Scribd Logo
Upload

Welcome to Scribd!

  • Netgroups Clustered CDOT

    Uploaded by

    Donald Miller
    48 views4 pages
    Netgroups Clustered CDOT

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Netgroups Clustered CDOT

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    48 views4 pages

    Netgroups Clustered CDOT

    Uploaded by

    Donald Miller
    Netgroups Clustered CDOT

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    NetApp Knowledgebase - How to configure netgroups in clustered Data ONTAP Page 1 of 4

    How to configure netgroups in


    clustered Data ONTAP
    KB Doc ID 1014146 Version: 6.0 Published date: 07/10/2014 Views: 8626

    Description

    Description
    This article describes the steps that should be performed to configure netgroups in clustered
    Data ONTAP.

    Procedure

    Step
    In clustered Data ONTAP, netgroups can be used to segment and organize hosts in groups.
    Export policy rules can be created on a per netgroup basis. These netgroups can be stored
    locally on the cluster (one netgroup table per Vserver) or pulled dynamically using NIS.

    Clustered Data ONTAP only supports the host part of a netgroup tuple, and expects the other
    two parts of the tuple to be empty.

    Note: When using netgroups, the hostname in the netgroup of the relevant clients need to
    correctly resolve to the ip address of the client, for a netgroup to affect a client. Always test if
    the host entries in a netgroup match the hostname in a DNS lookup for a certain client ip.

    Important caveat for all netgroup configurations:

    Host lookup for hosts stored in netgroups is done through the Vserver specific DNS settings.

    CIFS client access can be limited through the use of netgroups in clustered Data ONTAP.
    However, with regards to CIFS, clustered Data ONTAP only supports netgroups for export

    https://kb-stage.netapp.com/support/index?page=content&id=1014146&pmv=print&impre... 10/5/2016
    NetApp Knowledgebase - How to configure netgroups in clustered Data ONTAP Page 2 of 4

    policy rule authentication. As export policies are tied to volumes, not shares, this means that
    netgroup based access restrictions for CIFS are volume based restrictions in cDOT, not
    share restrictions (unlike 7-Mode). If you want export policies with netgroups to determine
    access and compliment ACL-based access for CIFS, make sure you change the advanced
    CIFS option required for this to true on your relevant vsever. See below for the relevant
    option, you need to set this to yes to have export policies determine CIFS access for a
    vserver.
    cm3240c-rtp::> set advanced

    Warning: These advanced commands are potentially dangerous; use them only when
    directed to do so by NetApp personnel.
    Do you want to continue? {y|n}: y

    cm3240c-rtp::*> cifs options show -fields is-exportpolicy-enabled


    vserver is-exportpolicy-enabled
    ------- -----------------------
    vs0 true

    • How to set an export policy rule to use a netgroup


    For information on export policy rules and setting an export policy rule to to create and
    modify export policy rules to include netgroups, see article 3011272 (https://kb.netapp.com/support/index?
    page=content&id=3011272) : How do export-policies work in Data ONTAP GX, 8.0 and 8.1 Cluster-

    Mode?

    • How to import a netgroup file into a Cluster-Mode Vserver


    Netgroups stored locally in the cluster cannot be created or modified directly in the CLI,
    they are created externally and loaded from a URL (an http or ftp server), by running
    the following command:
    netgroup load -vserver vs0 -source http://webserver.company.com/netgroup.file

    In the example, the file netgroup.file is stored on a Web server. The contents of the
    netgroup file are as below:
    groupa(hosta,,) (hostb,,) (hostc,,)

    groupb(hosta,,) (hostd,,) (hoste,,)

    There are three important caveats for importing netgroups stored externally:

    ◦ It is not possible to append the netgroup data to an already imported


    netgroup table; when importing a new table, the old table will be fully
    overwritten.
    ◦ When loading an external netgroup file, each node in the cluster will
    individually pull the netgroup data through its own management lif. Make
    sure that each node in the cluster can access the Web or ftp server to pull
    this data, otherwise, some nodes might not have the netgroup data stored.
    ◦ There is no command available to clear the netgroup table. To clear the
    table, create a bogus netgroup table and import the table. This will overwrite
    the currently stored information with that bogus data.

    • How to use a NIS server as a source for netgroup information

    https://kb-stage.netapp.com/support/index?page=content&id=1014146&pmv=print&impre... 10/5/2016
    NetApp Knowledgebase - How to configure netgroups in clustered Data ONTAP Page 3 of 4

    Perform the following steps:

    1. Configure a Vserver to connect to an NIS server that is stored with the


    netgroups. Use the vserver services nis-domain directory of commands
    for that functionality. For more information of how to perform this, see the
    Documentation section on the NetApp Support (http://support.netapp.com ) site.
    2. Configure the Vserver to use NIS for the ns-switch functionality by running
    the following command:
    vserver modify -vserver vs0 -ns-switch file,nis

    Step

    Disclaimer

    NetApp provides no representations or warranties regarding the accuracy, reliability, or


    serviceability of any information or recommendations provided in this publication, or with
    respect to any results that may be obtained by the use of the information or observance of
    any recommendations provided herein. The information in this document is distributed AS IS,
    and the use of this information or the implementation of any recommendations or techniques
    herein is a customer’s responsibility and depends on the customer’s ability to evaluate and
    integrate them into the customer’s operational environment. This document and the
    information contained herein may be used solely in connection with the NetApp products
    discussed in this document.

    COMPANY SALES
    Our Story How To Buy
    News@NetApp Find a Partner
    Events US Public Sector Contracts
    Customer Stories E-based OEM Partners
    Investors NetApp Capital Solutions
    Careers

    LEGAL RESOURCES
    Privacy & Cookie Policy Subscriptions
    Copyright Library
    Trademarks Site Map
    Community Terms of Use
    Slavery and Human Trafficking Statement

    https://kb-stage.netapp.com/support/index?page=content&id=1014146&pmv=print&impre... 10/5/2016
    NetApp Knowledgebase - How to configure netgroups in clustered Data ONTAP Page 4 of 4

    Accessibility

    © 2016 NetApp

    Have feedback for our website? Let us know

    https://kb-stage.netapp.com/support/index?page=content&id=1014146&pmv=print&impre... 10/5/2016

    You might also like