I have struggled to implement quota on a volume, our enviroment has FAS3050C ( Ontap 7.2.4 8P) in AD domain, i would like to implement quota on home directories so that users can be blocked to save more then 2 GB.
Each user has it's own home directory on volume CIFSA_HOME\QHOME, the share name is CORPHOME.
Ideally, i would like to have various quota on group of users, i.e Group1=1 GB, Group2=2 GB etc.
I was able to turn the quota on, implement the rule & populate the quotas file, i printed out netapp reference to quotas in the ontap site and did everything in it, however without results
Quota are on for the volume and initialized.
#Auto-generated by setup Mon Jun 19 15:31:26 GMT 2006
I tried couple of diffrent methods of implemnting quotas file, using username in diffent fashon etc, however, i was only able to generate a soft quota alert on the filer, i was never stopped from creating or coping large amt of data.
Furthermore, i was told by netapp, AD user groups do not work, i was told to use usermap file, essentialy mapping unix user name to windows, however, i dont like that option and also we are not licenced for NFS.
either way, the quota rules did not enforce any thing, has any one sucessfully, able to implement quota in thier windows only enviroment, if so,can you provide a detial rule explanation.
I would really like to see a more satisfactory answer from NetApp regarding the orginal quesiton on AD Groups. As has been mentioned a number of times in this thread, a great many organisations use AD as their central security infrastructure and manage authorisation and authentication through it. There should therefore be a way that we can assign a quota limit to an AD group to simplify user storage management. That way our helkp desk can move users between AD security groups when they have the authorisation for increased storage.
I've seen this as a deficiency in quotas with NetApp that may NEVER be answered better than the answer posted above. Along with you, I wish we could get an answer from the horses mouth, but with the way I see things moving that may never come. I liken it to how MS just doesn't do a good job of supporting NFS (yes, even though Win7 has an NFS client) or AV (even though I'm aware of Forefront (or whatever it's called now)). I may stand corrected, but to me it's where the development dollars go amongst other b2b relationships. So, from what I gather, some aspects of the management are just handled better by third parties and it isn't worth it to NetApp to reinvent wheel(s). But I don't work for NetApp, so...
Quota Soft Limit will only generate alerts and when surpassed will generate alert that soft limit has been exceeded. The limit which stops from further usage is only Quota Hard limit may it be space or file specific.
As you said each user has its home directory over a volume, I think your problem can be solved by tree quota only. Set the Tree Quota Hard limit as 2 GB or 1 GB as per the owning user, hence the home directories can never surpass whatever the size you set.
/etc/usermap.cfg file can be used to customize the mapping process. The default file will give you some hint in commented lines but to get the full details of how to configure, please consult the Ontap System Administrator's Guide available in NOW(now.netapp.com).
Group quotas won't work in a Windows environment -- they are UNIX/NFS only.
Why? Because on unix, each file belongs to exactly one group (as identified by its gid) and so it can be counted towards exactly one quota rule (the one for that specific group).
On Windows, each file has an owner (which counts towards user quota) but a file does not have an "owning group". There is no such concept in windows. You can have multiple groups with access to the file, but no "primary group".
If you have a file that's 100mb and where groups AD\Group1 and AD\Group2 have the same ACL rights, towards whose quota will this file count? Group1 or Group2? Or both? How about nested groups? How should the filer find out when you nest one group inside another, i.e put ad\group3 inside ad\group2? should the file now also count towards group3's quota? How often should the filer scan all AD groups for such changes? and so on.
If you really need something like that you need to use additional software (there's something called QFS from NTP Software that does things like that)
Were you able to setup group based quotas? I'm trying this now, very frustrating that NetApp hasn't caught the wave on this one yet. I'm trying to set this up using the usermap.cfg and mapping local group names to Windows AD group names.
I placed those settings on volume /vol/korisnici and migrated user directories there. After that I opened up /etc/quotas, copy-pasted all the settings and initialized quota monitoring on that volume.
So far so good, but needles to say - there are lots of settings, it takes a long time to load them on FilerView, if you need to change a quota limit you need to do it on NetApp side and it's a bit bothersome to sift through them all. If there were groups however, we could simply move AD user from one group to another and have them log out & log in again. Simple.
So, if you figure out how to map local to AD groups I'd most interested to hear about it!