By using AWS re:Post, you agree to the Terms of Use

Questions tagged with Amazon FSx for NetApp ONTAP

Sort by most recent
  • 1
  • 12 / page

Browse through the questions and answers listed below or filter and sort to narrow down your results.

FSx for NetApp ONTAP - Windows permission issues

Hi there, I managed to add FSx for NetApp ONTAP to our domain with FSxServiceAccount as described on the product page. However, I am running into issues when I am trying to attach it to my Windows instance. (It works fine on Linux). I see the following issues: - When I am running this command New-SmbGlobalMapping -Persistent $true -RemotePath \\<IO of my smb>\share -Credential $creds -LocalPath G:` I get the following error: `New-SmbGlobalMapping : Access is denied.` - I am using domain admin credentials - When I am running this command `net use Z: \\<dns address of the smb>\share` I got the following error: `System error 5 has occurred. Access is denied.` - Also with domain admin creds - I can successfully attach via File Explorer > This PC > Computer >Map network drive, however I can not read/write to it. If I check the FIle permission mode in Propertires I can see that only the owner (FSxServiceAccount?) is allowed to write, however Read should work, but I can not change the permissions as domain Admin. I am using Directory Service Standard Edition. Did you guys experience issues with this? What am I doing wrong? **Update:** I managed to attach the disk, but I can not write or read any file on the disk. It is in OU=Computers, and allowed Everyone Full Access, also allowed Everyone Read/Write the NFS filesystems attached to the AD, but still not working. I am suspecting this is something NetApp specific, but we will see. **Update #2** Based on CloudWreck's comment I found the following: I am using mixed style. I use the following code: ``` net use P: \\WINDOWS\vol1 $CurTgt = "P:" $CurUsr = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name $acl = Get-Acl $CurTgt $AccessRule = New-Object System.Security.AccessControl.FileSystemAccessRule($CurUsr,"FullControl","ContainerInherit,ObjectInherit","None","Allow") $acl.SetAccessRule($AccessRule) $acl | Set-Acl $CurTgt ``` Get-Acl returns ``` Path Owner Access ---- ----- ------ P:\ Everyone Everyone Allow -1 ``` Also using this one: ``` $CurTgt = "P:" $CurUsr = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name $acl = Get-Acl $CurTgt $usersid = New-Object System.Security.Principal.Ntaccount ($CurUsr) $acl.PurgeAccessRules($usersid) $acl | Set-Acl $CurTgt ``` Also tried this: ``` takeown /F * /R takeown : ERROR: File ownership cannot be applied on insecure file systems; ``` But I am still unable to write/read files or create folders. **Update#3** I ran the following commands and changed the permission from the ONTAP side ``` vserver security file-directory show -vserver windows -path /vol1 vserver security file-directory ntfs create -ntfs-sd sd1 -owner DomainName\Administrator vserver security file-directory ntfs sacl add -ntfs-sd sd1 -access-type success -account DomainName.COM\EVERYONE -rights full-control -apply-to this-folder,sub-folders,files vserver security file-directory ntfs dacl add -ntfs-sd sd1 -access-type allow -account DomainName.COM\EVERYONE -rights full-control -apply-to this-folder,sub-folders,files vserver security file-directory policy create -policy-name policy1 vserver security file-directory policy task add -policy-name policy1 -path /vol1 -ntfs-sd sd1 vserver security file-directory apply -policy-name policy1 vserver security file-directory show -path /vol1 -expand-mask true ``` It changed the file permissions (mode), however I am still unable to read/write files. These are the current settings: ``` File Path: /vol1 File Inode Number: 64 Security Style: mixed Effective Style: ntfs DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: 0x10 ...0 .... .... .... = Offline .... ..0. .... .... = Sparse .... .... 0... .... = Normal .... .... ..0. .... = Archive .... .... ...1 .... = Directory .... .... .... .0.. = System .... .... .... ..0. = Hidden .... .... .... ...0 = Read Only UNIX User Id: 0 UNIX Group Id: 0 UNIX Mode Bits: 777 UNIX Mode Bits in Text: rwxrwxrwx ACLs: NTFS Security Descriptor ``` ``` ALLOW-Everyone-0x1f01ff-OI|CI 0... .... .... .... .... .... .... .... = Generic Read .0.. .... .... .... .... .... .... .... = Generic Write ..0. .... .... .... .... .... .... .... = Generic Execute ...0 .... .... .... .... .... .... .... = Generic All .... ...0 .... .... .... .... .... .... = System Security .... .... ...1 .... .... .... .... .... = Synchronize .... .... .... 1... .... .... .... .... = Write Owner .... .... .... .1.. .... .... .... .... = Write DAC .... .... .... ..1. .... .... .... .... = Read Control .... .... .... ...1 .... .... .... .... = Delete .... .... .... .... .... ...1 .... .... = Write Attributes .... .... .... .... .... .... 1... .... = Read Attributes .... .... .... .... .... .... .1.. .... = Delete Child .... .... .... .... .... .... ..1. .... = Execute .... .... .... .... .... .... ...1 .... = Write EA .... .... .... .... .... .... .... 1... = Read EA .... .... .... .... .... .... .... .1.. = Append .... .... .... .... .... .... .... ..1. = Write .... .... .... .... .... .... .... ...1 = Read ```
1
answers
0
votes
295
views
asked 9 months ago

How can I update the maintenance window and apply the new features or new ONTAP version for FSx for ONTAP earlier than existing weekly maintenance window?

Looking at the following release, I would like to apply the update the weekly maintenance window to apply new features as soon as possible, but the following 3 questions I have to streamline our operation. Release Note: "You can now enable data compression for capacity pool storage in Amazon FSx for NetApp ONTAP file systems" https://aws.amazon.com/jp/about-aws/whats-new/2021/12/data-compression-amazon-fsx-netapp-ontap-file-systems/ > Customers with existing file systems will get this support during an upcoming weekly maintenance window. Questions: 1. Is it possible to set the time zone of the maintenance window with local one? Despite the operation in the Tokyo region, since it is in UTC, it is easy for operation mistakes to occur, such as accidentally setting in JST(For Japan local time) and starting maintenance at an unexpected time. increase. Is it possible to set the default setting according to the time zone of the region and the time zone as an option? 2. When will weekly maintenance window changes be applied at the fastest? In order to apply the new function as soon as possible, I would like to carry out maintenance as soon as possible. At what timing is it applicable? It can be set in 1 minute increments, but is it applicable when the time after 1 minute is set, for example, assuming that the time of the maintenance window will be after a few seconds? 3. How can I check the maintenance did or not? I guess that the new ONTAP version and some new feature requires to apply the weekly maintenance window as well in the future like this one. To keep our development and deployment pace, I would like to know the way to confirm before/after the maintenance window that the maintenance is done or not and what the contents of the update. Information referring to the maintenance window of FSx for ONTAP in AWS website: https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/maintenance-windows.html
2
answers
0
votes
80
views
asked 9 months ago
  • 1
  • 12 / page