We use OnTap 9.x and all users have personal shares. We have a use case to make some of these personal share's read-only. Aside from actually setting the read-only attribute on the folders/files therine is there any method to mark a personal share as read-only at the Ontap side? ... View more

We already have our clusters connected to Active Directory and I have been using my AD account for SSH logins for years.  Following the steps  https://docs.netapp.com/us-en/ontap/authentication/configure-cisco-duo-mfa-task.html#bypass-duo-authentication-for-users  in we ran:   security login duo create -vserver Cardinal -integration-key <ikey here> -secret-key <skey here> -apihost <apihost here> <create the "Duo Users - NetApps" group in Active Directory> security login duo group create -vserver Cardinal -group-name "Duo Users - NetApp"   However when I SSH to the cluster I am never prompted with a Duo challenge.  "security logon duo show" says that the status is "OK".  We then tried to make a new AD group just called duo_netapp but the same issue exists where we never receive the challenge. ... View more

Hi All, I've enabled AES encryption on one of our CIFS SVM's.  I ran the vserver cifs security modify -vserver vservername -is-aes-encryption-enabled true   This process updates the CIFS server machine account password in Active Directory. The password was updated successfully in Active Directory and I can now see client connections to the CIFS SVM using Kerberos successfully.   I have however seen errors in the NetApp event log showing a kerberos pre-authentication failure for the SVM:   secd.kerberos.preauth: A Kerberos pre-authentication failure occurred for SVM "vserver" due to invalid credentials for VSERVERNAME$@DOMAIN.LOCAL. These errors only occur maybe 3 or 4 times in a 24 hour period. The errors only appear on one node out of a 4 node cluster. Additionally, there are no volumes owned by the node reporting the error - apart from one Load Sharing replica volume for the SVM root. User CIFS connections are not impacted, so the only indication of the issue are the event log errors. The error message states the following as the reason why there is an authentication issue@   This message occurs when invalid credentials are provided for an Active Directory user or the machine account password is out of sync with the credentials set in the Active Directory.   The resolution is to run the password reset command to update the password again.   I have run vserver cifs password-reset -vserver vservername which did update the Active Directory password again, but I still have the same error message.   NetApp support suggested to run an alternative cifs domain password reset -vserver vservername command. This hasn't fixed the issue either.   Any suggestions as to what to do next? The cluster is running at 9.12.1P2.   Thanks Ben       ... View more

In ONTAP ARP, the max snapshot copies is 8.   What happens if arw.surge.snap.interval.days is set to 100 days. And there are multiple attacks, lets say, 100 attacks to same volume, how many ARP snapshots will be retained?     If it is 8, then arw.surge.snap.interval.days is meanless.   https://docs.netapp.com/us-en/ontap/anti-ransomware/modify-automatic-snapshot-options-task.html ... View more

Hello all,   We are deploying some new hosts in a cluster. One of the hosts fails with following message "Host is out of compliance with the image" all other hosts work fine. When I remove the component "NetApp NAS VAAI Module for ESX Server" the compliance check succeed.    Any clue what else we can do?   Thank you! ... View more