IT Infrastructure blog

January 8, 2012

Home Folder Creation in NetApp and Active Directory

Filed under: NetApp — Akther @ 4:03 pm
Tags:

Happy New Year to all readers. Hope this year will bring more happy and health to all of us.

I am going to help you people who is looking for the Home folder solution which integrate with Active Dirctory and NetApp storage in Windows domain enviornment.

Active Directory Domain  –> Windows 2008 AD

NetApp Storage–> FAS 270

Normal Users required 1 GB and Power Users required 2 GB

First Step

Create two volumes in NetApp ( Volume creation is not part of this article). One for normal users and another for power users

Second Step

Create CIFS share for these two volumes.

We have given sharename as Normal Users$, It will be hidden and this share will not available if user browse \\filername

Third Step

Enable Home Directories in NetApp

While entering hme directory path volume name should enter as case sensitive.

Restrict users to see other users home directories

By default no one able to access other users hoem folders, but they will be list access to these folders if they browse \\filername\normalUsers$.

In order to restrict this we can apply below commands from filer command prompt

 FAS270> cifs shares cifs.homedir -accessbasedenum

once you apply this you will receive below error when user trying to browse the other user home directories

4th Step

Map this share location in Active Directory. Go to Active Directory users and computers–>select user–> properties–>profile tab–> Home Folder

 After this users can see home folder in their computer as home folder ( need to log off the machine)

 Last Step

Apply Quota for each user. Normal user 1 GB and power user 2 GB

– Login to Filer View of Netapp Filer

–      Add Quota –> Select user as quota type–> and select the volume

Give domain name\ username

Soft Limit – 800 MB ( can see warning in console if user exceed this limit)

Hard Limit – 1 GB ( users cant save if they reach 1 GB)

Click Next–> Commit

That’s it. We have configured Home directories to end users through Netapp storage. Do let me know you need any more help to achieve this task

Thanks

Akther

Advertisements

14 Comments »

  1. Good Job Akhtar… Keep posting

    Comment by Shabbir Syed — January 9, 2012 @ 8:22 am | Reply

  2. […] Apart from Qtree level quota’s we had applied user level quota’s in conjuction with Active Directory. This post i already published in here https://exchangeengine.wordpress.com/2012/01/08/home-folder-creation-in-netapp-and-active-directory/ […]

    Pingback by NetApp Quotas- How to implement in Windows Enviornment « MS Infrastructure /Storage/ Backup Admin Blog — January 30, 2012 @ 7:12 pm | Reply

  3. I am Joseph of Korean Engineer,

    Great Help to me for your NAS menual.

    Thanks you very much.

    Comment by Joseph — February 9, 2012 @ 8:30 am | Reply

  4. Hello Akhtar. I followed your instruction but the user quota setting would not work. Any extra step such as logoff, re-activate quota after setting it?
    Data Ontap 8.1RC2 7-Mode
    Thanks,
    Sang

    Comment by sang — May 12, 2012 @ 1:57 am | Reply

    • Hi Sang

      Once you created Quotas you have to make it ON from Edit Rules. If it’s on just make it off and then on again.

      Are you applying quota to user or qtree?

      Comment by Akther — May 12, 2012 @ 6:20 am | Reply

  5. Hi Akther. I would like to apply the quota to a specific user from AD on a volume. I did de-activate and re-activate the Quota after creating it.

    Comment by sang — May 21, 2012 @ 9:24 pm | Reply

  6. Hi Sang. Are you sure you have mapped the volume path in user profile tab in Active Directory? And while applying quota you have to select the correct volume from deop down list. And domainname\username is the format which need to select the user.

    Comment by Akther — May 22, 2012 @ 7:16 am | Reply

  7. Hi Akther, I have followed your instructions but i have some issues. The user I mapped in AD can go to his drive but any user can see the files and change them. The -accessbasedenum option is active but no change at all. The share access control for NormalUsers$ is “everyone” as “change”. If I changed to “read”, the user with the drive mapped lose the write permissions. This is the cifs options I have configured:

