Recently, I was working on a project where I was creating a POC of an Ubuntu container that could authenticate to LDAP and mount NFS Kerberos mounts without any interaction that would eventually be used in a Kubernetes environment. It was an improvement on the container image I created a while back in "Securing NFS … Continue reading It’s a Kerberos Khristmas!
LDAP
MacOS NFS Clients with ONTAP – Tips and Considerations
When I'm testing stuff out for customer deployments that I don't work with a ton, I like to keep notes on the work so I can reference it later for TRs or other things. A blog is a great place to do that, as it might help other people in similar scenarios. This won't be … Continue reading MacOS NFS Clients with ONTAP – Tips and Considerations
How to Configure MacOS to Use Active Directory LDAP for UNIX users/groups
In NetApp ONTAP, it's possible to serve data to NAS clients over SMB and NFS, including the same datasets. This is known as "multiprotocol NAS" and I cover the best practices for that in the new TR-4887: TR-4887: Multiprotocol NAS Best Practices in ONTAP When you do multiprotocol NAS in ONTAP (or really, and storage … Continue reading How to Configure MacOS to Use Active Directory LDAP for UNIX users/groups
Brand new tech report: Multiprotocol NAS Best Practices in ONTAP
I don't like to admit to being a procrastinator, but... (Not actually a sloth) Four years ago, I said this: And people have asked about it a few times since then. To be fair, I did say "will be a ways out..." In actuality, I started that TR in March of 2017. And then again … Continue reading Brand new tech report: Multiprotocol NAS Best Practices in ONTAP
New/Updated NAS Technical Reports! – Spring 2020
With the COVID-19 quarantine, stay at home orders and new 1-year ONTAP release cadence, I'm finding I have a lot more spare time, which translates into time to update old, crusty technical reports! Some of the old TRs hadn't been updated for 3 years or so. Much of the information in those still applied, but … Continue reading New/Updated NAS Technical Reports! – Spring 2020
Using Windows Lightweight Directory Services for UNIX Identity Management with ONTAP
Windows Active Directory domains have been the way to leverage UNIX identity management in environments using Windows, given the tight integration with Kerberos, Windows accounts and ease of use. I cover a lot of this in TR-4073 (with a new LDAP-only TR coming out soon). But, it doesn't always fit all use cases. For example, … Continue reading Using Windows Lightweight Directory Services for UNIX Identity Management with ONTAP
Configuring FreeIPA LDAP for ONTAP logins
One question I've seen asked a lot, but haven't been able to find much information on, is how to configure a Linux LDAP server (in this case, FreeIPA on CentOS/RHEL) to interact with NetApp's Data ONTAP software to allow users to login via SSH or the web browser. With Windows Active Directory, it's fairly simple … Continue reading Configuring FreeIPA LDAP for ONTAP logins
Windows NFS? WHO DOES THAT???
Believe it or not, Windows NFS is a thing. Microsoft has its own NFS server and client, which can leverage RFC compliant NFSv3 calls to a Windows Server running NFS server or to a 3rd party NFS server, such as NetApp ONTAP. It's actually so popular, that NetApp had to re-introduce it in clustered ONTAP … Continue reading Windows NFS? WHO DOES THAT???
Behind the Scenes: Episode 137: Name Services in ONTAP
Welcome to the Episode 137, part of the continuing series called “Behind the Scenes of the NetApp Tech ONTAP Podcast.” This week on the podcast, we talk Name Services in ONTAP and the introduction of the new global name services cache in ONTAP 9.3 with NAS TME, Chris Hurley (@averageguyX)! We'll be taking next week off … Continue reading Behind the Scenes: Episode 137: Name Services in ONTAP
Cache Rules Everything Around Me: New Global Name Service Cache in ONTAP 9.3
In an ONTAP cluster made up of individual nodes with individual hardware resources, it's useful if a storage administrator can manage the entire cluster as a monolithic entity, without having to worry about what lives where. Prior to ONTAP 9.3, name service caches were node-centric, for the most part. This sometimes could create scenarios where … Continue reading Cache Rules Everything Around Me: New Global Name Service Cache in ONTAP 9.3