https://community.netapp.com/t5/ONTAP-Discussions/Group-Policy-Objects-and-Ontap-9-6-or-newer/m-p/153659#M34376 <P>After doing a little bit more talking, we'll probably go straight for Kerberos for NFS authentication.</P> Tue, 21 Jan 2020 09:01:21 GMT RandomStorage 2020-01-21T09:01:21Z https://community.netapp.com/t5/ONTAP-Discussions/Group-Policy-Objects-and-Ontap-9-6-or-newer/m-p/153588#M34355 <P>Hi!</P> <P>&nbsp;</P> <P>I'm trying to find out how how things will behave in the following scenario.</P> <P>&nbsp;</P> <P>3 SVM's and machine objects, all stored in the same OU in Active Directory</P> <P>1 SVM is pure SMB/CIFS, 1 SVM is pure NFS, and 1 SVM is mixed with both CIFS &amp; NFS access to the same data.</P> <P>&nbsp;</P> <P>1) GPO Policy is applied to the OU that contains all 3 machine objects mentioned above. What happens / how do each of those 3 SVM's behave ?</P> <P>&nbsp;</P> <P>- For the first one i assume everything works like it should (assuming, GPO's are enabled and the GPO contains supported GPO settings)</P> <P>- For the second one i assume the GPO is just ignored (GPO-support might not be possible to enable on a NFS SVM, and it might not be added to AD as a machine object anyways)</P> <P>- For the third, how does this handle ? Assuming GPO-support is turned on, will it only used the GPO's for access coming from CIFS/SMB Clients, or will GPO's also have any effect on access from the NFS side of things ?</P> <P>&nbsp;</P> Wed, 04 Jun 2025 11:22:25 GMT https://community.netapp.com/t5/ONTAP-Discussions/Group-Policy-Objects-and-Ontap-9-6-or-newer/m-p/153588#M34355 RandomStorage 2025-06-04T11:22:25Z https://community.netapp.com/t5/ONTAP-Discussions/Group-Policy-Objects-and-Ontap-9-6-or-newer/m-p/153615#M34363 <P>Need a bit more:</P> <P>1) Security style of volumes/qtrees of 2 and 3.</P> <P>2) How are you handling NFS authentication?</P> <P>&nbsp;</P> <P>I don't think NFS directly will be affected, unless you're mapping from Windows security style and using AD for that.</P> Fri, 17 Jan 2020 22:12:08 GMT https://community.netapp.com/t5/ONTAP-Discussions/Group-Policy-Objects-and-Ontap-9-6-or-newer/m-p/153615#M34363 paul_stejskal 2020-01-17T22:12:08Z https://community.netapp.com/t5/ONTAP-Discussions/Group-Policy-Objects-and-Ontap-9-6-or-newer/m-p/153646#M34369 <P>Since this is a solution that is not implemented yet, nothing is 100% set in stone, and things could change.</P> <P>&nbsp;</P> <P>1) Volumes and qtrees will probably have mostly either "Unix" or "Mixed" security style.</P> <P>2) With regards to NFS authentication, early on it will probably only be IP-filtering, but later on it will probably be Kerberos based.</P> <P>&nbsp;</P> <P>I'm mostly trying to figure out how it works, more than figuring out "how to make it work", if that makes sense.&nbsp; Someone could argue that what is the point of trying to log something like file-change, or file-access, if you only log it from CIFS, and not from NFS, if both NFS and CIFS are using/changing the files anyway.</P> Mon, 20 Jan 2020 15:13:14 GMT https://community.netapp.com/t5/ONTAP-Discussions/Group-Policy-Objects-and-Ontap-9-6-or-newer/m-p/153646#M34369 RandomStorage 2020-01-20T15:13:14Z https://community.netapp.com/t5/ONTAP-Discussions/Group-Policy-Objects-and-Ontap-9-6-or-newer/m-p/153659#M34376 <P>After doing a little bit more talking, we'll probably go straight for Kerberos for NFS authentication.</P> Tue, 21 Jan 2020 09:01:21 GMT https://community.netapp.com/t5/ONTAP-Discussions/Group-Policy-Objects-and-Ontap-9-6-or-newer/m-p/153659#M34376 RandomStorage 2020-01-21T09:01:21Z