Not sure if this is the best forum (sort of a 50/50 MS and Mac question with the VNX), but thought I would try:
IHAC a customer who a mix of Windows and Mac OS 10.5 and 10.6 clients. All machines are members of AD, and all user names are AD. They wish to create a single file share on a VNX 5300 and share it out via CIFS to the Windows clients, and NFS to the Mac clients. My customer has set it up and they can access all files via both sets of clients, however the issue is permissions. While the CIFS permissions seem to be working as expected (i.e. certain users are unable to gain access), ALL of the Mac clients are able to see all of the files, regardless of how permissions are set up.
My question is what type of authentication methods are available to these Mac clients via NFS, and more importantly, is there a whitepaper that explains to the customer how to set this up? I assume we will need to set up usermapper, but wanted to confirm The only paper I have found is the "Configuring a Multiprotcol VNX", but it is all command-line and pretty complicated. Was hoping there was something that explained how this works in an easier manner
Using CIFS for Macs is not an option ? I have a few thousand Macs that are some joined to AD and some are stand-alone all accessing the same CIFS shares on VNX. Just curious what is the requirement ?
I mentioned this to the customer and they are against it. They do some image editing with these Macs and have found the CIFS protocol to be inefficient (they were on some older, low-end storage, forget the vendor). They would prefer to go NFS if at all possible.
The requirement is to essentially have the ability to have a file share that can be accessed by Windows clients via CIFS and Mac clients via NFS simultaneously while keeping permissions
As mentioned before, the cleanest way to set this up is have them all go CIFS. SMB2 is quite efficient, even over distance. I did dig up this little nugget (http://bit.ly/YXSDJX). Turns out that Apple removed SMB2 support with Lion because they were using SAMBA prior to that. When they yanked SAMBA, they didn’t include an SMB2 connectivity option.
Evidently most folks will implement SAMBA or DAVE rather than try to mess around with cross-platform permissions on the server.
If the admin really needs to solve this on the server side, I suggest posting to the VNX support forum (but I guess you already did that ☺.)
Do the Macs authenticate directly to AD, or do they have their own authentication mechanism that is synchronized with AD? I think that’s probably key to how to crack this nut.