-
Title
How to configure name services to provide users and groups on a NetApp Filer? -
Description
To serve NFS from a NetApp Filer, the NetApp needs to be configured with a name service to provide for user and group to UID and GID mapping.
-
Resolution
Please note - Configuration and setup and integration of netapp filer is outside the scope of Technical Support. For application configuration or implementation advice we recommend our Professional Services Organization. For information on how to contact them please visit https://support.oneidentity.com/professional-services-product-select
RESOLUTION 1:
To get the vasypd daemon install the vasyp package. It is under the client/architecture directory. You can also install it with the ./install.sh vasyp
To configure a QAS Unix client running VASYPD to service a NetApp Filer perform the following steps:
1. Edit the /etc/opt/quest/vas/vas.conf file and under the [vasypd] section to include the IP Address of the NetApp Filer in the client-addrs setting. If there are multiple address seperate with space like in the example.For Example:
[vasypd]
# Respond to 192.168.131.129, the NAS server, the 10 net appliances,
# and the 192.168.1.0/24 subnet
client-addrs = 192.168.131.129 nas.example.com 192.168.2.11-20 192.168.144.1.0/242. Restart the VASYPD to enable the changes to the configuration.
3. On the NetApp Filer command line interface, set the NIS domain to the AD domain name, enable NIS, and set the IP Address of the VASYPD system in the NIS configuration.
Example:
Filer> options nis.domainname
Filer> options nis.enable on
Filer> options nis.servers
Now the names and IDs from AD should be mapped properly for NFS on the NetApp Filer.RESOLUTION 2:
1 - Run the following commands from the NetApp command line interface replacing with the actual Active Directory domain name.
options ldap.ADdomain options ldap.nssmap.objectClass.posixAccount User options ldap.nssmap.objectClass.posixGroup Group options ldap.nssmap.attribute.uid sAMAccountName options ldap.nssmap.attribute.homeDirectory unixHomeDirectoryOnce these settings have been configured, both Windows and Unix user information that is being managed in AD will be available to the NetApp storage system.
The following commands can be run at the NetApp command line to test the configuration. Replace and with a Unix-enabled AD user’s login name and Unix-enabled AD group name respectively.
priv set advanced getXXbyYY getpwbyname_r getXXbyYY getgrname -
Additional Information
By default VASYPD will only serve NIS information over the loopback interface because NIS is a clear text and an inherently insecure protocol. In addition to this the VASYPD NIS server will never provide password crypt or hash data in any configuration allowing a somewhat more secure approach to regular NIS even when configured to serve NIS information over the network.