Академический Документы
Профессиональный Документы
Культура Документы
EXERCISE
In this exercise, you work with New Technology File System (NTFS), UNIX, and mixed-styled qtrees in
order to configure a storage system to authenticate users regardless of which client is accessing the qtree.
OBJECTIVES
By the end of this exercise, you should be able to configure your storage system for multiprotocol access.
TASK: CONFIGURE YOUR STORAGE SYSTEM FOR MULTIPROTOCOL ACCESS
In this task, you configure the storage system for multiprotocol access and then view file permissions for files
in an NTFS qtree, UNIX qtree, and mixed qtree.
STEP ACTION
1.
Using NetApp System Manager or the command-line interface, create a qtree with these
parameters:
Name: ntfstree
Volume: NASvol
Security Style: NTFS
Oplocks: None
2.
Using NetApp System Manager or the command-line interface, create a qtree with these
parameters:
Name: unixtree
Volume: NASvol
Security Style: unix
Oplocks: None
3.
Using NetApp System Manager or the command-line interface, create a qtree with these
parameters:
Name: mixedtree
Volume: NASvol
Security Style: mixed
Oplocks: None
4.
From your Microsoft Windows Server, create a share on the storage system called ntfsshare
(for your ntfstree qtree on NASvol) and map a network drive to the share.
5.
Create a share on the storage system called unixshare (for your unixtree qtree on NASvol) and
map a network drive to the share.
NOTE: You may need to disconnect all map drives, log out, and log back in to the Windows
machine to clear the security cache. Windows does not allow you to map two shares with
different security accounts.
6.
E10-1
Create a share on the storage system called mixedshare (for your mixedtree qtree on NASvol)
and map a network drive to the share.
2011 NetApp, Inc. This material is intended only for training. Reproduction is not authorized.
STEP ACTION
7.
At the storage system prompt, view the current default security style:
system> options wafl.default_security_style
At the storage system prompt, review the security style for each qtree on NASvol:
system> qtree status NASvol
9.
On the Windows Server, open Windows Explorer. In the left pane, click Computers.
A list of your local and mapped drives appears.
10.
11.
12.
Click Cancel.
13.
14.
Create a new text file in this share by right-clicking in the main pane and selecting New > Text
Document.
15.
16.
17.
Click Cancel.
Recall that the ntfstree qtree has a designated security style of NTFS. This means that files have
Windows NTFS ACLs (permissions).
18.
On the Windows workstation, open Windows Explorer. In the left pane, click Computers.
A list of your local and mapped drives appears.
19.
20.
Click Cancel.
21.
E10-2
2011 NetApp, Inc. This material is intended only for training. Reproduction is not authorized.
STEP ACTION
22.
Create a new text file in this share by right-clicking in the main pane and selecting New > Text
Document.
23.
24.
Click Cancel.
Recall that the unixtree qtree has a designated security style of UNIX, and that files and
directories have UNIX permissions.
You are a Windows user accessing a UNIX qtree and a UNIX file. The Properties window (in
Windows) is not designed to interpret the UNIX permissions on the share and file. Therefore,
Security tabs are missing. However, starting with Data ONTAP 7.2, changes have been made
to the multiprotocol functionality. Now administrators can both display and change UNIX
permissions from the Windows Security tab. You will configure this functionality later in this
task..
25.
On the Windows workstation, open Windows Explorer. In the left pane, click Computers.
A list of your local and mapped drives appears.
26.
27.
28.
Click Cancel.
29.
30.
Create a new text file in this share by right-clicking in the main pane and selecting New > Text
Document.
31.
32.
33.
Click Cancel.
Recall that the mixedtree qtree has a designated security style of mixed. This means that the
default security style of a file is the style most recently used to set permission on that file. With
mixed security style, the volume or qtree can have UNIX or NTFS file security.
Because the mixedtree qtree was created when the storage system was in multiprotocol mode,
the mixed qtree initially inherited the effective security style of the parent volume.
E10-3
2011 NetApp, Inc. This material is intended only for training. Reproduction is not authorized.
STEP ACTION
34.
View the UNIX permissions on the files in this multiprotocol environment by entering the
following command at the storage system prompt:
system> options cifs.preserve_unix_security on
Enabling this option allows you to manipulate a files UNIX permissions using the Security tab
on a Windows client or using any application that can query or set Windows ACLs. When
enabled, this option causes UNIX qtrees to appear as NTFS volumes. By default, this option is
disabled.
35.
On the Windows workstation, open Windows Explorer and go to the mapped network drive for
ntfsshare.
36.
Right-click the text file that you created on this share and select Properties.
37.
Click the Security tab and review the permissions for Everyone.
38.
Click Cancel.
39.
On the Windows workstation, open Windows Explorer and go to the mapped network drive for
unixshare.
40.
Right-click the text file that you created on this share and select Properties.
41.
Click the Security tab and view the UNIX group, user names, and permissions for this file, for
which the file security is UNIX.
Write the first four entries from the Group or user names box:
___________________________________________________________
42.
43.
44.
In the Advanced Security Settings dialog box, click the Permissions tab and select pcuser.
45.
Click Edit.
NOTE: Do not actually edit the permissions.
Based on the information in the Permission Entry dialog box, what permissions does pcuser
have?
_____________________________________________________________________________
46.
Click Cancel.
47.
In the Advanced Security Settings dialog box, click the Owner tab.
Who is the owner or who are the owners for this text file?
___________________________________________________________________
E10-4
2011 NetApp, Inc. This material is intended only for training. Reproduction is not authorized.
STEP ACTION
48.
Click Cancel.
49.
50.
On the Windows workstation, open Windows Explorer and go to the mapped network drive for
mixedshare.
51.
Right-click the text file that you created on this share and select Properties.
52.
Click the Security tab. What are the current permissions for this file and why?
_____________________________________________________________________________
53.
Click Cancel.
The effective Windows NTFS ACLs (permissions) are shown on the Security tab. A UNIX
administrator can change the security style of the qtree, folders within the qtree, and files by
running either the chmod command (to change file permissions) or chown command (to change
the file or group ownership) from a UNIX host.
END OF EXERCISE
E10-5
2011 NetApp, Inc. This material is intended only for training. Reproduction is not authorized.