Windows NFS Client + cDOT

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Windows NFS Client + cDOT

Alexander Griesser-2

Hey there,

 

is it still true that Windows‘ integrated NFS client is unable to mount NFS shares from cDOT systems? Just asking because I was trying to do so again today out of curiosity and failed miserably again.

If this is still the case, can anyone recommend alternative NFS clients for windows?

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 


_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Windows NFS Client + cDOT

Parisi, Justin

Windows NFS clients work with cDOT as of 8.2.3 and 8.3.1. TR-4067 covers this on page 116.

 

http://www.netapp.com/us/media/tr-4067.pdf

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Alexander Griesser
Sent: Thursday, April 6, 2017 1:07 PM
To: [hidden email]
Subject: Windows NFS Client + cDOT

 

Hey there,

 

is it still true that Windows‘ integrated NFS client is unable to mount NFS shares from cDOT systems? Just asking because I was trying to do so again today out of curiosity and failed miserably again.

If this is still the case, can anyone recommend alternative NFS clients for windows?

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 


_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Windows NFS Client + cDOT

Tim McCarthy
In reply to this post by Alexander Griesser-2
what versions were you trying?
(ONTAP release, Windows client? NFS version?)

--tmac

Tim McCarthy, Principal Consultant

Proud Member of the #NetAppATeam

I Blog at TMACsRack



On Thu, Apr 6, 2017 at 1:07 PM, Alexander Griesser <[hidden email]> wrote:

Hey there,

 

is it still true that Windows‘ integrated NFS client is unable to mount NFS shares from cDOT systems? Just asking because I was trying to do so again today out of curiosity and failed miserably again.

If this is still the case, can anyone recommend alternative NFS clients for windows?

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 


_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters



_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

AW: Windows NFS Client + cDOT

Alexander Griesser-2
In reply to this post by Parisi, Justin

Hi Justin,

 

many thanks for pointing me there – I was still thinking pre 8.3 where this was not possible.

 

::> vserver nfs modify -vserver VSERVERNAME -v3-ms-dos-client enabled

 

was all it needed and I could successfully mount the share on a Windows Server 2016 now.

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: Parisi, Justin [mailto:[hidden email]]
Gesendet: Donnerstag, 6. April 2017 19:12
An: Alexander Griesser <[hidden email]>; [hidden email]
Betreff: RE: Windows NFS Client + cDOT

 

Windows NFS clients work with cDOT as of 8.2.3 and 8.3.1. TR-4067 covers this on page 116.

 

http://www.netapp.com/us/media/tr-4067.pdf

 

From: [hidden email] [[hidden email]] On Behalf Of Alexander Griesser
Sent: Thursday, April 6, 2017 1:07 PM
To: [hidden email]
Subject: Windows NFS Client + cDOT

 

Hey there,

 

is it still true that Windows‘ integrated NFS client is unable to mount NFS shares from cDOT systems? Just asking because I was trying to do so again today out of curiosity and failed miserably again.

If this is still the case, can anyone recommend alternative NFS clients for windows?

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 


_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

AW: Windows NFS Client + cDOT

Alexander Griesser-2
In reply to this post by Parisi, Justin

Hi Justin,

 

I think I fired too early – one more thing just popped up.

I’ve set the registry keys for AnonymousUID and AnonymosGID to 0 each and am now able to write to that volume.

It’s mounted using NFSv3 currently:

 

Local    Remote                                 Properties

-------------------------------------------------------------------------------

z:       \\22.22.222.222\volnXXXXXXX            UID=0, GID=0

                                                rsize=65536, wsize=65536

                                                mount=hard, timeout=0.8

                                                retry=1, locking=yes

                                                fileaccess=755, lang=ANSI

                                                casesensitive=yes

                                                sec=sys

 

I can copy files to this volume, I can delete files, traverse folders, etc.

But I – for whatever reason – cannot rename files. When I try to rename a folder, I get:

 

 

On the command line, a different error (Access denied) is given:

 

Z:\>move test test1

Access is denied.

        0 dir(s) moved.

 

Z:\>ren test test1

Access is denied.

 

Any idea what I’m missing here now?

 

Thanks,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: Alexander Griesser
Gesendet: Donnerstag, 6. April 2017 19:36
An: 'Parisi, Justin' <[hidden email]>; [hidden email]
Betreff: AW: Windows NFS Client + cDOT

 

Hi Justin,

 

many thanks for pointing me there – I was still thinking pre 8.3 where this was not possible.

 

::> vserver nfs modify -vserver VSERVERNAME -v3-ms-dos-client enabled

 

was all it needed and I could successfully mount the share on a Windows Server 2016 now.

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: Parisi, Justin [[hidden email]]
Gesendet: Donnerstag, 6. April 2017 19:12
An: Alexander Griesser <[hidden email]>; [hidden email]
Betreff: RE: Windows NFS Client + cDOT

 

Windows NFS clients work with cDOT as of 8.2.3 and 8.3.1. TR-4067 covers this on page 116.

 

http://www.netapp.com/us/media/tr-4067.pdf

 

From: [hidden email] [[hidden email]] On Behalf Of Alexander Griesser
Sent: Thursday, April 6, 2017 1:07 PM
To: [hidden email]
Subject: Windows NFS Client + cDOT

 

Hey there,

 

is it still true that Windows‘ integrated NFS client is unable to mount NFS shares from cDOT systems? Just asking because I was trying to do so again today out of curiosity and failed miserably again.

If this is still the case, can anyone recommend alternative NFS clients for windows?

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 


_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Windows NFS Client + cDOT

Parisi, Justin

Did you make the modifications mentioned in the TR to the NFS options?

 

Also, what does your export policy rule look like?

 

What does “vserver security file-directory show” give you for the newly created file? Who is the owner/what are the perms?

 

From: Alexander Griesser [mailto:[hidden email]]
Sent: Friday, April 7, 2017 5:35 AM
To: Parisi, Justin <[hidden email]>; [hidden email]
Subject: AW: Windows NFS Client + cDOT

 

Hi Justin,

 

I think I fired too early – one more thing just popped up.

I’ve set the registry keys for AnonymousUID and AnonymosGID to 0 each and am now able to write to that volume.

It’s mounted using NFSv3 currently:

 

Local    Remote                                 Properties

-------------------------------------------------------------------------------

z:       \\22.22.222.222\volnXXXXXXX            UID=0, GID=0

                                                rsize=65536, wsize=65536

                                                mount=hard, timeout=0.8

                                                retry=1, locking=yes

                                                fileaccess=755, lang=ANSI

                                                casesensitive=yes

                                                sec=sys

 

I can copy files to this volume, I can delete files, traverse folders, etc.

