Subscribe

Quota Implementation in AD ( Windows ) Enviroment

Hello,

I have struggled to implement quota on a volume, our enviroment has FAS3050C ( Ontap 7.2.4 8P) in AD domain, i would like to implement quota on home directories so that users can be blocked to save more then 2 GB.

Each user has it's own home directory on volume CIFSA_HOME\QHOME, the share name is CORPHOME.

Ideally, i would like to have various quota on group of users, i.e Group1=1 GB, Group2=2 GB etc.

I was able to turn the quota on, implement the rule & populate the quotas file, i printed out netapp reference to quotas in the ontap site and did everything in it, however without results

Quota are on for the volume and initialized.

#Auto-generated by setup Mon Jun 19 15:31:26 GMT 2006

axe\e203863 user@/vol/CIFSA_RESTORE 1048576K - 921600K 1048576K -

I tried couple of diffrent methods of implemnting quotas file, using username in diffent fashon etc, however, i was only able to generate a soft quota alert  on the filer, i was never stopped from creating or coping large amt of data.

Furthermore, i was told by netapp, AD user groups do not work, i was told to use usermap file, essentialy mapping unix user name to windows, however, i dont like that option and also we are not licenced for NFS.

either way, the quota rules did not enforce any thing, has any one sucessfully, able to implement quota in thier windows only enviroment, if so,can you provide a detial rule explanation.

I appriciate it.

Thanks



Re: Quota Implementation in AD ( Windows ) Enviroment

I also have a similar problem, I need to get AD user groups put under quotas...  If anyone has a recipe for this, please let us know.

P.S. How does one use usermap files, I have NFS so I'd like to try in out.

Re: Quota Implementation in AD ( Windows ) Enviroment

First of all welcome to the world of Quotas....

I think you should be doing the following thing to get it working

1) Use Hard Limit instead of soft limit, by using hard limit you are limiting their home directory disk size to xGB).

2) Whatever is you majority quota rule, say 2GB make it a default Quota on that particular Qtree.

3) Doing above step you will see there might be some exception user's or group's who might want to save more than that, in that case you can add them to the exceptions.

by manually adding their quota entry in the qtree.

This should work for you. let me know if you aren't able to, or you are looking something different.

Cheers !!!

Re: Quota Implementation in AD ( Windows ) Enviroment

Hi,

@fazilsaiyed

Quota Soft Limit will  only generate alerts and when surpassed will  generate alert that soft  limit has been exceeded. The limit which stops  from further usage is  only Quota Hard limit may it be space or file  specific.

As you said each user has its home directory over a   volume, I think your problem can be solved by tree quota only. Set the   Tree Quota Hard limit as 2 GB or 1 GB as per the owning user, hence the   home directories can never surpass whatever the size you set.

@igor

/etc/usermap.cfg file can be used to customize the mapping process.  The default file will give you some hint in commented lines but to get the  full details of how to configure, please consult the Ontap System  Administrator's Guide available in NOW(now.netapp.com).

Thanks

-Tirtha

Re: Quota Implementation in AD ( Windows ) Enviroment

Just to correct things from above post : In case of CIFS Auto Homedir's each user doesn't need a dedicated qtree. As mentioned in the question there would be around 1000 odd users in a single qtree,

and hence setting a hard limit at TREE level isn't the right way, that would make only 1 or 2GB as hard limit for all users. You need to go for User level quota Hard limit as default.

And later on add exceptions for other user/groups you wish for.

Re: Quota Implementation in AD ( Windows ) Enviroment

And later on add exceptions for other user/groups you wish for.

But that is exactly the question - how to add exception for a group? NetApp quota allows per-user settings only.

Re: Quota Implementation in AD ( Windows ) Enviroment

Just like individual user quotas, group quotas are supported and they should override any default quota setting...

The problem is, only UNIX groups are supported. Windows groups under Active Directory are not.

And since most companies use AD, I need a work-around for this. Is there a Windows service that can make AD groups behave like UNIX groups, perhaps?

Cheers,

Igor

Re: Quota Implementation in AD ( Windows ) Enviroment

Hi Igor,

Were you able to setup group based quotas?  I'm trying this now, very frustrating that NetApp hasn't caught the wave on this one yet. I'm trying to set this up using the usermap.cfg and mapping local group names to Windows AD group names.

Thanks,


Chris

Re: Quota Implementation in AD ( Windows ) Enviroment

Hi Chris!

Sorry, I haven't been able to do that so I did this instead... The system admin used powershell to get the existing quotas for all users, here's an example:

SID Name        = DOMAIN\dvuj186741 (User)
Change time     = Mon Sep 27 13:18:54 2010
Quota Used      = 9297920
Quota Threshold = 52428800
Quota Limit     = 104857600

So basicaly, I created a macro which transformed Quota Limit stated here in bytes, into a hard quota limit in kilobytes (102400K) and set soft quota limit at 80% of that (81920K).

DOMAIN\dvuj186741    user@/vol/korisnici    102400K    -    -    81920K    -

I placed those settings on volume /vol/korisnici and migrated user directories there. After that I opened up /etc/quotas, copy-pasted all the settings and initialized quota monitoring on that volume.

So far so good, but needles to say - there are lots of settings, it takes a long time to load them on FilerView, if you need to change a quota limit you need to do it on NetApp side and it's a bit bothersome to sift through them all. If there were groups however, we could simply move AD user from one group to another and have them log out & log in again. Simple.

So, if you figure out how to map local to AD groups I'd most interested to hear about it!

Good luck,

Igor

Re: Quota Implementation in AD ( Windows ) Enviroment

Thanks for the response Igor, I’ll definitely let you know!