Talk with fellow users about the multiple protocols supported by NetApp unified storage including SAN, NAS, CIFS/SMB, NFS, iSCSI, S3 Object, Fibre-Channel, NVMe, and FPolicy.
Talk with fellow users about the multiple protocols supported by NetApp unified storage including SAN, NAS, CIFS/SMB, NFS, iSCSI, S3 Object, Fibre-Channel, NVMe, and FPolicy.
I am having problems restricting kerberized NFS to use only AES encryption. We had kerberized NFS running until the other encryptions were blocked at the KDC. Context: FAS2720 Filer Ontap 9.8P18 KDC is Microsoft AD (I only have permissions im my OU) I used Microsoft ktpass to create a keytab for my nfs SPN account and used that as -keytab-uri parameter for kerberos interface enable (using admin-username and admin-password failed). Now I cannot mount volumes that are restricted to kerberos and when I try the event log tells me [ 0] FAILURE: Failed to accept the context: Unspecified GSS failure. Minor code may provide more information (minor: Key table entry not found). Packet capture shows a NFS V3 NULL call using an apparently correct kerberos ticket, with a reply that has a GSS major/minor status 851968/2529639093, that is consistent with that error. (Client principal is the client host in that exchange). However I cannot understand why the key table entry cannot be found. I have checked that the nfs SPN matches in the keytab, the keyblock shown by the ontap CLI, the AD machine entry and the captured packets (also checked the letter case) the kvno also matches here the encryption type (18) and the key match in the keytab and the keyblock, and the key can decrypt the encrypted parts of the packets in wireshark I also checked that aes-256 and aes-128 are permitted-enc-types in vserver nfs show, and that these encryption types are enabled in the AD for both the NFS Server account and the client host account that users can obtain service tickets for the nfs server using kvno Any Ideas?
... View more
Hi All, I would like to import qtree and user quota rules and policies from an existing FAS cluster to volumes moved using SnapMirror to a different cluster. The current quota database number is 487. Is there a command or ONTAP Toolkit that can help me with this? Thanks in advance Zoltan
... View more
I followed the .\backupSharesAcls.ps and .\restoreSharesAcls.ps1 script to backup the share and ACL permissions from source volume and restore it on destination volume. Does the restore snapmirror destination should also have same SVM name as in production ? I created same volume name and namespace in destination but SVM name is different . Getting error record doesnt match. .\restoreSharesAcls.ps1 -server <clus_mgmt> -user <uname> -password <> -vserver <destination-vname> -shareFile C:\share.xml -aclFile C:\acl.xml -spit less Please advise on this. @scottharney
... View more
Hello all, Long story short. The issue is that Logstash is duplicating logs after application restarts due to PVCs being mounted with different minor device versions, causing Logstash to mistakenly treat the same log files as different. Having said that, I’d like to know if it's normal for the 'minor device number' of an NFS 4.0 volume to change when it’s mounted multiple times. This appears to be a known issue when working with Network File Systems, as outlined in the Elastic documentation I found online, this happens because NFS can present different minor device versions, which Logstash interprets as different file systems, leading to log duplication: https://www.elastic.co/docs/reference/logstash/plugins/plugins-inputs-file#_reading_from_remote_network_volumes If any of you folks have a second opinion on this, I'd love to hear it. Thank you very much, Joel.
... View more
Hello, I have some old Qlogic FS switches and would like to be able to have a go at managing them not only in cli. Where could I find the SanSurfer app? Many thanx in advance, D
... View more