But I – for whatever reason – cannot rename files. When I try to rename a folder, I get:

 

 

On the command line, a different error (Access denied) is given:

 

Z:\>move test test1

Access is denied.

        0 dir(s) moved.

 

Z:\>ren test test1

Access is denied.

 

Any idea what I’m missing here now?

 

Thanks,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: Alexander Griesser
Gesendet: Donnerstag, 6. April 2017 19:36
An: 'Parisi, Justin' <[hidden email]>; [hidden email]
Betreff: AW: Windows NFS Client + cDOT

 

Hi Justin,

 

many thanks for pointing me there – I was still thinking pre 8.3 where this was not possible.

 

::> vserver nfs modify -vserver VSERVERNAME -v3-ms-dos-client enabled

 

was all it needed and I could successfully mount the share on a Windows Server 2016 now.

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: Parisi, Justin [[hidden email]]
Gesendet: Donnerstag, 6. April 2017 19:12
An: Alexander Griesser <[hidden email]>; [hidden email]
Betreff: RE: Windows NFS Client + cDOT

 

Windows NFS clients work with cDOT as of 8.2.3 and 8.3.1. TR-4067 covers this on page 116.

 

http://www.netapp.com/us/media/tr-4067.pdf

 

From: [hidden email] [[hidden email]] On Behalf Of Alexander Griesser
Sent: Thursday, April 6, 2017 1:07 PM
To: [hidden email]
Subject: Windows NFS Client + cDOT

 

Hey there,

 

is it still true that Windows‘ integrated NFS client is unable to mount NFS shares from cDOT systems? Just asking because I was trying to do so again today out of curiosity and failed miserably again.

If this is still the case, can anyone recommend alternative NFS clients for windows?

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 


_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

AW: Windows NFS Client + cDOT

Alexander Griesser-2

Hi Justin,

 

Yes, I did activate v3-ms-dos-client and deactivated enabe-ejukebox and v3-connection-drop:

 

::*> vserver nfs show -vserver XXXXXXX -fields enable-ejukebox,v3-connection-drop,v3-ms-dos-client

vserver enable-ejukebox v3-connection-drop v3-ms-dos-client

------- --------------- ------------------ ----------------

XXXXXXX false           disabled           enabled

 

Here’s the export policy:

 

::*> vserver export-policy rule show -vserver XXXXXX -policyname XXXXXX  -instance

 

                                    Vserver: XXXXXX

                                Policy Name: XXXXXX

                                 Rule Index: 1

                            Access Protocol: nfs

List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 22.22.22.22

                             RO Access Rule: any

                             RW Access Rule: any

User ID To Which Anonymous Users Are Mapped: 0

                   Superuser Security Types: any

               Honor SetUID Bits in SETATTR: true

                  Allow Creation of Devices: true

                 NTFS Unix Security Options: fail

         Vserver NTFS Unix Security Options: use_export_policy

                      Change Ownership Mode: restricted

              Vserver Change Ownership Mode: use_export_policy

 

Here’s the file-directory show output of the base volume itself:

 

::*> vserver security file-directory show -vserver XXXXXX -path /VOLUME

 

                Vserver: XXXXXX

              File Path: /VOLUME

      File Inode Number: 64

         Security Style: unix

        Effective Style: unix

         DOS Attributes: 10

DOS Attributes in Text: ----D---

Expanded Dos Attributes: -

           UNIX User Id: 0

          UNIX Group Id: 0

         UNIX Mode Bits: 755

UNIX Mode Bits in Text: rwxr-xr-x

                   ACLs: -

 

And here it is for the directory I’m trying to rename:

 

::*> vserver security file-directory show -vserver XXXXXX -path /VOLUME/test

 

                Vserver: XXXXXX

              File Path: /VOLUME/test

      File Inode Number: 22620

         Security Style: unix

        Effective Style: unix

         DOS Attributes: 10

DOS Attributes in Text: ----D---

Expanded Dos Attributes: -

           UNIX User Id: 0

          UNIX Group Id: 0

         UNIX Mode Bits: 755

UNIX Mode Bits in Text: rwxr-xr-x

                   ACLs: -

 

Thanks,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: Parisi, Justin [mailto:[hidden email]]
Gesendet: Freitag, 7. April 2017 15:41
An: Alexander Griesser <[hidden email]>; [hidden email]
Betreff: RE: Windows NFS Client + cDOT

 

Did you make the modifications mentioned in the TR to the NFS options?

 

Also, what does your export policy rule look like?

 

What does “vserver security file-directory show” give you for the newly created file? Who is the owner/what are the perms?

 

From: Alexander Griesser [[hidden email]]
Sent: Friday, April 7, 2017 5:35 AM
To: Parisi, Justin <[hidden email]>; [hidden email]
Subject: AW: Windows NFS Client + cDOT

 

Hi Justin,

 

I think I fired too early – one more thing just popped up.

I’ve set the registry keys for AnonymousUID and AnonymosGID to 0 each and am now able to write to that volume.

It’s mounted using NFSv3 currently:

 

Local    Remote                                 Properties

-------------------------------------------------------------------------------

z:       \\22.22.222.222\volnXXXXXXX            UID=0, GID=0

                                                rsize=65536, wsize=65536

                                                mount=hard, timeout=0.8

                                                retry=1, locking=yes

                                                fileaccess=755, lang=ANSI

                                                casesensitive=yes

                                                sec=sys

 

I can copy files to this volume, I can delete files, traverse folders, etc.

But I – for whatever reason – cannot rename files. When I try to rename a folder, I get:

 

 

On the command line, a different error (Access denied) is given:

 

Z:\>move test test1

Access is denied.

        0 dir(s) moved.

 

Z:\>ren test test1

Access is denied.

 

Any idea what I’m missing here now?

 

Thanks,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: Alexander Griesser
Gesendet: Donnerstag, 6. April 2017 19:36
An: 'Parisi, Justin' <[hidden email]>; [hidden email]
Betreff: AW: Windows NFS Client + cDOT

 

Hi Justin,

 

many thanks for pointing me there – I was still thinking pre 8.3 where this was not possible.

 

::> vserver nfs modify -vserver VSERVERNAME -v3-ms-dos-client enabled

 

was all it needed and I could successfully mount the share on a Windows Server 2016 now.

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: Parisi, Justin [[hidden email]]
Gesendet: Donnerstag, 6. April 2017 19:12
An: Alexander Griesser <[hidden email]>; [hidden email]
Betreff: RE: Windows NFS Client + cDOT

 

Windows NFS clients work with cDOT as of 8.2.3 and 8.3.1. TR-4067 covers this on page 116.

