Posted: July 29th, 2010 | Author: Fabio Rapposelli | Filed under: Storage | Tags: Active Directory, FAS, in, NetApp, Storage | No Comments »
Couple of weeks ago I was preparing a demo lab for a technology event held by my company here in San Marino and I had to join a couple of NetApp filers to an Active Directory environment.
The process itself is very simple but there are a couple of things to keep in mind regarding the time so I thought it would be nice to share them.
Before starting, here’s a bit of background on why clock is very important:
Active Directory authentication is based on a protocol called Kerberos, which use a ticketing system to grant access, the system time is very important because:
[...] In order to prevent intruders from resetting their system clocks in order to continue to use expired tickets, Kerberos V5 is set up to reject ticket requests from any host whose clock is not within the specified maximum clock skew of the KDC. Similarly, hosts are configured to reject responses from any KDC whose clock is not within the specified maximum clock skew of the host. The default value for maximum clock skew is 300 seconds, or five minutes. [...]
(taken from the Kerberos V5 System Administrator’s Guide).
So, basically, if the system clock of a machine is not within the 5 minutes range, the Kerberos system deny the authentication saying “clock skew too great”.
In order to avoid this we need to make sure that our NetApp FAS is within the acceptable range because even the join cannot complete if the clocks are not aligned, so first of all, issue a date command with this syntax:
demo02> date 201002171454
Warning: syncing time to an external time source which will eventually override the time set by the date command.
201002171425 which is (YYYYMMDDhhmm) means:
February, 17th 2010 2:54pm
And then we need to configure the NTP server to keep the time in sync with the Domain Controllers:
demo02> options timed.enable off
demo02> options timed.proto ntp
demo02> options timed.servers <NTP SERVER ADDRESS>
demo02> options timed.max_skew 5m
demo02> options timed.enable on
Now you can proceed with the domain join which is a very simple wizard-like interactive procedure, the command is cifs setup and here you can find a transcript:
demo02> cifs setup
This process will enable CIFS access to the filer from a Windows(R) system.
Use "?" for help at any prompt and Ctrl-C to exit without committing changes.
Your filer does not have WINS configured and is visible only to
clients on the same subnet.
Do you want to make the system visible via WINS? [n]:
A filer can be configured for multiprotocol access, or as an NTFS-only
filer. Since multiple protocols are currently licensed on this filer,
we recommend that you configure this filer as a multiprotocol filer
(1) Multiprotocol filer
(2) NTFS-only filer
Selection (1-2)? [2]: 2
CIFS requires local /etc/passwd and /etc/group files and default files
will be created. The default passwd file contains entries for 'root',
'pcuser', and 'nobody'.
Enter the password for the root user []:
Retype the password:
The default name for this CIFS server is 'DEMO02'.
Would you like to change this name? [n]:
Data ONTAP CIFS services support four styles of user authentication.
Choose the one from the list below that best suits your situation.
(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication
Selection (1-4)? [1]: 1
What is the name of the Active Directory domain? [HANDS-ON.LOCAL]: HANDS-ON.LOCAL
In order to create an Active Directory machine account for the filer,
you must supply the name and password of a Windows account with
sufficient privileges to add computers to the HANDS-ON.LOCAL domain.
Enter the name of the Windows user [Administrator@HANDS-ON.LOCAL]: Administrator@HANDS-ON.LOCAL
Password for Administrator@HANDS-ON.LOCAL:
CIFS - Logged in as Administrator@HANDS-ON.LOCAL.
The user that you specified has permission to create the filer's
machine account in several (2) containers. Please choose where you
would like this account to be created.
(1) CN=computers
(2) OU=Domain Controllers
(3) None of the above
Selection (1-3)? [1]: 1
CIFS - Starting SMB protocol...
It is highly recommended that you create the local administrator
account (DEMO02\administrator) for this filer. This account allows
access to CIFS from Windows when domain controllers are not
accessible.
Do you want to create the DEMO02\administrator account? [y]:
Enter the new password for DEMO02\administrator:
Retype the password:
Currently the user "DEMO02\administrator" and members of the group
"HANDS-ON\Domain Admins" have permission to administer CIFS on this
filer. You may specify an additional user or group to be added to the
filer's "BUILTIN\Administrators" group, thus giving them
administrative privileges as well.
Would you like to specify a user or group that can administer CIFS? [n]: n
Welcome to the HANDS-ON.LOCAL (HANDS-ON) Active Directory(R) domain.
