[NetApp] restrictions for anonymous users (IPC$)

有時弱掃NetApp IPC$ (PS: 禁止null session作訪問時) 或異常IPC$數值造成了Storage 歸類在處理Other JOBs進而造成CPU過高
Or

Solution
** Clustered-mode **

step01.
::>set -privilege advanced

step02.
> vserver cifs options modify -vserver {SVM} -restrict-anonymous no-access

no-restriction (Default) / 0 (7-mode)
no-enumeration / 1 (7-mode)
no-access (完全限制) / 2 (7-mode)

step03.
::*> vserver cifs options show -vserver {SVM}

step04.
::*> set -privilege admin
::>

(PS:改完會立即套用生效)

** 7-mode **

options cifs.restrict_anonymous 2

(註) Windows如何建立Null Session
C:\> net use \\IP_ADDRESS\ipc$ “" /user:""

 

Reference:

IPC$ 為共享"命名管道"的資源,它是為了讓進程間通信而開放的命名管道,可以通過驗證用戶名與密碼獲得相應的權限,在遠程管理計算機與查看計算機的共享資源時使用.

1. Configuring access restrictions for anonymous users (Clustered-mode)

2. Configuring access restrictions for anonymous users (7-mode)

[NetApp] 7-mode 8.2.4 disable SMB 2.1

確認目前SMB2.1是否開啟

> priv set diag; printflag smb_enable_2_1 (0=disabled, 1=enabled)

 

關閉SMB2.1

>priv set diag; setflag smb_enable_2_1 0; priv set

 

省事開關機都自動帶起的話就寫入/etc/rc

wrfile -a /etc/rc “priv set diag; setflag smb_enable_2_1 0; priv set"

PS:也適合8.1.1 / 8.1.3 / 8.1.4

 

Reference:

1. How to upgrade from Data ONTAP 8.2.1 to Data ONTAP 8.2.2 while keeping SMB 2.1 enabled (NetApp Article Number:000028057 )

2. Tracking down SMB 2.1 support in 8.1.x 7-Mode

 

 

 

[NetApp] 7-mode disable SMB 1.0

Beginning with Data ONTAP 8.2.5, you can disable the storage system’s SMB 1.0 server and client capabilities, if desired. It is enabled by default.

cifs control set smb1.enable off  // Server capability

cifs control set smb1.client.enable off // Client capability

 

Reference : NetApp Disable or Reenable SMB 1.0 // http://nt-ap.com/2qkRu5l

 

 

 

[NetApp] FAS25xx-series clean ADP configuration

因目前至今NetApp FAS25xx-series大多是配C-DOT 8.3.x,因此它出廠預設會是啟用ADP ( Advanced Drive Partitioning ) ,若總數硬碟落在48顆左右則建議用ADP,OK..今日重點在於拿掉ADP 下作成的 Root-data partitioning (shared disks) .

workaround#1

step01.
enter LOADER>

step02.
LOADER> set-defaults
LOADER> saveenv

step03.
LOADER> boot_ontap

step04.
Ctrl+C , choice “5″ enter mainteance mode

step05.
*> aggr status // check current have root aggregate , if yes > offline / destroy it
*> aggr offline {aggregate-name}
*> aggr destroy {aggregate-name}

step06.
*> disk show // check ownership
*> disk remove_ownership  // each node type this command , remove disk ownership
*> disk assign all // temporary assign one node , then it doing unpartitiion action

step07.
*> disk unpartition {disk} , choice “no"  // be one by one

step08.
Finial , each re-assign disk , do option “4″ initialize

*************************************************************************************************

workaround#2

step01.
enter LOADER/CFE

step02.

LOADER> set-defaults
LOADER> setenv bootarg.init.boot_clustered true
LOADER> setenv bootarg.factory_init_completed true
LOADER> setenv bootarg.init.clearvarfsnvram true

LOADER> saveenv

step03.

When the nodes are booting, press CTRL+C to enter the Boot menu.
*******************************
* *
* Press Ctrl-C for Boot Menu. *
* *
*******************************

Boot Menu will be available.

step04.

At the Boot menu, type wipeconfig on each node.
Please choose one of the following:
(1) Normal Boot.
(2) Boot without /etc/rc.
(3) Change password.
(4) Clean configuration and initialize all disks.
(5) Maintenance mode boot.
(6) Update flash from backup config.
(7) Install new software first.
(8) Reboot node.

Selection (1-8)? wipeconfig 

step05.

After running the wipeconfig command, select option (4)
Please choose one of the following:
(1) Normal Boot.
(2) Boot without /etc/rc.
(3) Change password.
(4) Clean configuration and initialize all disks.
(5) Maintenance mode boot.
(6) Update flash from backup config.
(7) Install new software first.
(8) Reboot node.

Selection (1-8)?  4

step06.

Answer yes to zero/erase all disks
Zero disks, reset config and install a new file system?: yes
This will erase all the data on the disks, are you sure?: yes

Rebooting to finish wipeconfig request

done.


Reference:

1. https://www.linkedin.com/pulse/clean-disk-ownership-netapp-cdot-83x-adp-john-an-vmware

2. KB Doc ID 1014631