2011-06-06 01:10 AM
Forgive if this has been taken up many times, i just dont get it to work...
I have an AD domain, 2008 R2, working fine...
Then i have a bunch of linux machines, currently not running any syncronized login mechanism, ie. NIS or LDAP or anything, but i can install NIS no problem.
I have a couple of shares on my netapp, which worked just fine until i joined AD with the netapp.. now i have to make my users domain admins to be able to write to the share and my unix users cant do anything except mounting the share...
Now i have put my qtree in mixed mode im not sure if this the right one, but there will be both sides writing to the files, so both sides need to be able to do everything on the share. SO i have created a NFS share and a CIFS share for each side.
Now i have a couple of questions... when i do wcc -s windowsuser i get that its a root account with group id 1... why?
Also what are the recommendations on how to do with? Lets say i would install NIS, what steps would i have to go through?
This is my guess:
1.) make netapp part of NIS
2.) link users? (how do i link uid and sid together?)
Do i need to change any settings on my netapp?
Thanks for the help, greatly appreciated.
2011-06-06 01:46 AM
Most of this is really fundamental setup stuff. Basically, you either need to pay someone to come in and set it up for you or you need to read the documentation on NOW: File Access and Protocol Management Guide. This covers basically everything you need to know.
A few hints:
1. Don't use mixed mode if you can avoid it. It is really very rarely necessary. You need to read the docs and understand how the qtree security and file rights + user authentication work together.
2. The easiest way to get your users to sync (if the linux users haven't gone off the radar with user names) is to use ldap on linux (which again is a can of worms) and point your linux servers towards your AD controllers as ldap clients. There is the alternative of using a separate ldap server but then you get to try to keep them in sync. Most linux admins will cringe at the thought of using AD for ldap, but the real world demands a few sacrifices. Adding automount info to Windows AD could be a challenge too, though. 2008 can also do NIS. I would avoid NIS as well because of it's age and brokeness.
Users are linked by usernames unless you want to manually map each windows user to a unix user... This is more work and prone to errors over time.
There are a number of approaches to solve your problems, but basically this is consultant work if you don't work it out yourself. You seem to be at the very beginning of your setup and learning.