CIFS local server is running.As you can see it’s a really simple and straightforward process, and you can even fire up compmgmt.msc from your Windows box and point it to the NetApp to see and map shares!.
Technorati Tags: NetApp, Storage, FAS, Active Directory
Posted: July 28th, 2010 | Author: Fabio Rapposelli | Filed under: Travel | Tags: in, roaming, travel, USA | 1 Comment »
Months ago I found this nice article from Bas Raayman in which he gives some important advices to everyone is visiting US from EU, with things like cellphone coverage and roaming charges and I thought I could add something on the topic.
I travel to the US quite often (obviously by my standards 
which involves a transatlantic trip 2/3 times a year, mostly in Minnesota and Georgia, and after spending time immersed in American culture I think I know a thing or two about the do’s and dont’s when you’re abroad.
Let’s start with a couple of topics:
AIRFARE
Unless you enjoy the old fashioned week-long boat trip you will probably end up booking a seat on a plane. Internet is flooded with travel agencies (like Expedia.com) and search engines but I can assure you that the best way to find a great deal on a particular airfare is through Skyscanner or the Matrix Airfare Search.
Also apply for a frequent flyer membership card, even if you travel once in a year you can accumulate miles and enjoy small benefits, you can have a look at the best frequent flyer programs at FlyerTalk.
PAPERWORK
Most EU countries (and their citizens) do not require a VISA to travel to the US for business or leisure, they fall under the Visa Waiver Program, but you need to comply with some restrictions that you can find here, also, since January 2009 you’re required to fill an online ESTA application form (which is similar to the I-94W paper form) 36 hours before arrival (note that starting January 2010 this policy has been enforced so they can deny boarding if you do not comply).
When approaching US the flight attendants will ask you if you have a VISA or not, if you fall under the Visa Waiver Program you DON’T HAVE a Visa, so ask for an I-94W Form (the green one).
BAGS
Pack light, you’re not flying to a Third World Country, so leave at home everything you do not need and put stuff in your checked baggage as much as you can, just keep valuable things in your carry-on (and some clean underwear too and don’t forget to lock your checked baggage with a TSA-approved lock.
CAR RENTAL
Just a couple of tips: never buy gasoline from the rental outlet, or things like “return your car with any gas amount”, they’re a ripoff, just refill your tank before returning your car, it will be surely cheaper. Another nice tip if you want a free car upgrade is to check out the reviews at yelp.com. Here you’ll find some rental agencies that don’t carry every car model so if you book a size that isn’t available you’ll get a free upgrade to the next class (Last time I ended up with a Crossover SUV instead of a Mid-sized SUV).
FOOD
Well, that’s a really delicate topic, being Italian sometimes I miss the mediterranean dishes, but the US offers a great variety of cuisines from all over the world, more than the average European city, so it’s a great meltin-pot like experience, every day you can try out something different like Vietnamese, Ethiopian, Argentinian and of course local cuisine, especially the southern part of the US has some great local food (like Gumbo, man, I really love Gumbo).
Another food topic is GMO (Genetically Modified Organism), they are quite common in the US (except California where their production is banned), in Europe we have a more strict regulation on them, so if you want to stay free from GMO you need to shop in those “Organic” Supermarkets and look for GMO-free products.
One thing you should not worry about is wine. I’m Italian and I’ve been to France, but nothing amaze me like the quantity and quality of wine choices that you have in the US, it looks like heaven for wine drinkers, you can have amazing Californian reds or go for import, whatever you choose your throat will not end up dry .
DRIVING
First things first: JUST STICK TO THE SPEED LIMITS! you do not want to be chased by the police and then start explaining that you were doing exactly what the others were doing, also, if you find a not-so-nice cop and you’re not equipped with an American driving license you can easily end up to the police station.
Another thing directly tied to the one above, do not spend money on an international driving license, it simply doesn’t matter, just show your regular EU driving license and you’ll be good to go, if they want to check your position more in depth you’ll end up at the police station anyhow.
Right turn on red, this is something you need to check out before traveling because the legislation vary from state to state, but in most of them, if there’s no signage that prohibits it, you can turn right at the traffic light if the red light is on. As I said previously, check if that behavior is OK where you’re traveling because YMMV.