 

http://www.netapp.com/us/media/tr-4067.pdf

 

From: [hidden email] [[hidden email]] On Behalf Of Alexander Griesser
Sent: Thursday, April 6, 2017 1:07 PM
To: [hidden email]
Subject: Windows NFS Client + cDOT

 

Hey there,

 

is it still true that Windows‘ integrated NFS client is unable to mount NFS shares from cDOT systems? Just asking because I was trying to do so again today out of curiosity and failed miserably again.

If this is still the case, can anyone recommend alternative NFS clients for windows?

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 


_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Windows NFS Client + cDOT

Tim McCarthy
yes, yes..

export policy rule show -instance (please)

--tmac

Tim McCarthy, Principal Consultant

Proud Member of the #NetAppATeam

I Blog at TMACsRack



On Fri, Apr 7, 2017 at 1:45 PM, Alexander Griesser <[hidden email]> wrote:

Hi Justin,

 

Yes, I did activate v3-ms-dos-client and deactivated enabe-ejukebox and v3-connection-drop:

 

::*> vserver nfs show -vserver XXXXXXX -fields enable-ejukebox,v3-connection-drop,v3-ms-dos-client

vserver enable-ejukebox v3-connection-drop v3-ms-dos-client

------- --------------- ------------------ ----------------

XXXXXXX false           disabled           enabled

 

Here’s the export policy:

 

::*> vserver export-policy rule show -vserver XXXXXX -policyname XXXXXX  -instance

 

                                    Vserver: XXXXXX

                                Policy Name: XXXXXX

                                 Rule Index: 1

                            Access Protocol: nfs

List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 22.22.22.22

                             RO Access Rule: any

                             RW Access Rule: any

User ID To Which Anonymous Users Are Mapped: 0

                   Superuser Security Types: any

               Honor SetUID Bits in SETATTR: true

                  Allow Creation of Devices: true

                 NTFS Unix Security Options: fail

         Vserver NTFS Unix Security Options: use_export_policy

                      Change Ownership Mode: restricted

              Vserver Change Ownership Mode: use_export_policy

 

Here’s the file-directory show output of the base volume itself:

 

::*> vserver security file-directory show -vserver XXXXXX -path /VOLUME

 

                Vserver: XXXXXX

              File Path: /VOLUME

      File Inode Number: 64

         Security Style: unix

        Effective Style: unix

         DOS Attributes: 10

DOS Attributes in Text: ----D---

Expanded Dos Attributes: -

           UNIX User Id: 0

          UNIX Group Id: 0

         UNIX Mode Bits: 755

UNIX Mode Bits in Text: rwxr-xr-x

                   ACLs: -

 

And here it is for the directory I’m trying to rename:

 

::*> vserver security file-directory show -vserver XXXXXX -path /VOLUME/test

 

                Vserver: XXXXXX

              File Path: /VOLUME/test

      File Inode Number: 22620

         Security Style: unix

        Effective Style: unix

         DOS Attributes: 10

DOS Attributes in Text: ----D---

Expanded Dos Attributes: -

           UNIX User Id: 0

          UNIX Group Id: 0

         UNIX Mode Bits: 755

UNIX Mode Bits in Text: rwxr-xr-x

                   ACLs: -

 

Thanks,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: Parisi, Justin [mailto:[hidden email]]
Gesendet: Freitag, 7. April 2017 15:41


An: Alexander Griesser <[hidden email]>; [hidden email]
Betreff: RE: Windows NFS Client + cDOT

 

Did you make the modifications mentioned in the TR to the NFS options?

 

Also, what does your export policy rule look like?

 

What does “vserver security file-directory show” give you for the newly created file? Who is the owner/what are the perms?

 

From: Alexander Griesser [[hidden email]]
Sent: Friday, April 7, 2017 5:35 AM
To: Parisi, Justin <[hidden email]>; [hidden email]
Subject: AW: Windows NFS Client + cDOT

 

Hi Justin,

 

I think I fired too early – one more thing just popped up.

I’ve set the registry keys for AnonymousUID and AnonymosGID to 0 each and am now able to write to that volume.

It’s mounted using NFSv3 currently:

 

Local    Remote                                 Properties

-------------------------------------------------------------------------------

z:       \\22.22.222.222\volnXXXXXXX            UID=0, GID=0

                                                rsize=65536, wsize=65536

                                                mount=hard, timeout=0.8

                                                retry=1, locking=yes

                                                fileaccess=755, lang=ANSI

                                                casesensitive=yes

                                                sec=sys

 

I can copy files to this volume, I can delete files, traverse folders, etc.

But I – for whatever reason – cannot rename files. When I try to rename a folder, I get:

 

 

On the command line, a different error (Access denied) is given:

 

Z:\>move test test1

Access is denied.

        0 dir(s) moved.

 

Z:\>ren test test1

Access is denied.

 

Any idea what I’m missing here now?

 

Thanks,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: Alexander Griesser
Gesendet: Donnerstag, 6. April 2017 19:36
An: 'Parisi, Justin' <[hidden email]>; [hidden email]
Betreff: AW: Windows NFS Client + cDOT

 

Hi Justin,

 

many thanks for pointing me there – I was still thinking pre 8.3 where this was not possible.

 

::> vserver nfs modify -vserver VSERVERNAME -v3-ms-dos-client enabled

 

was all it needed and I could successfully mount the share on a Windows Server 2016 now.

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: Parisi, Justin [[hidden email]]
Gesendet: Donnerstag, 6. April 2017 19:12
An: Alexander Griesser <[hidden email]>; [hidden email]
Betreff: RE: Windows NFS Client + cDOT

 

Windows NFS clients work with cDOT as of 8.2.3 and 8.3.1. TR-4067 covers this on page 116.

 

http://www.netapp.com/us/media/tr-4067.pdf

 

From: [hidden email] [[hidden email]] On Behalf Of Alexander Griesser
Sent: Thursday, April 6, 2017 1:07 PM
To: [hidden email]
Subject: Windows NFS Client + cDOT

 

Hey there,

 

is it still true that Windows‘ integrated NFS client is unable to mount NFS shares from cDOT systems? Just asking because I was trying to do so again today out of curiosity and failed miserably again.

If this is still the case, can anyone recommend alternative NFS clients for windows?

