Network and Storage Protocols
We are trying to setup authentication through Active Directory. We are using Likewise to add uid, gid and other unix attributes to objects in AD.
Our setup is FAS3240 with DataONTAP 8.0.1
Our Active Directory server is running Windows server 2003 R2.
Our use case is volumes which are shared both through cifs and nfs.
We have based most of our configuration on the following documents:
- netapp tr 3458
- "Authenticating network appliances file servers with likewise and ad", from likewise.
So far, we were able to:
- Join the filer to the domain.
- Configure ldap so that the following commands return information
- wcc -s domain\user
- getXXbyYY getpwbyname_r user
- Access a share through cifs and browse and create files.
The issue is that
getXXbyYY getgrlist user
only returns one group, even though the user does have secondary groups.
When we run
wcc -s domain\user
we see one group listed under unix uid and multiple groups listed under nt membership.
So how do we retrieve all group membership from Active Directory?
As a reference, here is our ldap configuration
See The Solution
We have had a lot of back and forth with NetApp support on this. In the end, we found the following:
- This is caused by bug 314631 (see https://now.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=314631)
- The resolution is to set the following hidden option:
Once we set this option, things work much better.
View solution in original post
sorry for picking up this old thread but I stumbled across a similar issue today when trying to configure nfsv4. I can't see the secondary group memberships.
We have 2008 R2 with RFC schema enabled.
Our OnTAP version is 8.0.1 P4. Accoding to the bug report it should be fixed in this release.
Join our Discord Community