I am having problems restricting kerberized NFS to use only AES encryption. We had kerberized NFS running until the other encryptions were blocked at the KDC. Context: FAS2720 Filer Ontap 9.8P18 KDC is Microsoft AD (I only have permissions im my OU)   I used Microsoft ktpass to create a keytab for my nfs SPN account and used that as -keytab-uri parameter for kerberos interface enable (using admin-username and admin-password failed).   Now I cannot mount volumes that are restricted to kerberos and when I try the event log tells me [ 0] FAILURE: Failed to accept the context: Unspecified GSS failure. Minor code may provide more information (minor: Key table entry not found).   Packet capture shows a NFS V3 NULL call using an apparently correct kerberos ticket, with a reply that has a GSS major/minor status  851968/2529639093, that is consistent with that error. (Client principal is the client host in that exchange). However I cannot understand why the key table entry cannot be found.   I have checked that  the nfs SPN matches in the keytab, the keyblock shown by the ontap CLI, the AD machine entry and the captured packets (also checked the letter case) the kvno also matches here the encryption type (18) and the key match in the keytab and the keyblock, and the key can decrypt the encrypted parts of the packets in wireshark   I also checked that aes-256 and aes-128 are permitted-enc-types in vserver nfs show, and that these encryption types are enabled in the AD for both the NFS Server account and the client host account that users can obtain service tickets for the nfs server using kvno   Any Ideas?   ... View more

Hi All,   I would like to import qtree and user quota rules and policies from an existing FAS cluster to volumes moved using SnapMirror to a different cluster. The current quota database number is 487. Is there a command or ONTAP Toolkit that can help me with this?   Thanks in advance   Zoltan  ... View more

I followed the .\backupSharesAcls.ps and .\restoreSharesAcls.ps1 script to backup the share and ACL permissions from source volume and restore it on destination volume. Does the restore snapmirror destination should also have same SVM name as in production ? I created same volume name and namespace in destination but SVM name is different . Getting error record doesnt match. .\restoreSharesAcls.ps1 -server <clus_mgmt> -user <uname> -password <> -vserver <destination-vname> -shareFile C:\share.xml -aclFile C:\acl.xml -spit less   Please advise on this. @scottharney    ... View more

Hello all,   Long story short.   The issue is that Logstash is duplicating logs after application restarts due to PVCs being mounted with different minor device versions, causing Logstash to mistakenly treat the same log files as different. Having said that, I’d like to know if it's normal for the 'minor device number' of an NFS 4.0 volume to change when it’s mounted multiple times.   This appears to be a known issue when working with Network File Systems, as outlined in the Elastic documentation I found online, this happens because NFS can present different minor device versions, which Logstash interprets as different file systems, leading to log duplication: https://www.elastic.co/docs/reference/logstash/plugins/plugins-inputs-file#_reading_from_remote_network_volumes   If any of you folks have a second opinion on this, I'd love to hear it.   Thank you very much,   Joel. ... View more