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 


_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters



_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

AW: Windows NFS Client + cDOT

Alexander Griesser-2

Well, there are like 70 export policies on this SVM for 70 different volumes, I guess the policy for this volume as well as the default policy for the SVM will suffice here? If so, the export policy for this volume has already been sent earlier and here’s the default policy for this SVM:

 

::> export-policy rule show -vserver XXXXXXX -policyname default -instance

 

                                    Vserver: XXXXXXX

                                Policy Name: default

                                 Rule Index: 1

                            Access Protocol: nfs

List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 0/0

                             RO Access Rule: any

                             RW Access Rule: never

User ID To Which Anonymous Users Are Mapped: 65535

                   Superuser Security Types: none

               Honor SetUID Bits in SETATTR: true

                  Allow Creation of Devices: true

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: tmac [mailto:[hidden email]]
Gesendet: Freitag, 7. April 2017 20:15
An: Alexander Griesser <[hidden email]>
Cc: Parisi, Justin <[hidden email]>; [hidden email]
Betreff: Re: Windows NFS Client + cDOT

 

yes, yes..

 

export policy rule show -instance (please)


--tmac

 

Tim McCarthy, Principal Consultant

Proud Member of the #NetAppATeam

I Blog at TMACsRack

 

 

On Fri, Apr 7, 2017 at 1:45 PM, Alexander Griesser <[hidden email]> wrote:

Hi Justin,

 

Yes, I did activate v3-ms-dos-client and deactivated enabe-ejukebox and v3-connection-drop:

 

::*> vserver nfs show -vserver XXXXXXX -fields enable-ejukebox,v3-connection-drop,v3-ms-dos-client

vserver enable-ejukebox v3-connection-drop v3-ms-dos-client

------- --------------- ------------------ ----------------

XXXXXXX false           disabled           enabled

 

Here’s the export policy:

 

::*> vserver export-policy rule show -vserver XXXXXX -policyname XXXXXX  -instance

 

                                    Vserver: XXXXXX

                                Policy Name: XXXXXX

                                 Rule Index: 1

                            Access Protocol: nfs

List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 22.22.22.22

                             RO Access Rule: any

                             RW Access Rule: any

User ID To Which Anonymous Users Are Mapped: 0

                   Superuser Security Types: any

               Honor SetUID Bits in SETATTR: true

                  Allow Creation of Devices: true

                 NTFS Unix Security Options: fail

         Vserver NTFS Unix Security Options: use_export_policy

                      Change Ownership Mode: restricted

              Vserver Change Ownership Mode: use_export_policy

 

Here’s the file-directory show output of the base volume itself:

 

::*> vserver security file-directory show -vserver XXXXXX -path /VOLUME

 

                Vserver: XXXXXX

              File Path: /VOLUME

      File Inode Number: 64

         Security Style: unix

        Effective Style: unix

         DOS Attributes: 10

DOS Attributes in Text: ----D---

Expanded Dos Attributes: -

           UNIX User Id: 0

          UNIX Group Id: 0

         UNIX Mode Bits: 755

UNIX Mode Bits in Text: rwxr-xr-x

                   ACLs: -

 

And here it is for the directory I’m trying to rename:

 

::*> vserver security file-directory show -vserver XXXXXX -path /VOLUME/test

 

                Vserver: XXXXXX

              File Path: /VOLUME/test

      File Inode Number: 22620

         Security Style: unix

        Effective Style: unix

         DOS Attributes: 10

DOS Attributes in Text: ----D---

Expanded Dos Attributes: -

           UNIX User Id: 0

          UNIX Group Id: 0

         UNIX Mode Bits: 755

UNIX Mode Bits in Text: rwxr-xr-x

                   ACLs: -

 

Thanks,

 

Alexander Griesser

 


_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Windows NFS Client + cDOT

Tim McCarthy
Not sure if this is it or not, but you have said that you set the anon ID's to 0. In this policy, it is set to 65535

Do you create separate policies for the SVM root and the data volumes?
If you do, Root could/should be allow RO to all, rw to none.
Then set the restrictions on the data volume policy.


--tmac

Tim McCarthy, Principal Consultant

Proud Member of the #NetAppATeam

I Blog at TMACsRack




On Fri, Apr 7, 2017 at 2:19 PM, Alexander Griesser <[hidden email]> wrote:

Well, there are like 70 export policies on this SVM for 70 different volumes, I guess the policy for this volume as well as the default policy for the SVM will suffice here? If so, the export policy for this volume has already been sent earlier and here’s the default policy for this SVM:

 

::> export-policy rule show -vserver XXXXXXX -policyname default -instance

 

                                    Vserver: XXXXXXX

                                Policy Name: default

                                 Rule Index: 1

                            Access Protocol: nfs

List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 0/0

                             RO Access Rule: any

                             RW Access Rule: never

User ID To Which Anonymous Users Are Mapped: 65535

                   Superuser Security Types: none

               Honor SetUID Bits in SETATTR: true

                  Allow Creation of Devices: true

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: tmac [mailto:[hidden email]]
Gesendet: Freitag, 7. April 2017 20:15
An: Alexander Griesser <[hidden email]>
Cc: Parisi, Justin <[hidden email]>; [hidden email]
Betreff: Re: Windows NFS Client + cDOT

 

yes, yes..

 

export policy rule show -instance (please)


--tmac

 

Tim McCarthy, Principal Consultant

Proud Member of the #NetAppATeam

I Blog at TMACsRack

 

 

On Fri, Apr 7, 2017 at 1:45 PM, Alexander Griesser <[hidden email]> wrote:

Hi Justin,

 

Yes, I did activate v3-ms-dos-client and deactivated enabe-ejukebox and v3-connection-drop:

 

::*> vserver nfs show -vserver XXXXXXX -fields enable-ejukebox,v3-connection-drop,v3-ms-dos-client

vserver enable-ejukebox v3-connection-drop v3-ms-dos-client

------- --------------- ------------------ ----------------

XXXXXXX false           disabled           enabled

 

Here’s the export policy:

 

::*> vserver export-policy rule show -vserver XXXXXX -policyname XXXXXX  -instance

 

                                    Vserver: XXXXXX

                                Policy Name: XXXXXX

                                 Rule Index: 1

                            Access Protocol: nfs

List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 22.22.22.22

                             RO Access Rule: any

                             RW Access Rule: any

User ID To Which Anonymous Users Are Mapped: 0

                   Superuser Security Types: any

               Honor SetUID Bits in SETATTR: true

                  Allow Creation of Devices: true

                 NTFS Unix Security Options: fail

         Vserver NTFS Unix Security Options: use_export_policy

                      Change Ownership Mode: restricted

              Vserver Change Ownership Mode: use_export_policy

 

Here’s the file-directory show output of the base volume itself:

 

::*> vserver security file-directory show -vserver XXXXXX -path /VOLUME

 

                Vserver: XXXXXX

              File Path: /VOLUME

      File Inode Number: 64

         Security Style: unix

        Effective Style: unix

         DOS Attributes: 10

DOS Attributes in Text: ----D---

Expanded Dos Attributes: -

           UNIX User Id: 0

          UNIX Group Id: 0

         UNIX Mode Bits: 755

UNIX Mode Bits in Text: rwxr-xr-x

                   ACLs: -

 

