1.4 7-Mode: Wed Nov 20 16:16:17 PST 2013

fas6070-rtp> priv set diag

Warning: These diagnostic commands are for use by NetApp

personnel only.

fas6070-rtp*> options nfs.authsys.extended_groups_ns.enable

nfs.authsys.extended_groups_ns.enable off

rajdeepsengupta
11,749 Views

Ok, we will plan in our next downtime. Thanks anyway..

Rajdeep

Public