X-MimeOLE: Produced By Microsoft Exchange V6.5
Received: by onstor-exch02.onstor.net 
	id <01C806A9.5D2E3EAB@onstor-exch02.onstor.net>; Thu, 4 Oct 2007 10:09:46 -0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C806A9.5D2E3EAB"
Content-class: urn:content-classes:message
Subject: RE: "upgrading" a filer to a kb domain
Date: Thu, 4 Oct 2007 10:09:45 -0700
Message-ID: <BB375AF679D4A34E9CA8DFA650E2B04E05DD7172@onstor-exch02.onstor.net>
In-Reply-To: <005501c80624$3a348950$0200a8c0@lab.css.glasshouse.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: "upgrading" a filer to a kb domain
Thread-Index: AcgGHbA4zy0HdeHESICzNrkkG1Di+QABMUwQACGA4LA=
References: <005501c80624$3a348950$0200a8c0@lab.css.glasshouse.com>
From: "Ron Bhanukitsiri" <ronb@onstor.com>
To: "Fred McFadden (Glasshouse)" <fredm@css.glasshouse.com>,
	"dl-cstech" <dl-cstech@onstor.com>

This is a multi-part message in MIME format.

------_=_NextPart_001_01C806A9.5D2E3EAB
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Well, I was waiting for one of them fellas who completed the Kerberos
TOI
to chime in ;-).

Hello Fred,

After the upgrade, the customer does *not* need to change his domain to
kerberos.  His NTLM domain setup would continue to function.

If he wants to convert to the kerberos domain, there's no conversion.
The
customer effectively must
1.	remove all of their vservers from the domain
2.	delete the old domain
3.	recreate domain as kerberos domain (-k option)
4.	reset domain for vservers (at this time the customer has the
option
		of specifying the OU.
5.	and rejoin.

Using your examples, the CLI would be like this

Vsvr set <vserver>
Vsvr disable=20
vsvr clear domain windows etc etc
Domain delete windows etc etc
Domain add windows <domain> <user> <up to 4 hosts> -k <krb domain>
Vsvr set domain windows etc etc=20
Vsvr enable

IMPORTANT: if he hasn't configure NTP in the filer, he must do this
prior.  Otherwise, kerberos would not work :-).

Ron B[ee]

-----Original Message-----
From: Fred McFadden (Glasshouse)=20
Sent: Wednesday, October 03, 2007 6:17 PM
To: dl-cstech
Subject: FW: "upgrading" a filer to a kb domain

I put the domain commands in the wrong order.

What I am asking is does one just delete the domain, and then re add it
back
with the needed -k Kerberos flag, and the optional flags if needed?

Customer aslo asks if we have switched to Samba 3?

More aptly:

Vsvr set
Vsvr disable=20
Domain delete windows etc etc
Domain add windows <domain> <user> <up to 4 hosts> -k <krb domain>
Vsvr clear domain windows etc etc
Vsvr set domain windows etc etc=20
Vsvr enable

-Fred
-----Original Message-----
From: Fred D. McFadden [mailto:fredm@css.glasshouse.com]=20
Sent: Wednesday, October 03, 2007 8:30 PM
To: 'dl-cstech'
Subject: "upgrading" a filer to a kb domain

UCSF Case 6025.

Scott says he is and always has been a Kerberos domain.

Customer has filers running 2.2.3.x. He has been running fine with cifs
shares for a year or so. One can presume safely he has joined the domain
and
been running with ntlm. =20

When the customer upgrades to 3.0.1.2 or 3.1.x.x..........

Will he have to vsvr clear domain ; domain delete
Then=20
Domain add  -k ; and vsvr set domain ?

Any tips or gotchas to changing to the kb domain after the filer EverON
is
upgraded?