And here it is for the directory I’m trying to rename:

 

::*> vserver security file-directory show -vserver XXXXXX -path /VOLUME/test

 

                Vserver: XXXXXX

              File Path: /VOLUME/test

      File Inode Number: 22620

         Security Style: unix

        Effective Style: unix

         DOS Attributes: 10

DOS Attributes in Text: ----D---

Expanded Dos Attributes: -

           UNIX User Id: 0

          UNIX Group Id: 0

         UNIX Mode Bits: 755

UNIX Mode Bits in Text: rwxr-xr-x

                   ACLs: -

 

Thanks,

 

Alexander Griesser

 



_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

AW: Windows NFS Client + cDOT

Alexander Griesser-2

Yes, I’ve set anon in the export policy for the volume it self to 0 and I’ve set the registry keys on windows for AnonymousUID and AnonymousGID to 0 – without the registry keys, it will be „-2“ on the mount options in windows, whatever that negative value is used for…

If the permissions were wrong, I could not create files at all in the first place, I guess, right? But I can create them and they show as UID 0 on the filer (also tested on a linux system where I mounted this volume) – and I can delete the files as well.

The only thing which is not working, is renaming and I’m not sure why it’s refusing to do so. Maybe this is a Win 2k16 thinggie? I can try to spin up a Win2k12 system to see if this problem also persists there, that would at least rule out a misconfiguration on the filer I guess.

 

I did not create separate policies for the SVM root, the SVM root only gets applied the default policy here and the default policy iss et to „ro all“, „rw never“ – as you can see below.

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: tmac [mailto:[hidden email]]
Gesendet: Freitag, 7. April 2017 20:24
An: Alexander Griesser <[hidden email]>
Cc: Parisi, Justin <[hidden email]>; [hidden email]
Betreff: Re: Windows NFS Client + cDOT

 

Not sure if this is it or not, but you have said that you set the anon ID's to 0. In this policy, it is set to 65535

 

Do you create separate policies for the SVM root and the data volumes?

If you do, Root could/should be allow RO to all, rw to none.

Then set the restrictions on the data volume policy.

 


--tmac

 

Tim McCarthy, Principal Consultant

Proud Member of the #NetAppATeam

I Blog at TMACsRack

 

 

 

On Fri, Apr 7, 2017 at 2:19 PM, Alexander Griesser <[hidden email]> wrote:

Well, there are like 70 export policies on this SVM for 70 different volumes, I guess the policy for this volume as well as the default policy for the SVM will suffice here? If so, the export policy for this volume has already been sent earlier and here’s the default policy for this SVM:

 

::> export-policy rule show -vserver XXXXXXX -policyname default -instance

 

                                    Vserver: XXXXXXX

                                Policy Name: default

                                 Rule Index: 1

                            Access Protocol: nfs

List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 0/0

                             RO Access Rule: any

                             RW Access Rule: never

User ID To Which Anonymous Users Are Mapped: 65535

                   Superuser Security Types: none

               Honor SetUID Bits in SETATTR: true

                  Allow Creation of Devices: true

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: tmac [mailto:[hidden email]]
Gesendet: Freitag, 7. April 2017 20:15
An: Alexander Griesser <
[hidden email]>
Cc: Parisi, Justin <
[hidden email]>; [hidden email]
Betreff: Re: Windows NFS Client + cDOT

 

yes, yes..

 

export policy rule show -instance (please)


--tmac

 

Tim McCarthy, Principal Consultant

Proud Member of the #NetAppATeam

I Blog at TMACsRack

 

 

On Fri, Apr 7, 2017 at 1:45 PM, Alexander Griesser <[hidden email]> wrote:

Hi Justin,

 

Yes, I did activate v3-ms-dos-client and deactivated enabe-ejukebox and v3-connection-drop:

 

::*> vserver nfs show -vserver XXXXXXX -fields enable-ejukebox,v3-connection-drop,v3-ms-dos-client

vserver enable-ejukebox v3-connection-drop v3-ms-dos-client

------- --------------- ------------------ ----------------

XXXXXXX false           disabled           enabled

 

Here’s the export policy:

 

::*> vserver export-policy rule show -vserver XXXXXX -policyname XXXXXX  -instance

 

                                    Vserver: XXXXXX

                                Policy Name: XXXXXX

                                 Rule Index: 1

                            Access Protocol: nfs

List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 22.22.22.22

                             RO Access Rule: any

                             RW Access Rule: any

User ID To Which Anonymous Users Are Mapped: 0

                   Superuser Security Types: any

               Honor SetUID Bits in SETATTR: true

                  Allow Creation of Devices: true

                 NTFS Unix Security Options: fail

         Vserver NTFS Unix Security Options: use_export_policy

                      Change Ownership Mode: restricted

              Vserver Change Ownership Mode: use_export_policy

 

Here’s the file-directory show output of the base volume itself:

 

::*> vserver security file-directory show -vserver XXXXXX -path /VOLUME

 

                Vserver: XXXXXX

              File Path: /VOLUME

      File Inode Number: 64

         Security Style: unix

        Effective Style: unix

         DOS Attributes: 10

DOS Attributes in Text: ----D---

Expanded Dos Attributes: -

           UNIX User Id: 0

          UNIX Group Id: 0

         UNIX Mode Bits: 755

UNIX Mode Bits in Text: rwxr-xr-x

                   ACLs: -

 

And here it is for the directory I’m trying to rename:

 

::*> vserver security file-directory show -vserver XXXXXX -path /VOLUME/test

 

                Vserver: XXXXXX

              File Path: /VOLUME/test

      File Inode Number: 22620

         Security Style: unix

        Effective Style: unix

         DOS Attributes: 10

DOS Attributes in Text: ----D---

Expanded Dos Attributes: -

           UNIX User Id: 0

          UNIX Group Id: 0

         UNIX Mode Bits: 755

UNIX Mode Bits in Text: rwxr-xr-x

                   ACLs: -

 

Thanks,

 

Alexander Griesser

 

 


_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

AW: Windows NFS Client + cDOT

Alexander Griesser-2
In reply to this post by Tim McCarthy

Hey everyone,

 

we’ve just set up a Windows 2k12 system and the renaming of files and folders doesn’t work there too, so it’s not a Windows 2016 problem.

Any further ideas on how to debug this issue?

