Effective December 3, NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources.
For accounts that did not pre-register (prior to Dec 3), access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity.
To learn more, read the FAQ and watch the video.
Need assistance? Complete this form and select “Registration Issue” as the Feedback Category.

ONTAP Discussions

Difference between 7-mode and Ontap 9 in security-style=mixed

MASAYASUOKAZAKI

I am comparing the environment between the old 7-mode ontap and the new Ontap 9 to be migrated.

In this environment, CIFS is used on the volume created with security-style=mixed.

I mounted the volume from Windows and opened the top directory property of the volume from Explorer. (qtree is not used.)

Looking at the Property Security tab, in the Ontap 9 environment, it seems that a user called "root(UNIXPermUid\root)" and ""root(UNIXPermGid\root)"" is registered.

However, in 7-mode, such users are not displayed.

Even in the environment of Ontap 9, if security-style=ntfs, it seems that such users will not be displayed.

 

In 7-mode and Ontap 9, Do the volumes created in security-style=mixed behave differently?

Or, is there merely a difference on the display, does not it affect the operation?

1 REPLY 1

GidonMarcus

Hi

 

in mixed mode (in both 7-mode and cdot) each object (folder or a file) will have both a unix and a windows ACL. with only one of them is effective(the one last created or ACL modified on). it's sounds like in your cdot environment the permission is not yet set via windows client and that's why you see the ACL mapping of the unix one - to a windows one.

 

you can see the effective ACL with "security show /vol/name" on the 7-mode and "vserver security file-directory show -vserver SVM -path /vol_name" on Cdot

 

You can go ahead and change it now, and it will take place.

 

i will also add that mixed mode can be very confusing, and there's very few good use cases to use it.

for access the same dataset from both linux and windows - it should not be used, a user mapping, or mounting via a single protocol (nfs or smb via any OS) is the right way.

 

Gidi

Gidi Marcus (Linkedin) - Storage and Microsoft technologies consultant - Hydro IT LTD - UK
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public