INTERNET CONNECTION
Ok, forget about roaming because they’re gonna be *REALLY* expensive, let’s focus on the free alternatives: Free WiFi hotspots. They’re quite common all around the US, you can easily find them in coffee chains like Caribou Coffee or Starbucks, you can also look if there’s a FON hotspot available near you, or, if you’re lucky enough, you can find private WiFi hotspots left open.
Also if you’re hardcore / geek enough you can try this method called NSTX to encapsulate IP-over-DNS and surf for free from almost every pay-per-use hotspot .
FULL DISCLOSURE: I’m in no way affiliated to anyone mentioned in this article.
That’s all for now, I hope I gave you some nice tips for your travel, and of course have a safe trip!
Technorati Tags: travel, roaming, airfare, USA
Posted: July 26th, 2010 | Author: Fabio Rapposelli | Filed under: Storage | Tags: Aggregate, extend, in, NetApp, Storage | 4 Comments »
In the last couple of days I had the pleasure of play around with a FAS2020, the smallest unified storage made by NetApp. It’s a very nice machine indeed, it’s really “user friendly” (from a UNIX admin perspective , is packed with great features (Deduplication, Snapshots and so on) and gives you the maximum degree of flexibility when it comes down to troubleshooting.
During my tests with this FAS I found myself with a wrong aggregate layout:
fas2020-01> sysconfig -r
Aggregate aggr0 (online, raid_dp) (block checksums)
Plex /aggr0/plex0 (online, normal, active)
RAID group /aggr0/plex0/rg0 (normal)
RAID Disk Device HA SHELF BAY CHAN Pool Type RPM Used (MB/blks) Phys (MB/blks)
--------- ------ ------------- ---- ---- ---- ----- -------------- --------------
dparity 0c.00.0 0c 0 0 SA:B - SAS 15000 272000/557056000 274845/562884296
parity 0c.00.1 0c 0 1 SA:B - SAS 15000 272000/557056000 274845/562884296
data 0c.00.2 0c 0 2 SA:B - SAS 15000 272000/557056000 274845/562884296
Spare disks
RAID Disk Device HA SHELF BAY CHAN Pool Type RPM Used (MB/blks) Phys (MB/blks)
--------- ------ ------------- ---- ---- ---- ----- -------------- --------------
Spare disks for block or zoned checksum traditional volumes or aggregates
spare 0c.00.3 0c 0 3 SA:B - SAS 15000 272000/557056000 274845/562884296
spare 0c.00.4 0c 0 4 SA:B - SAS 15000 272000/557056000 274845/562884296
spare 0c.00.5 0c 0 5 SA:B - SAS 15000 272000/557056000 274845/562884296
spare 0c.00.6 0c 0 6 SA:B - SAS 15000 272000/557056000 274845/562884296
spare 0c.00.7 0c 0 7 SA:B - SAS 15000 272000/557056000 274845/562884296
spare 0c.00.8 0c 0 8 SA:B - SAS 15000 272000/557056000 274845/562884296
spare 0c.00.9 0c 0 9 SA:B - SAS 15000 272000/557056000 274845/562884296
spare 0c.00.10 0c 0 10 SA:B - SAS 15000 272000/557056000 274845/562884296
spare 0c.00.11 0c 0 11 SA:B - SAS 15000 272000/557056000 274845/562884296As you can see my Aggregate “aggr0″ was comprised of just 3 disks, in fact this is a kind of “best practice” in the NetApp world, because the system volume “vol0″ reside on the first aggregate and is usually kept separate from the real data to preserve the system in case of something bad occurs to the data disks.