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: Alexander Griesser
Gesendet: Freitag, 7. April 2017 20:30
An: 'tmac' <[hidden email]>
Cc: Parisi, Justin <[hidden email]>; [hidden email]
Betreff: AW: Windows NFS Client + cDOT

 

Yes, I’ve set anon in the export policy for the volume it self to 0 and I’ve set the registry keys on windows for AnonymousUID and AnonymousGID to 0 – without the registry keys, it will be „-2“ on the mount options in windows, whatever that negative value is used for…

If the permissions were wrong, I could not create files at all in the first place, I guess, right? But I can create them and they show as UID 0 on the filer (also tested on a linux system where I mounted this volume) – and I can delete the files as well.

The only thing which is not working, is renaming and I’m not sure why it’s refusing to do so. Maybe this is a Win 2k16 thinggie? I can try to spin up a Win2k12 system to see if this problem also persists there, that would at least rule out a misconfiguration on the filer I guess.

 

I did not create separate policies for the SVM root, the SVM root only gets applied the default policy here and the default policy iss et to „ro all“, „rw never“ – as you can see below.

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: tmac [[hidden email]]
Gesendet: Freitag, 7. April 2017 20:24
An: Alexander Griesser <[hidden email]>
Cc: Parisi, Justin <[hidden email]>; [hidden email]
Betreff: Re: Windows NFS Client + cDOT

 

Not sure if this is it or not, but you have said that you set the anon ID's to 0. In this policy, it is set to 65535

 

Do you create separate policies for the SVM root and the data volumes?

If you do, Root could/should be allow RO to all, rw to none.

Then set the restrictions on the data volume policy.

 


--tmac

 

Tim McCarthy, Principal Consultant

Proud Member of the #NetAppATeam

I Blog at TMACsRack

 

 

 

On Fri, Apr 7, 2017 at 2:19 PM, Alexander Griesser <[hidden email]> wrote:

Well, there are like 70 export policies on this SVM for 70 different volumes, I guess the policy for this volume as well as the default policy for the SVM will suffice here? If so, the export policy for this volume has already been sent earlier and here’s the default policy for this SVM:

 

::> export-policy rule show -vserver XXXXXXX -policyname default -instance

 

                                    Vserver: XXXXXXX

                                Policy Name: default

                                 Rule Index: 1

                            Access Protocol: nfs

List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 0/0

                             RO Access Rule: any

                             RW Access Rule: never

User ID To Which Anonymous Users Are Mapped: 65535

                   Superuser Security Types: none

               Honor SetUID Bits in SETATTR: true

                  Allow Creation of Devices: true

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: tmac [mailto:[hidden email]]
Gesendet: Freitag, 7. April 2017 20:15
An: Alexander Griesser <
[hidden email]>
Cc: Parisi, Justin <
[hidden email]>; [hidden email]
Betreff: Re: Windows NFS Client + cDOT

 

yes, yes..

 

export policy rule show -instance (please)


--tmac

 

Tim McCarthy, Principal Consultant

Proud Member of the #NetAppATeam

I Blog at TMACsRack

 


_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Windows NFS Client + cDOT

Parisi, Justin

Ok, started playing around with this today. This is my mount:

 

Z:\>mount

 

Local    Remote                                 Properties

-------------------------------------------------------------------------------

Z:       \\demo\flexvol                         UID=0, GID=0

                                                rsize=65536, wsize=65536

                                                mount=hard, timeout=0.8

                                                retry=1, locking=yes

                                                fileaccess=755, lang=ANSI

                                                casesensitive=no

                                                sec=sys

 

When I try to rename via the GUI, I get this:

 

 

Via CLI, I get this:

 

Z:\>ren "New Text Document (2).txt" test.txt

 

Z:\>dir

Volume in drive Z has no label.

Volume Serial Number is 80F0-372F

 

Directory of Z:\

 

04/10/2017  03:49 PM    <DIR>          .

04/10/2017  03:49 PM    <DIR>          ..

04/10/2017  03:45 PM                 0 New Text Document.txt

04/10/2017  03:46 PM                 0 test.txt

04/10/2017  03:45 PM    <DIR>          .snapshot

               2 File(s)         12,288 bytes

               3 Dir(s)  1,044,535,574,528 bytes free

 

A search for “invalid device” gets me this:

 

https://support.microsoft.com/en-us/help/3025097/-invalid-device-error-when-you-try-to-rename-a-file-on-a-network-file-system-client-that-is-running-windows-8,-windows-8.1,-windows-server-2012,-or-windows-server-2012-r2

 

I tried to apply it to my server, but it claims it’s not valid for Windows 2012R2, even though it’s specifically for Win 2012R2.  ¯\_()_/¯

 

Packet traces and sktraces on the cluster suggest the issue isn’t on the cluster side; the rename request never happens from  the client:

 

 

Does it fail for you the same way? Does rename work from CLI? On my end, at least, this seems to be a client issue.

 

From: Alexander Griesser [mailto:[hidden email]]
Sent: Monday, April 10, 2017 4:26 AM
To: NGC-tmacmd-gmail.com <[hidden email]>
Cc: Parisi, Justin <[hidden email]>; [hidden email]
Subject: AW: Windows NFS Client + cDOT

 

Hey everyone,

 

we’ve just set up a Windows 2k12 system and the renaming of files and folders doesn’t work there too, so it’s not a Windows 2016 problem.

Any further ideas on how to debug this issue?

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: Alexander Griesser
Gesendet: Freitag, 7. April 2017 20:30
An: 'tmac' <[hidden email]>
Cc: Parisi, Justin <[hidden email]>; [hidden email]
Betreff: AW: Windows NFS Client + cDOT

 

Yes, I’ve set anon in the export policy for the volume it self to 0 and I’ve set the registry keys on windows for AnonymousUID and AnonymousGID to 0 – without the registry keys, it will be „-2“ on the mount options in windows, whatever that negative value is used for…

If the permissions were wrong, I could not create files at all in the first place, I guess, right? But I can create them and they show as UID 0 on the filer (also tested on a linux system where I mounted this volume) – and I can delete the files as well.

The only thing which is not working, is renaming and I’m not sure why it’s refusing to do so. Maybe this is a Win 2k16 thinggie? I can try to spin up a Win2k12 system to see if this problem also persists there, that would at least rule out a misconfiguration on the filer I guess.

 

I did not create separate policies for the SVM root, the SVM root only gets applied the default policy here and the default policy iss et to „ro all“, „rw never“ – as you can see below.

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: tmac [[hidden email]]
Gesendet: Freitag, 7. April 2017 20:24
An: Alexander Griesser <[hidden email]>
Cc: Parisi, Justin <[hidden email]>; [hidden email]
Betreff: Re: Windows NFS Client + cDOT

 

Not sure if this is it or not, but you have said that you set the anon ID's to 0. In this policy, it is set to 65535

 

Do you create separate policies for the SVM root and the data volumes?

If you do, Root could/should be allow RO to all, rw to none.

Then set the restrictions on the data volume policy.

