You may well need to create the share at the qtree level and access it that way. Did you try that?

Richard

I hadn't tried that yet.  I'll look into that, although will not really do what I want to achieve.

In my above case what I did find worked was changing the  main volume qtree type to multi.  I then saw the security tab and unix  qtrees had everyone with a special permission (unix permission) while  ntfs qtrees had everyone with full permissions, which was grand.

I was confused as to why all my subfolders continued  to have everyone "full" permissions, but I just realized that it was  being inherited from the NTFS qtree.

I want to keep the top level shares pretty generic, and minimal (apps/users/groups/secure/public).. and below each get granular with security/permissions.

groups/secure would be the only ones I can see needing NTFS permissions.. for the rest unix is fine.  I'm wondering if it would be better to just create separate volumes for each one and have them either ntfs or unix.

The issue I think is most of the people accessing groups will do so from unix accounts, and I'm not sure if NTFS will really work out well in terms of the broad security requirements they may need... or how that really even translates.

For example...

unix uid = joe

unix gid = eng

If there is no AD group similar to eng (and from what I've read) netapp can't do unix group to windows group mapping... I'm not sure how he would be able to get access to shares using his gid, which in that case the groups share could not be NTFS permission... it would have to be unix or mixed.

My concern with mixed is from the sounds of it, if ntfs permissions get applied to a folder containing unix permissions, the unix permissions essentially get tossed away?  That could leave a huge hole open for mistakes.

Personally I really really dislike using mixed security on a qtree precisely for these reasons. If you can use a CIFS/SMB client on your Unix side you will probably find it easier all round.

Richard

Fair enough re: use of mixed mode..  it does seem to be a little troublesome. 

I think I'm slowly coming to a visualization of what everything will look like.

Off topic a little... do you know if there is a way with netapp to implement quotas and have an end user notified automatically when the quota has been exceeded?  I'm not sure how netapp would go about doing that.  They'd need to query active directory, pull the email address and fire off an email.

I haven't done research into it yet, just popped into my mind as something that would be nice to do. 

Netapp Operations Manager has this functionality although it may or may not fit your environment. Among other things, it assumes that all your users are in a single email domain. It works for us but may not for you. Plus you have to pay for Operations Manager of course. Your alternative is possibly to trap SNMP notices about quota usage and I thought at one point there was a sample script on the NOW site for doing some kind of quota notification.

Richard

You may want to investigate the usermap.cfg file:

http://now.netapp.com/NOW/knowledge/docs/ontap/rel80/html/ontap/filesag/GUID-964E23D4-86C2-49AA-A859-D97D990D306A.html

or consider Samba for sharing between UNIX and Windows.

In regards to your question about quota exceeded notifications there's a NetApp product called DFM/Operations Manager which can provide such functionality although it can be tricky and time-consuming to configure.  I'd suggest reading through the following thread:

http://communities.netapp.com/message/29543#29543

My organization is currently investigating a reporting tool that integrates with NetApp made by NTP Software which can be utilized for for a variety of different purposes including user notifications:

http://www.ntpsoftware.com/products/Storage_Management.aspx

Hope these help a bit.

Regards,

Ryan

Ill check out the products you listed.  We have DFM, so I'll look through that to see about configuring email alerts for users. 

I'm not sure if usermap.cfg needs any work done.  All of our user accounts have the same name between auth (ad/ldap), so the default mappings are working ok.

Thanks for the info! 

"it assumes that all your users are in a single email domain"  I see that now...  got my first alert and noticed it was sent to my short username with no domain...

So my next question is... if any of you guys know..

The alert that is emailed to me (as end user) is kind of.... ugly.  Do you know where this template could be modified?

Cheers,

-Derek

You (as user "dmurphy") have used up 93.37% (1.87 GB out of 2.00 GB) of
available disk space quota on 2050b:/users_derek_2050b/home.

Please delete files that you no longer need.

Event (For IT Use only): https://dfmserver:8443/dfm/report/view/event-details/556225

-- IT Administrator

rmharwood above wrote a PERL script which gets called when the "qtree full" or "qtree almost full" events are triggered and generates a user-friendly message.  You can find his example script and a more detailed explanation of how it's utilized in the following thread:

http://communities.netapp.com/message/10458#10458

They also reference another 3rd party tool called "Northern Storage Suite" which I believe is similar to the NTP Software I mentioned below.

Cheers,

Ryan

Yes, the DFM/Ops Manager admin guide contains details about how to customize the email that is sent.

Richard