Ask The Experts

AD Authentication w/FC Only LIFS

Hello,

 

Quick question and yes, I'm "fishing" since I believe the answer will be a resounding "no", but I'm going to ask anyways.

 

So, I have a AFF700 that is running ALL FC, LIFS, 1 single SVM, 16 FC physical ports etc. I have the ability to upgrade (slots) the storage to 24 (12 per-node) network ports but that's a cost and probably won't happen.

 

I was going to create a "dummy" SVM that is attached to my domain that I wish to authenticte users against. Dummy, meaning, no volumes, LUNS etc, just simply an SVM running CIFS service and attached to my domain.

 

Then I would run the security-tunnel command.

 

My question - Is there absilutely no way to create that dummy SVM running CIFS if I only have FC cards anf LIFS on the storage? Right now I just receive an error that says "No suitable ports found". Maybe use a e0M, secondry SP Port, etc??

 

Any help is appreciated.

6 REPLIES 6

Re: AD Authentication w/FC Only LIFS

Hi,

 

There is no need to enable CIFS to get AD authentication working:

https://kb.netapp.com/app/answers/answer_view/a_id/1086185/~/how-to-configure-ad-authentication-for-cluster-when-cifs-is-not-licensed-

 

You could run this over a "SVM admin_lif"

 

Regards,

Re: AD Authentication w/FC Only LIFS

I like that idea and it makes sense. The ONLY problem is that all other SVM's on this particular storage array are on let's say a dommain called "AB" and the domain I need ot have people authenticate too is called "CD".

 

AB = Our internal LABS domain for R&D.

 

CD = Our top-level (corporate) domain and there is a one-way trust between the AD environments.

 

That's the reason was trying to explicitly create a new SVM on the "CD" domain. All user authentication, GPO's etc are all within the "CD" domain.

 

Re: AD Authentication w/FC Only LIFS

So...you don't have any other ports besides e0M for ethernet? I find that hard to believe. You should be able to share ports for LIFs on different vServers.

Re: AD Authentication w/FC Only LIFS

Not sure if you caught what I mentioned in my thread. There are no network cards, this storage is ALL FC only. So yes, you can believe it. LOL

Re: AD Authentication w/FC Only LIFS

Hi,

 

Sorry for the mis-read on my part. Conviently read over the fact that there are no GBE network card in the system.

If there are no GBE ports available its not possible.

 

Maybe FCoE is an option, but that out of my scope.

Re: AD Authentication w/FC Only LIFS

Yes I did see that. Maybe like what was said if you have the CNA cards you can flip one to FCoE if it's not in use?

Forums