NetApp offer xcp for this kind of migrations. I used it to migrate 50TB from emc isilon to ontap 9.6 a work great. It also preserve ACL information.
Best,
↧
Re: cifs share migration from EMC VNX to NetApp
↧
CIF share disappearing
Hi All,
We have 4 nodes cluster in which two nodes are AFF220 and other two nodes are of FAS2720. We are facing an issue where we created a CIF share from FAS2720 but the user from AD only get visibility of that share for 10mins then the share gets disappeared and then we try again it shows permission error. Kindly guide us that how we can permanently enable visibility of the share to the user. Please note we also gave full admin rights to this user so there is no error in permissions. Are these permissions are applied on AD itself or it is configured from FAS2720?
↧
↧
Re: CIF share disappearing
Hi,
Before going any further into diagnosis, could you please ensure the FIlER clock and AD clock are in sync, not more than 5 minutes apart ?
Thanks!
↧
Re: CIF share disappearing
Did you check the event log for errors?
↧
ONTAP RBAC issue with offline to only clones
Hey everyone,
I would like to create a custom role on my ontap cluster so that that bringing offline or deleting volumes/luns will only be able to those who contain the words "clone" or "restore" (or both).
I started with the volume offline with restore combination - security login role create -role test -cmd "volume offline" -query "-volume *restore*"
I created a local user and assigned him this role, however when I log in the cluster shell I'm able to bring down any volume, whether it contains "restore" or not.
Any idea what am I missing?
Thanks,
↧
↧
Re: ONTAP RBAC issue with offline to only clones
In addition, what's the scope of the "query" parameter? what can it be used for?
there are a few examples on the internet but not enough.
can I use to limit every command?
↧
Re: cifs share migration from EMC VNX to NetApp
Agreed. Robocopy is still single threaded. XCP is multithreaded and works very well for this purpose.
↧
Re: cifs share migration from EMC VNX to NetApp
Bydefault, it runs single threaded but there is /MT switch there.
Robocopy and multithreading: How fast is it?
https://andys-tech.blog/2018/04/robocopy-and-multithreading-how-fast-is-it/
↧
share name conflict under same namespace
During switch from EMC to NetApp, we plan to merge mulilt cifs servers to one but looks we have share name conflict problem. can anyone share your experience?
↧
↧
Re: share name conflict under same namespace
You cannot do that. Just basic windows at this point, Each cifs server should have distinct share names.
↧
Ontap Select and trial license for SnapDrive
I am aware of the Ontap Select trial.
I want to test SnapDrive on Windows servers with iSCSI storage running on Select.
In this scenario I need a license for SnapDrive
I have tested the same scenario with the simulator thereby the simulator does not require a license.
Anyone can help me how to get a SnapDrive trial license when running Ontap Select?
Arnstein Fuglemsmo
↧
Re: Ontap Select and trial license for SnapDrive
Hi,
SnapDrive for Windows as standalone product has reached end-of-availability. Further, SnapDrive for Windows is nearing it's end of support - In other words, you can only continue to use SnapDrive as supported product if you have existing SnapManager products which are with in the supported period. SnapCenter is the way forward as alternatives to these solutions. (In any case just for info: SDW license is not available as part of Simulator license package, you must get in touch with NetApp SE or Account Manager to get a eval/demo key).
As I understand, you want to test it with 'ONTAP Select'. I haven't worked with 'ONTAP Select', but in general we check the Interoperability matrix to evaluate if the two components can work together. I don't see 'Select' in the IMT table at all.
Thanks!
↧
Admin Authentication using Windows DC
I have a very simple thing, that I have spend hours on trying to fix.
Setting a Windows DC as LDAP server and using this for administrative logins. It seems impossible. So I really need some help here.