 


--tmac

 

Tim McCarthy, Principal Consultant

Proud Member of the #NetAppATeam

I Blog at TMACsRack

 

 

 

On Fri, Apr 7, 2017 at 2:19 PM, Alexander Griesser <[hidden email]> wrote:

Well, there are like 70 export policies on this SVM for 70 different volumes, I guess the policy for this volume as well as the default policy for the SVM will suffice here? If so, the export policy for this volume has already been sent earlier and here’s the default policy for this SVM:

 

::> export-policy rule show -vserver XXXXXXX -policyname default -instance

 

                                    Vserver: XXXXXXX

                                Policy Name: default

                                 Rule Index: 1

                            Access Protocol: nfs

List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 0/0

                             RO Access Rule: any

                             RW Access Rule: never

User ID To Which Anonymous Users Are Mapped: 65535

                   Superuser Security Types: none

               Honor SetUID Bits in SETATTR: true

                  Allow Creation of Devices: true

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: tmac [mailto:[hidden email]]
Gesendet: Freitag, 7. April 2017 20:15
An: Alexander Griesser <
[hidden email]>
Cc: Parisi, Justin <
[hidden email]>; [hidden email]
Betreff: Re: Windows NFS Client + cDOT

 

yes, yes..

 

export policy rule show -instance (please)


--tmac

 

Tim McCarthy, Principal Consultant

Proud Member of the #NetAppATeam

I Blog at TMACsRack

 


_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

RE: Windows NFS Client + cDOT

Parisi, Justin

Well, access denied is definitely a different behavior than I was seeing. However, I was renaming files. When I rename a directory, I see the access issue:

 

Z:\>ren "New Text Document.txt" test2.txt

 

Z:\>ren "New folder" testdir

Access is denied.

 

Even when I change the access to 777, it still fails.

 

# chmod 777 New\ folder

[root@centos6 flexvol]# ls -la

total 24

drwxrwxrwx.  5 root root 4096 Apr 11 09:41 .

dr-xr-xr-x. 36 root root 4096 Apr  7 10:30 ..

drwxrwxrwx.  2 root root 4096 Apr 11 09:39 New folder

drwxr-xr-x.  2 root root 4096 Apr 11 09:41 New folder (2)

drwxr-xr-x.  2 root root 4096 Apr 11 09:41 New folder (3)

drwxrwxrwx. 10 root root 4096 Apr 11 09:05 .snapshot

-rwxr-xr-x.  1 root root    0 Apr 10 15:45 test2.txt

-rwxr-xr-x.  1 root root    0 Apr 10 15:46 test3.txt

 

Z:\>ren "New folder" testdir

Access is denied.

 

So I dug around in our internal bug pages and found that if you don’t have showmount enabled, this can fail. So I enabled showmount on the NFS server and cleared the cache and remounted. Voila!

 

ontap9-tme-8040::*> export-policy cache flush -vserver DEMO -cache all

 

Warning: You are about to flush the "all (but showmount)" cache for Vserver "DEMO" on node "ontap9-tme-8040-02", which will result in increased traffic to the name servers. Do you want to proceed with flushing the cache?

{y|n}: y

 

ontap9-tme-8040::*> export-policy cache flush -vserver DEMO -cache showmount

 

Warning: You are about to flush the "showmount" cache for Vserver "DEMO" on node "ontap9-tme-8040-02", which will result in increased traffic to the name servers. Do you want to proceed with flushing the cache? {y|n}: y

 

C:\Users\Administrator>mount \\demo\flexvol Z:

Z: is now successfully connected to \\demo\flexvol

 

The command completed successfully.

 

C:\Users\Administrator>Z:

 

Z:\>ren "New folder (2)" testdir2

 

Z:\>dir

Volume in drive Z has no label.

Volume Serial Number is 80F0-372F

 

Directory of Z:\

 

04/11/2017  11:39 AM    <DIR>          .

04/11/2017  11:39 AM    <DIR>          ..

04/11/2017  09:41 AM    <DIR>          testdir2

04/10/2017  03:45 PM                 0 test2.txt

04/10/2017  03:46 PM                 0 test3.txt

04/11/2017  09:41 AM    <DIR>          New folder (3)

04/11/2017  09:39 AM    <DIR>          testdir

04/11/2017  11:05 AM    <DIR>          .snapshot

               2 File(s)         24,576 bytes

               6 Dir(s)  1,044,531,904,512 bytes free

 

 

For completeness sake, I disabled showmount, cleared cache and remounted and saw it fail again:

 

ontap9-tme-8040::*> nfs server modify -vserver DEMO -showmount disabled

 

ontap9-tme-8040::*> export-policy cache flush -vserver DEMO -cache showmount

 

Warning: You are about to flush the "showmount" cache for Vserver "DEMO" on node "ontap9-tme-8040-02", which will result in increased traffic to the name servers. Do you want to proceed with flushing the cache? {y|n}: y

 

C:\Users\Administrator>umount X:

 

Disconnecting           X:      \\10.193.67.237\flexvol

The command completed successfully.

 

C:\Users\Administrator>mount \\10.193.67.237\flexvol X:

X: is now successfully connected to \\10.193.67.237\flexvol

 

The command completed successfully.

 

C:\Users\Administrator>X:

 

X:\>dir

Volume in drive X has no label.

Volume Serial Number is 80F0-372F

 

Directory of X:\

 

04/11/2017  11:47 AM    <DIR>          .

04/11/2017  11:47 AM    <DIR>          ..

04/11/2017  09:39 AM    <DIR>          testdir2

04/10/2017  03:45 PM                 0 test2.txt

04/10/2017  03:46 PM                 0 test3.txt

04/11/2017  09:41 AM    <DIR>          New folder (3)

04/11/2017  09:41 AM    <DIR>          testdir

04/11/2017  11:05 AM    <DIR>          .snapshot

               2 File(s)         24,576 bytes

               6 Dir(s)  1,044,531,773,440 bytes free

 

X:\>ren testdir testdirnew

Access is denied.

 

Looks like I’ll be adding that to the TR. J

 

From: Alexander Griesser [mailto:[hidden email]]
Sent: Tuesday, April 11, 2017 3:16 AM
To: Parisi, Justin <[hidden email]>; NGC-tmacmd-gmail.com <[hidden email]>
Cc: [hidden email]
Subject: AW: Windows NFS Client + cDOT

 

Be glad that this hotfix did not install on your system – I’ve installed it on one test machine with 2k12 R2 and now it’s giving me BSODs after establishing either a remote session or logging in on the console in nfsrdr.sys, so this hotfix does not work at all I guess.