But, in my current test situation I had to extend the aggregate 0 to span 11 disks (leave just 1 for spare), using this command:
aggr add aggr0 8@300G
Immediately a stream of messages comes up in console stating that the disks has been added to the aggregate 0:
Wed Mar 31 13:46:21 GMT [raid.vol.disk.add.done:notice]: Addition of Disk /aggr0/plex0/rg0/0c.00.10 Shelf 0 Bay 10 [NETAPP X287_HVPBP288A15 NA00] S/N [JLXJLK5C] to aggregate aggr0 has completed successfully
Wed Mar 31 13:46:21 GMT [raid.vol.disk.add.done:notice]: Addition of Disk /aggr0/plex0/rg0/0c.00.9 Shelf 0 Bay 9 [NETAPP X287_HVPBP288A15 NA00] S/N [JLXJM20C] to aggregate aggr0 has completed successfully
Wed Mar 31 13:46:21 GMT [raid.vol.disk.add.done:notice]: Addition of Disk /aggr0/plex0/rg0/0c.00.8 Shelf 0 Bay 8 [NETAPP X287_HVPBP288A15 NA00] S/N [JLXJLT7C] to aggregate aggr0 has completed successfully
Wed Mar 31 13:46:21 GMT [raid.vol.disk.add.done:notice]: Addition of Disk /aggr0/plex0/rg0/0c.00.7 Shelf 0 Bay 7 [NETAPP X287_HVPBP288A15 NA00] S/N [JLXK5P2C] to aggregate aggr0 has completed successfully
Wed Mar 31 13:46:21 GMT [raid.vol.disk.add.done:notice]: Addition of Disk /aggr0/plex0/rg0/0c.00.6 Shelf 0 Bay 6 [NETAPP X287_HVPBP288A15 NA00] S/N [JLXHWVGC] to aggregate aggr0 has completed successfully
Wed Mar 31 13:46:21 GMT [raid.vol.disk.add.done:notice]: Addition of Disk /aggr0/plex0/rg0/0c.00.5 Shelf 0 Bay 5 [NETAPP X287_HVPBP288A15 NA00] S/N [JLXK4T2C] to aggregate aggr0 has completed successfully
Wed Mar 31 13:46:21 GMT [raid.vol.disk.add.done:notice]: Addition of Disk /aggr0/plex0/rg0/0c.00.4 Shelf 0 Bay 4 [NETAPP X287_HVPBP288A15 NA00] S/N [JLXK5VXC] to aggregate aggr0 has completed successfully
Wed Mar 31 13:46:21 GMT [raid.vol.disk.add.done:notice]: Addition of Disk /aggr0/plex0/rg0/0c.00.3 Shelf 0 Bay 3 [NETAPP X287_HVPBP288A15 NA00] S/N [JLXJZ2VC] to aggregate aggr0 has completed successfully
Addition of 8 disks to the aggregate has completed.
And if we check again the system configuration we found out that our aggregate has been extended:
fas2020-01> sysconfig -r
Aggregate aggr0 (online, raid_dp) (block checksums)
Plex /aggr0/plex0 (online, normal, active)
RAID group /aggr0/plex0/rg0 (normal)
RAID Disk Device HA SHELF BAY CHAN Pool Type RPM Used (MB/blks) Phys (MB/blks)
--------- ------ ------------- ---- ---- ---- ----- -------------- --------------
dparity 0c.00.0 0c 0 0 SA:B - SAS 15000 272000/557056000 274845/562884296
parity 0c.00.1 0c 0 1 SA:B - SAS 15000 272000/557056000 274845/562884296
data 0c.00.2 0c 0 2 SA:B - SAS 15000 272000/557056000 274845/562884296
data 0c.00.3 0c 0 3 SA:B - SAS 15000 272000/557056000 274845/562884296
data 0c.00.4 0c 0 4 SA:B - SAS 15000 272000/557056000 274845/562884296
data 0c.00.5 0c 0 5 SA:B - SAS 15000 272000/557056000 274845/562884296
data 0c.00.6 0c 0 6 SA:B - SAS 15000 272000/557056000 274845/562884296
data 0c.00.7 0c 0 7 SA:B - SAS 15000 272000/557056000 274845/562884296
data 0c.00.8 0c 0 8 SA:B - SAS 15000 272000/557056000 274845/562884296
data 0c.00.9 0c 0 9 SA:B - SAS 15000 272000/557056000 274845/562884296
data 0c.00.10 0c 0 10 SA:B - SAS 15000 272000/557056000 274845/562884296
Spare disks
RAID Disk Device HA SHELF BAY CHAN Pool Type RPM Used (MB/blks) Phys (MB/blks)
--------- ------ ------------- ---- ---- ---- ----- -------------- --------------
Spare disks for block or zoned checksum traditional volumes or aggregates
spare 0c.00.11 0c 0 11 SA:B - SAS 15000 272000/557056000 274845/562884296Now if we have volumes on this aggregate that we would like to “restripe” to use the new disks we can issue the reallocate command, like this:
reallocate start -f /vol/vol0
and then check the progress with reallocate status:
fas2020-01> reallocate status
Reallocation scans are on
/vol/vol0:
State: Reallocating: Inode 35941, block 0 of 1 (0%)
Schedule: n/a
Interval: 1 day
Optimization: 1It’s really simple like that.
Technorati Tags: NetApp, Storage, Aggregate, extend
