NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

Network and Storage Protocols

Enabling Storage-Level Access Guard security

sushrut_mair
3,353 Views

Background:

  • We are trying to enable auditing / logging events for file access since some events look like they may give us good information. We have already enabled CIFS auditing and are seeing events related to this, but they are too fine grained to help as-is. What we are trying to do is enable auditing using SACLs (system access control lists) if possible which will give us file access audits.
  • Since we need events for all files on a given vol1, the only way to do that (as far as we know from docs) is to apply Storage-Level Access Guard security.
  • The way to enable Storage-Level Access Guard security is given here. We have been able to do everything asked here (except the problem area – see below).

Problem:

  • The hard requirement for Storage-Level Access Guard security is this -  “Note: At this time, only NTFS access permissions are supported for Storage-Level Access Guard. For a UNIX user to perform a security check on qtrees or volumes where Storage-Level Access Guard has been applied, the UNIX user must be mapped to a Windows user.”
  • How do we do this in the filer configuration?  That is, map the Unix user to a Windows user?

Rgds,

Sushrut.

1 REPLY 1

shaunjurr
3,353 Views

Hi,

I think you'll find the necessary information in the subsection on "Managing UNIX credentials for CIFS clients":

http://now.netapp.com/NOW/knowledge/docs/ontap/rel7351/html/ontap/filesag/frameset.html

See also, of course, the usermap.cfg file.

Public