 

Regarding the command line renaming: I’ve tried that initially and have sent the results earlier, you must have missed that. I’m unable to rename the files on the command line either, getting „Access denied“, here’s the quote again:

 

On the command line, a different error (Access denied) is given:

 

Z:\>move test test1

Access is denied.

        0 dir(s) moved.

 

Z:\>ren test test1

Access is denied.

 

Any idea what I’m missing here now?

 

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: Parisi, Justin [[hidden email]]
Gesendet: Montag, 10. April 2017 22:29
An: Alexander Griesser <[hidden email]>; NGC-tmacmd-gmail.com <[hidden email]>
Cc: [hidden email]
Betreff: RE: Windows NFS Client + cDOT

 

Ok, started playing around with this today. This is my mount:

 

Z:\>mount

 

Local    Remote                                 Properties

-------------------------------------------------------------------------------

Z:       \\demo\flexvol                         UID=0, GID=0

                                                rsize=65536, wsize=65536

                                                mount=hard, timeout=0.8

                                                retry=1, locking=yes

                                                fileaccess=755, lang=ANSI

                                                casesensitive=no

                                                sec=sys

 

When I try to rename via the GUI, I get this:

 

cid:image001.png@01D2B2A3.B085FC70

 

Via CLI, I get this:

 

Z:\>ren "New Text Document (2).txt" test.txt

 

Z:\>dir

Volume in drive Z has no label.

Volume Serial Number is 80F0-372F

 

Directory of Z:\

 

04/10/2017  03:49 PM    <DIR>          .

04/10/2017  03:49 PM    <DIR>          ..

04/10/2017  03:45 PM                 0 New Text Document.txt

04/10/2017  03:46 PM                 0 test.txt

04/10/2017  03:45 PM    <DIR>          .snapshot

               2 File(s)         12,288 bytes

               3 Dir(s)  1,044,535,574,528 bytes free

 

A search for “invalid device” gets me this:

 

https://support.microsoft.com/en-us/help/3025097/-invalid-device-error-when-you-try-to-rename-a-file-on-a-network-file-system-client-that-is-running-windows-8,-windows-8.1,-windows-server-2012,-or-windows-server-2012-r2

 

I tried to apply it to my server, but it claims it’s not valid for Windows 2012R2, even though it’s specifically for Win 2012R2.  ¯\_()_/¯

 

Packet traces and sktraces on the cluster suggest the issue isn’t on the cluster side; the rename request never happens from  the client:

 

cid:image002.png@01D2B2A3.B085FC70

 

Does it fail for you the same way? Does rename work from CLI? On my end, at least, this seems to be a client issue.

 

From: Alexander Griesser [[hidden email]]
Sent: Monday, April 10, 2017 4:26 AM
To: NGC-tmacmd-gmail.com <
[hidden email]>
Cc: Parisi, Justin <
[hidden email]>; [hidden email]
Subject: AW: Windows NFS Client + cDOT

 

Hey everyone,

 

we’ve just set up a Windows 2k12 system and the renaming of files and folders doesn’t work there too, so it’s not a Windows 2016 problem.

Any further ideas on how to debug this issue?

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: Alexander Griesser
Gesendet: Freitag, 7. April 2017 20:30
An: 'tmac' <
[hidden email]>
Cc: Parisi, Justin <
[hidden email]>; [hidden email]
Betreff: AW: Windows NFS Client + cDOT

 

Yes, I’ve set anon in the export policy for the volume it self to 0 and I’ve set the registry keys on windows for AnonymousUID and AnonymousGID to 0 – without the registry keys, it will be „-2“ on the mount options in windows, whatever that negative value is used for…

If the permissions were wrong, I could not create files at all in the first place, I guess, right? But I can create them and they show as UID 0 on the filer (also tested on a linux system where I mounted this volume) – and I can delete the files as well.

The only thing which is not working, is renaming and I’m not sure why it’s refusing to do so. Maybe this is a Win 2k16 thinggie? I can try to spin up a Win2k12 system to see if this problem also persists there, that would at least rule out a misconfiguration on the filer I guess.

 

I did not create separate policies for the SVM root, the SVM root only gets applied the default policy here and the default policy iss et to „ro all“, „rw never“ – as you can see below.

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: tmac [[hidden email]]
Gesendet: Freitag, 7. April 2017 20:24
An: Alexander Griesser <
[hidden email]>
Cc: Parisi, Justin <
[hidden email]>; [hidden email]
Betreff: Re: Windows NFS Client + cDOT

 

Not sure if this is it or not, but you have said that you set the anon ID's to 0. In this policy, it is set to 65535

 

Do you create separate policies for the SVM root and the data volumes?

If you do, Root could/should be allow RO to all, rw to none.

Then set the restrictions on the data volume policy.

 


--tmac

 

Tim McCarthy, Principal Consultant

Proud Member of the #NetAppATeam

I Blog at TMACsRack

 

 

 

On Fri, Apr 7, 2017 at 2:19 PM, Alexander Griesser <[hidden email]> wrote:

Well, there are like 70 export policies on this SVM for 70 different volumes, I guess the policy for this volume as well as the default policy for the SVM will suffice here? If so, the export policy for this volume has already been sent earlier and here’s the default policy for this SVM:

 

::> export-policy rule show -vserver XXXXXXX -policyname default -instance

 

                                    Vserver: XXXXXXX

                                Policy Name: default

                                 Rule Index: 1

                            Access Protocol: nfs

List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 0/0

                             RO Access Rule: any

                             RW Access Rule: never

User ID To Which Anonymous Users Are Mapped: 65535

                   Superuser Security Types: none

               Honor SetUID Bits in SETATTR: true

                  Allow Creation of Devices: true

 

Best,

 

Alexander Griesser

Head of Systems Operations

 

ANEXIA Internetdienstleistungs GmbH

 

E-Mail: [hidden email]

Web: http://www.anexia-it.com

 

Anschrift Hauptsitz Klagenfurt: Feldkirchnerstraße 140, 9020 Klagenfurt

Geschäftsführer: Alexander Windbichler

Firmenbuch: FN 289918a | Gerichtsstand: Klagenfurt | UID-Nummer: AT U63216601

 

Von: tmac [mailto:[hidden email]]
Gesendet: Freitag, 7. April 2017 20:15
An: Alexander Griesser <
[hidden email]>
Cc: Parisi, Justin <
[hidden email]>; [hidden email]
Betreff: Re: Windows NFS Client + cDOT

 

yes, yes..

 

export policy rule show -instance (please)


--tmac

 

Tim McCarthy, Principal Consultant

Proud Member of the #NetAppATeam

I Blog at TMACsRack

 


_______________________________________________
Toasters mailing list
[hidden email]
http://www.teaparty.net/mailman/listinfo/toasters
Loading...