Subscribe

Netapp FAS270 and Access Based Enumeration for folder shares

I would like to create home directories for users in an AD environment. Since theier home directories are capable of being seen by all users I was wondering if it supports Access based Enumeration. Also, do I need to use Windows in order to configure home directories for users? I am not clear on how home directories work on the Netapp filer interface? Any suggestions and documentation would be most helpful.

TIA

Re: Netapp FAS270 and Access Based Enumeration for folder shares

I would recommend yo uto use the "homedir" functionality of the NetApp System. It is very well explained in the File Access and Protocols Management Guide.

A short copy/paste:

You can specify multiple home directory paths. Data ONTAP stops searching when it finds the matching directory.

You can add an extension to the home directory path if you do not want users to access the top level of their home directories. The extension specifies a subdirectory that is automatically opened when users access their home directories.

You can specify home directory paths by editing the /etc/cifs_homedir.cfg file. You can specify up to 1,000 path names in the /etc/cifs_homedir.cfg file.

Data ONTAP creates a default cifs_homedir.cfg file in the /etc directory when CIFS starts, if the file does not already exist. Changes to this file are processed automatically whenever CIFS starts. You can also process changes to this file by using the cifs homedir load command.

Steps

  1. Create directories to use as home directory paths. For example, in the /vol/vol0 volume, create a directory named enghome.
  2. Open the /etc/cifs_homedir.cfg file for editing.
  3. Enter the home directory path names created in Step 1 in the /etc/cifs_homedir.cfg file, one entry per line, to designate them as the paths where Data ONTAP searches for user home directories. Note: You can enter up to 1,000 path names.
  4. Enter the following command to process the entries: cifs homedir load [-f] The -f option forces the use of new paths.

Re: Netapp FAS270 and Access Based Enumeration for folder shares

To briefly follow-up to Peter's great response, everything about home directories is also covered on the NOW site:

http://now.netapp.com/NOW/knowledge/docs/ontap/rel73/html/ontap/filesag/accessing/task/t_oc_accs_managing_home_directories.html

If you want to share out the volume/qtree above the home directories (say you have /vol/users/mktg and /vol/users/finance in your /etc/cifs_homedir.cfg file), you can add another share called "users" but specify ABE:

cifs shares -add users /vol/users -accessbasedenum

Then ABE will be enabled and anyone who looks in the users share will only see what they have access to. Creating an upper-level share can be useful for environments with users who share folders/files between business groups.

Re: Netapp FAS270 and Access Based Enumeration for folder shares

hi rmatt,

I tried your suggestion, but I have one problem.

The users can see other users folders, but not accessible based on permission.

Why other users folders are visible to other users who do not have permission to it eventhough I have setup ABE as above.

Please advice.

NetApp filer : ONTAP 8.0.2P2