    cifs.LMCompatibilityLevel 1
    cifs.audit.account_mgmt_events.enable off
    cifs.audit.autosave.file.extension
    cifs.audit.autosave.file.limit 0
    cifs.audit.autosave.onsize.enable off
    cifs.audit.autosave.onsize.threshold 75%
    cifs.audit.autosave.ontime.enable off
    cifs.audit.autosave.ontime.interval 1d
    cifs.audit.enable off
    cifs.audit.file_access_events.enable on
    cifs.audit.liveview.allowed_users
    cifs.audit.liveview.enable off
    cifs.audit.logon_events.enable on
    cifs.audit.logsize 524288
    cifs.audit.nfs.enable off
    cifs.audit.nfs.filter.filename
    cifs.audit.saveas /etc/log/adtlog.evt
    cifs.bypass_traverse_checking on
    cifs.client.dup-detection ip-address
    cifs.comment
    cifs.enable_share_browsing on
    cifs.gpo.enable off
    cifs.gpo.trace.enable off
    cifs.grant_implicit_exe_perms off
    cifs.guest_account
    cifs.home_dir_namestyle domain
    cifs.home_dirs_public_for_admin on
    cifs.idle_timeout 1800
    cifs.ipv6.enable off
    cifs.max_mpx 50
    cifs.ms_snapshot_mode xp
    cifs.netbios_aliases
    cifs.netbios_over_tcp.enable on
    cifs.nfs_root_ignore_acl off
    cifs.oplocks.enable on
    cifs.oplocks.opendelta 0
    cifs.per_client_stats.enable off
    cifs.perfmon.allowed_users
    cifs.perm_check_ro_del_ok off
    cifs.perm_check_use_gid on
    cifs.preserve_unix_security off
    cifs.restrict_anonymous 0
    cifs.restrict_anonymous.enable off
    cifs.save_case on
    cifs.scopeid
    cifs.search_domains
    cifs.show_dotfiles on
    cifs.show_snapshot off
    cifs.shutdown_msg_level 2
    cifs.sidcache.enable on
    cifs.sidcache.lifetime 1440
    cifs.signing.enable off
    cifs.smb2.client.enable off
    cifs.smb2.durable_handle.enable on
    cifs.smb2.durable_handle.timeout 16m
    cifs.smb2.enable off
    cifs.smb2.signing.required off
    cifs.snapshot_file_folding.enable off
    cifs.symlinks.cycleguard on
    cifs.symlinks.enable on
    cifs.trace_dc_connection off
    cifs.trace_login off
    cifs.universal_nested_groups.enable on
    cifs.weekly_W2K_password_change off
    cifs.widelink.ttl 10m
    cifs.wins_servers 10.220.130.243

    Comment by Chris — June 5, 2012 @ 5:15 am | Reply

    • When you say user can see and change the file name, is this user is in administrators group?

      Comment by Akther — June 5, 2012 @ 2:44 pm | Reply

  8. Hi Akhtar

    What I can understand from the netapp quota management that we can only apply to the root folders not the folders inside the root one??? Is that correct?
    for example if I want to apply the quota on the home folders which are in different years of the root folders employee

    Employee\2010\january
    Employee\2010\february
    And so on
    How can I apply quota on January and fabruary
    And so on folders inside the root??
    P
    Thank you
    Apur

    Comment by Apur — August 24, 2012 @ 8:05 pm | Reply

  9. Akther,
    Nice Post!
    Unfortunately I don’t believe there is a way to use AD groups for quotas like this. This shows how to apply user quota to 1 AD user. You can set multiple users in AD with home folder path but what about setting multiple AD users for quota above, can you paste all names after domain like domainname\user1 user2 user3……………..or similar?

    Comment by w1ll1ng — October 9, 2012 @ 6:26 am | Reply

  10. We cannot apply quota for groups in windows enviornment. It’s supporting in unix.

    Comment by Akther — October 9, 2012 @ 3:05 pm | Reply

  11. Hi ,

    This is Denny, the creator of this free automated employee
    provisioning/termination app– Z-hire. I wrote this app for the TechNet community a year ago.

    Since you run a very informative blog, I would like your help
    spread the word. Since my application is free, i need supporters from the
    community. It would means a lot if you can help.

    Here is a link to my app
    http://gallery.technet.microsoft.com/Z-Hire-Employee-Provisionin-e4854d6b

    Thanks
    Denny

    Comment by Denny — February 25, 2013 @ 5:38 am | Reply

  12. I like it when individuals come together and share ideas.
    Great website, keep it up!

    Comment by Laura — March 18, 2013 @ 9:17 pm | Reply


RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: