MODULE 10: NAS MULTIPROTOCOL

EXERCISE

In this exercise, you work with New Technology File System (NTFS), UNIX, and mixed-styled qtrees in
order to configure a storage system to authenticate users regardless of which client is accessing the qtree.
OBJECTIVES

By the end of this exercise, you should be able to configure your storage system for multiprotocol access.
TASK: CONFIGURE YOUR STORAGE SYSTEM FOR MULTIPROTOCOL ACCESS

In this task, you configure the storage system for multiprotocol access and then view file permissions for files
in an NTFS qtree, UNIX qtree, and mixed qtree.
STEP ACTION

1.

Using NetApp System Manager or the command-line interface, create a qtree with these
parameters:
Name: ntfstree
Volume: NASvol
Security Style: NTFS
Oplocks: None

2.

Using NetApp System Manager or the command-line interface, create a qtree with these
parameters:
Name: unixtree
Volume: NASvol
Security Style: unix
Oplocks: None

3.

Using NetApp System Manager or the command-line interface, create a qtree with these
parameters:
Name: mixedtree
Volume: NASvol
Security Style: mixed
Oplocks: None

4.

From your Microsoft Windows Server, create a share on the storage system called ntfsshare
(for your ntfstree qtree on NASvol) and map a network drive to the share.

5.

Create a share on the storage system called unixshare (for your unixtree qtree on NASvol) and
map a network drive to the share.
NOTE: You may need to disconnect all map drives, log out, and log back in to the Windows
machine to clear the security cache. Windows does not allow you to map two shares with
different security accounts.

6.

E10-1

Create a share on the storage system called mixedshare (for your mixedtree qtree on NASvol)
and map a network drive to the share.

Accelerated NCDA Boot Camp Data ONTAP 7-Mode: NAS Multiprotocol

2011 NetApp, Inc. This material is intended only for training. Reproduction is not authorized.

STEP ACTION

7.

At the storage system prompt, view the current default security style:
system> options wafl.default_security_style

What is the current default security style? ______________________

8.

At the storage system prompt, review the security style for each qtree on NASvol:
system> qtree status NASvol

9.

On the Windows Server, open Windows Explorer. In the left pane, click Computers.
A list of your local and mapped drives appears.

10.

Right-click the drive that is mapped to ntfsshare and select Properties.

11.

Click the Security tab.

Who has access to the qtree, and what are the NTFS permissions on the file system?
________________________________________________________

12.

Click Cancel.

13.

In the console tree, double-click ntfsshare.

14.

Create a new text file in this share by right-clicking in the main pane and selecting New > Text
Document.

15.

Right-click the text file and select Properties.

16.

Click the Security tab.

Who has access to the file and what are the file permissions?
___________________________________________________________________________

17.

Click Cancel.
Recall that the ntfstree qtree has a designated security style of NTFS. This means that files have
Windows NTFS ACLs (permissions).

18.

On the Windows workstation, open Windows Explorer. In the left pane, click Computers.
A list of your local and mapped drives appears.

19.

Right-click the drive associated with unixshare and select Properties.

Is there a Security tab? ________________________

20.

Click Cancel.

21.

In the console tree, double-click unixshare.

E10-2

Accelerated NCDA Boot Camp Data ONTAP 7-Mode: NAS Multiprotocol

2011 NetApp, Inc. This material is intended only for training. Reproduction is not authorized.

STEP ACTION

22.

Create a new text file in this share by right-clicking in the main pane and selecting New > Text
Document.

23.

Right-click the text file and select Properties.

Is there a Security tab? ________________________

24.

Click Cancel.
Recall that the unixtree qtree has a designated security style of UNIX, and that files and
directories have UNIX permissions.
You are a Windows user accessing a UNIX qtree and a UNIX file. The Properties window (in
Windows) is not designed to interpret the UNIX permissions on the share and file. Therefore,
Security tabs are missing. However, starting with Data ONTAP 7.2, changes have been made
to the multiprotocol functionality. Now administrators can both display and change UNIX
permissions from the Windows Security tab. You will configure this functionality later in this
task..