-Fred



------_=_NextPart_001_01C806A9.5D2E3EAB
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
6.5.7652.24">
<TITLE>RE: &quot;upgrading&quot; a filer to a kb domain</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
SIZE=3D2 FACE=3D"Arial">Well, I was waiting for one of them fellas who =
completed the Kerberos TOI</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Arial">to chime =
in ;-).</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Arial">Hello =
Fred,</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
SIZE=3D2 FACE=3D"Arial">After the upgrade, the customer does =
*</FONT></SPAN><SPAN LANG=3D"en-us"><B></B></SPAN><SPAN =
LANG=3D"en-us"><B><FONT SIZE=3D2 =
FACE=3D"Arial">not</FONT></B></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Arial">* need to change his domain =
to</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Arial">kerberos.&nbsp; His NTLM domain setup would continue to =
function.</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Arial">If he =
wants to convert to the kerberos domain, there</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Arial">&#8217;</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Arial">s no conversion.&nbsp; =
The</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Arial">customer =
effectively must</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Arial">1.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> =
<FONT SIZE=3D2 FACE=3D"Arial">remove all of their vservers from the =
domain</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Arial">2.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT> <FONT SIZE=3D2 =
FACE=3D"Arial">delete the old domain</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Arial">3.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT> <FONT SIZE=3D2 =
FACE=3D"Arial">recreate domain as kerberos domain (-k =
option)</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Arial">4.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT> <FONT SIZE=3D2 =
FACE=3D"Arial">reset domain for vserver</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Arial">s (at this time the customer has the =
option</FONT></SPAN></P>
<UL DIR=3DLTR><UL DIR=3DLTR>
<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
SIZE=3D2 FACE=3D"Arial">of specifying the OU.</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN></P>
</UL></UL>
<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Arial">5.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> =
<FONT SIZE=3D2 FACE=3D"Arial">and rejoin.</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Arial">Using =
your examples, the CLI would be like this</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
SIZE=3D2 FACE=3D"Arial">Vsvr set</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Arial"> &lt;vserver&gt;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Arial">Vsvr =
disable</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> =
</SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Arial">vsvr =
clear domain windows etc etc</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Arial">Domain =
delete windows etc etc</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Arial">Domain =
add windows &lt;domain&gt; &lt;user&gt; &lt;up to 4 hosts&gt; -k &lt;krb =
domain&gt;</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Arial">Vsvr set =
domain windows etc etc </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Arial">Vsvr =
enable</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
COLOR=3D"#FF0000" SIZE=3D2 FACE=3D"Arial">IMPORTANT: if he =
hasn</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
COLOR=3D"#FF0000" SIZE=3D2 FACE=3D"Arial">&#8217;</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#FF0000" =
SIZE=3D2 FACE=3D"Arial">t configure NTP in the filer, he must do =
this</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT =
COLOR=3D"#FF0000" SIZE=3D2 FACE=3D"Arial"> prior</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"><FONT COLOR=3D"#FF0000" =
SIZE=3D2 FACE=3D"Arial">.</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#FF0000" SIZE=3D2 FACE=3D"Arial">&nbsp; =
Otherwise, kerberos would not work</FONT></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"> <FONT FACE=3D"Wingdings" =
SIZE=3D2>J</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"><FONT COLOR=3D"#FF0000" SIZE=3D2 =
FACE=3D"Arial">.</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Arial">Ron =
B[ee]</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN><SPAN =
LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">-----Original Message-----<BR>
From: Fred McFadden (Glasshouse)<BR>
Sent: Wednesday, October 03, 2007 6:17 PM<BR>
To: dl-cstech<BR>
Subject: FW: &quot;upgrading&quot; a filer to a kb =
domain</FONT></SPAN><SPAN LANG=3D"en-us"></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">I put =
the domain commands in the wrong order.</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">What I =
am asking is does one just delete the domain, and then re add it =
back</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">with =
the needed -k Kerberos flag, and the optional flags if =
needed?</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">Customer aslo asks if we have switched to Samba =
3?</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">More =
aptly:</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">Vsvr =
set</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">Vsvr =
disable </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">Domain =
delete windows etc etc</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">Domain =
add windows &lt;domain&gt; &lt;user&gt; &lt;up to 4 hosts&gt; -k &lt;krb =
domain&gt;</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">Vsvr =
clear domain windows etc etc</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">Vsvr =
set domain windows etc etc </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">Vsvr =
enable</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">-Fred</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">-----Original Message-----</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">From: =
Fred D. McFadden [<A =
HREF=3D"mailto:fredm@css.glasshouse.com">mailto:fredm@css.glasshouse.com<=
/A>] </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">Sent: =
Wednesday, October 03, 2007 8:30 PM</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">To: =
'dl-cstech'</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">Subject: &quot;upgrading&quot; a filer to a kb =
domain</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">UCSF =
Case 6025.</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">Scott =
says he is and always has been a Kerberos domain.</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">Customer has filers running 2.2.3.x. He has been running =
fine with cifs</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">shares =
for a year or so. One can presume safely he has joined the domain =
and</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">been =
running with ntlm.&nbsp; </FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">When =
the customer upgrades to 3.0.1.2 or 3.1.x.x..........</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">Will he =
have to vsvr clear domain ; domain delete</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">Then =
</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">Domain =
add&nbsp; -k ; and vsvr set domain ?</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 FACE=3D"Tahoma">Any =
tips or gotchas to changing to the kb domain after the filer EverON =
is</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">upgraded?</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"><FONT SIZE=3D2 =
FACE=3D"Tahoma">-Fred</FONT></SPAN></P>

<P DIR=3DLTR><SPAN LANG=3D"en-us"></SPAN></P>

</BODY>
</HTML>
------_=_NextPart_001_01C806A9.5D2E3EAB--
