I'm trying to find out how how things will behave in the following scenario.
3 SVM's and machine objects, all stored in the same OU in Active Directory
1 SVM is pure SMB/CIFS, 1 SVM is pure NFS, and 1 SVM is mixed with both CIFS & NFS access to the same data.
1) GPO Policy is applied to the OU that contains all 3 machine objects mentioned above. What happens / how do each of those 3 SVM's behave ?
- For the first one i assume everything works like it should (assuming, GPO's are enabled and the GPO contains supported GPO settings)
- For the second one i assume the GPO is just ignored (GPO-support might not be possible to enable on a NFS SVM, and it might not be added to AD as a machine object anyways)
- For the third, how does this handle ? Assuming GPO-support is turned on, will it only used the GPO's for access coming from CIFS/SMB Clients, or will GPO's also have any effect on access from the NFS side of things ?
Since this is a solution that is not implemented yet, nothing is 100% set in stone, and things could change.
1) Volumes and qtrees will probably have mostly either "Unix" or "Mixed" security style.
2) With regards to NFS authentication, early on it will probably only be IP-filtering, but later on it will probably be Kerberos based.
I'm mostly trying to figure out how it works, more than figuring out "how to make it work", if that makes sense. Someone could argue that what is the point of trying to log something like file-change, or file-access, if you only log it from CIFS, and not from NFS, if both NFS and CIFS are using/changing the files anyway.