25.

On the Windows workstation, open Windows Explorer. In the left pane, click Computers.
A list of your local and mapped drives appears.

26.

Right-click the drive associated with mixedshare and select Properties.

27.

Click the Security tab.

Who has access to the qtree, and what are the NTFS permissions on the file system?
__________________________________________________

28.

Click Cancel.

29.

In the console tree, double-click mixedshare.

30.

Create a new text file in this share by right-clicking in the main pane and selecting New > Text
Document.

31.

Right-click the text file and select Properties.

32.

Click the Security tab.

Who has access to the file, and what are the file permissions?
_________________________________________________________

33.

Click Cancel.
Recall that the mixedtree qtree has a designated security style of mixed. This means that the
default security style of a file is the style most recently used to set permission on that file. With
mixed security style, the volume or qtree can have UNIX or NTFS file security.
Because the mixedtree qtree was created when the storage system was in multiprotocol mode,
the mixed qtree initially inherited the effective security style of the parent volume.

E10-3

Accelerated NCDA Boot Camp Data ONTAP 7-Mode: NAS Multiprotocol

2011 NetApp, Inc. This material is intended only for training. Reproduction is not authorized.

STEP ACTION

34.

View the UNIX permissions on the files in this multiprotocol environment by entering the
following command at the storage system prompt:
system> options cifs.preserve_unix_security on

Enabling this option allows you to manipulate a files UNIX permissions using the Security tab
on a Windows client or using any application that can query or set Windows ACLs. When
enabled, this option causes UNIX qtrees to appear as NTFS volumes. By default, this option is
disabled.
35.

On the Windows workstation, open Windows Explorer and go to the mapped network drive for
ntfsshare.

36.

Right-click the text file that you created on this share and select Properties.

37.

Click the Security tab and review the permissions for Everyone.

38.

Click Cancel.

39.

On the Windows workstation, open Windows Explorer and go to the mapped network drive for
unixshare.

40.

Right-click the text file that you created on this share and select Properties.

41.

Click the Security tab and view the UNIX group, user names, and permissions for this file, for
which the file security is UNIX.
Write the first four entries from the Group or user names box:
___________________________________________________________

42.

You may need to wait a moment for name resolution to occur.

On the Security tab, in the lower-right corner, click Advanced.

43.

Click Change Permissions.

44.

In the Advanced Security Settings dialog box, click the Permissions tab and select pcuser.

45.

Click Edit.
NOTE: Do not actually edit the permissions.
Based on the information in the Permission Entry dialog box, what permissions does pcuser
have?
_____________________________________________________________________________

46.

Click Cancel.

47.

In the Advanced Security Settings dialog box, click the Owner tab.
Who is the owner or who are the owners for this text file?
___________________________________________________________________

E10-4

Accelerated NCDA Boot Camp Data ONTAP 7-Mode: NAS Multiprotocol

2011 NetApp, Inc. This material is intended only for training. Reproduction is not authorized.

STEP ACTION

48.

Click Cancel.

49.

In the Properties dialog box, click Cancel.

You are a Windows user accessing this UNIX file with your mapped UNIX credentials. Your
UNIX credentials are used when evaluating your access requests by comparing your credentials
against the file or folder UNIX access permissions.

50.

On the Windows workstation, open Windows Explorer and go to the mapped network drive for
mixedshare.

51.

Right-click the text file that you created on this share and select Properties.

52.

Click the Security tab. What are the current permissions for this file and why?
_____________________________________________________________________________

53.

Click Cancel.
The effective Windows NTFS ACLs (permissions) are shown on the Security tab. A UNIX
administrator can change the security style of the qtree, folders within the qtree, and files by
running either the chmod command (to change file permissions) or chown command (to change
the file or group ownership) from a UNIX host.

END OF EXERCISE

E10-5

Accelerated NCDA Boot Camp Data ONTAP 7-Mode: NAS Multiprotocol

2011 NetApp, Inc. This material is intended only for training. Reproduction is not authorized.