1) Set a LDAP client config with binding username and pw. Not sure what to pick in minimum authentication, but tried them all (anon, simple, sasl)
2) Set the LDAP config for my SVM (cluster)
3) Created a user with secure login create and the nsswitch (for remote lookups) - ssh, http and ontapi
4) Added the ldap source in ns-switch
I have full visibility to both a '12R2 and a 19 DC, but non of them lets me perform the LDAP lookup. If I test the ldap from other applications it looks fine.
diag secd authentication translate has been used to test and it tells me LDAP is unavaible.
[ 3] Source: LDAP unavailable. Ignoring and trying next
Funny thing is that the connection is up according to vserver services ldap check:
LDAP Status: up
LDAP Status Details: Successfully connected to LDAP server
I must be overlooking something basic. Do I need to do anything on the Windows server to make it work? I also tried all the different schemas in LDAP client with no luck.
I can see the bind account is logging on the domain controller.
Am I really the first guy to want external authentication. :-)
Desperate for advise. Been stuck for to long.
↧
↧
Re: Admin Authentication using Windows DC
Need more details. Do you have a case open or a serial # so I can look with a fresh ASUP ready to go?
↧
Re: Admin Authentication using Windows DC
Dear Paul,
I was surprised to see your message. Not sure if my service contract covers this kind of configuration issue? Most likely it is my own lack of competence, and knowledge about ldap, that is the problem.
↧
Re: Admin Authentication using Windows DC
It's borderline Support/PS. Technically it's a new setup, but it's probably something simple. Let me know when you have that serial # or case # and I can look at ASUPs.
↧
Re: Admin Authentication using Windows DC
Not really much to go on, but this is where I am stuck. I can see the bind user is logging on to my DC.
Tried configuring the UID value in ADSIEDIT for the particular user, but it seems no make no difference. Looks more like a general LDAP connectivity issue.
CDOT02::diag secd trace*> diag secd authentication show-creds -vserver CDOT02 -unix-user-name domain.com\user
Vserver: CDOT02 (internal ID: XXXX)
Error: Acquire UNIX credentials procedure failed
[ 1 ms] Hostname found in Name Service Cache
[ 1] Resolved LDAP servers: 10.0.0.10. Vserver: -1
[ 1] Failed to initiate Kerberos authentication. Trying NTLM.
[ 5] LDAP search for the "uid, uidNumber, gidNumber,
unixUserPassword, name, unixHomeDirectory, loginShell"
attribute(s) within base
"CN=Users,DC=DOMAIN,DC=COM" (scope: 2) using
filter "(&(objectClass=User)(uid=domain.com\user))" fail
[ 5] Additional info:
[ 6] Source: LDAP unavailable. Ignoring and trying next
available source for user-name:
domain.com\user
[ 6] Entry for user-name: domain.com\user not
found in the current source: FILES. Entry for user-name:
domain.com\user not found in any of the
available sources
**[ 6] FAILURE: Unable to retrieve UID for UNIX user
** domain.com\user
Error: command failed: Failed to resolve user name to a UNIX ID. Reason: "SecD Error: libc returned a transient error. Please look at the journal for detail".
↧
↧
Re: Admin Authentication using Windows DC
Tried enabling LDAP debugging on my Windows Domain controller. I am only able to see the bind entered/exited.
Internal event: Function ldap_bind entered.
No function ldap_search are logged. So to me it looks like the Ontap is never making the query. 
↧
Re: Admin Authentication using Windows DC
Now that I think of it, which schema are you using?
Go ahead and open a case as this seems like it isn't working right. That way we can have proper tracking. You can reference this thread and I'll check on it once open.
↧
Want to migrate 7-mode volumes to Cluster-mode piecemeal
Hi,
I would like to setup a few copy-based transitions in 7MTT 3.3 to copy batches of volumes (10 at a time), but I do not want at any time to transition the 7mode HA-Pair itself, ie I want the new SVMs I've created in CDOT to maintain their existing identity.
Where in the MTT console can I check to ensure that I am not transitioning the 7mode filer's identity itself, and that I am only using the tool as a glorified snapmirror?
Thanks,
↧