options option
options partial-option
options [ option value ] ...
The legal options are as follows:
acp.domain
This option saves ACP (Alternate Control Path) domain
value as integer. Any time this is changed, ACP needs
to be disabled and re-enabled using option
acp.enabled, for change to take effect. The default
value is 43200, that is 192.168.0.0
acp.enabled
Enables/disables ACP (Alternate Control Path). The
default value is off, value on enable ACP. This option
gets set to on if setup is used to enable ACP.
acp.netmask
This option saves ACP (Alternate Control Path) netmask
value as integer. Any time this is changed, ACP needs
to be disabled and re-enabled using option
acp.enabled, for the change to take effect. The
default value is 16580607, that is 255.255.252.0
acp.port
This option saves ACP (Alternate Control Path) Ethernet
port value, that is interface name. Any time this
is changed, ACP needs to be disabled and re-enabled
using option acp.enabled for the change to take
effect. Storage Controller with e0P or locked-wrench
Ethernet port has default value as e0P. This value
also gets set with the value which is given while
enabling or re-configuring ACP.
auditlog.enable
Enables/disables the audit logging of commands executed
at the console/telnet shell or by using rsh.
The default is on. The data is logged to the file
/etc/log/auditlog for a node or /logs/auditlog if the
system is a NetCache. The maximum size of auditlog
file is allowed to grow to the value specified by the
auditlog.max_file_size option. If the auditlog file
reaches this size, and on every Saturday at 24:00,
/etc/log/auditlog is moved to /etc/log/auditlog.0,
/etc/log/auditlog.0 is moved to /etc/log/auditlog.1,
and so on (similarly for /logs/auditlog if it is a
NetCache). Assuming they do not get full, auditlog
files are saved for a total of six weeks.
auditlog.max_file_size
This option controls the maximum size (in bytes) that
the auditlog file is allowed to grow to (see above).
The default value for this option is 10000000.
auditlog.readonly_api.enable
This option controls auditing of APIs based on their
roles. If an API is used to retrieve information but
not for modifying the state of the system then this
API is not audited by default. The default value of
this option is off, which causes read-only APIs not to
audit. To overwrite the default value, set this
option value to true, or on.
autologout.console.enable
Enables/disables the autologout of console connections.
The default is on, which causes console connections
to be disconnected after the console has been
idle for the number of minutes specified by the autologout.console.timeout
value. Any change to this
option is effective after a command is entered.
autologout.console.timeout
The number of minutes the console is idle after which
console connections are disconnected if autologout.console.enable
is on. The default is 60 minutes.
Any change to this option is effective after a command
is entered.
autologout.telnet.enable
Enables/disables the autologout of telnet/interactive
ssh connections. The default is on, which causes telnet/interactive
ssh connections to be disconnected
after the number of minutes specified by the autologout.telnet.timeout
value. Any change to this option
requires a logout before it takes effect.
autologout.telnet.timeout
The number of minutes after which telnet/interactive
ssh connections are disconnected if autologout.telnet.enable
is on. The default is 60 minutes. Any
change to this option requires a logout before it
takes effect.
autosupport.content
The type of content that the autosupport notification
should contain. Allowable values are complete and
minimal. The default value is complete. The minimal
option allows the delivery of a "sanitized" and
smaller version of the autosupport, at the cost of
reduced support from NetApp Inc. Please contact NetApp
Inc if you feel you need to use the minimal option.
The complete option is the traditional (and default)
form of autosupport. If this option is changed from
complete to minimal then all previous and pending
autosupport messages will be deleted under the assumption
that complete messages should not be transmitted.
autosupport.doit
Triggers the autosupport daemon to send an autosupport
notification immediately. A text word entered as the
option is sent in the notification subject line and
should be used to explain the reason for the notification.
autosupport.enable
Enables/disables the autosupport notification features
(see na_autosupport(1)). The default is on to cause
autosupport notifications to be sent. This option will
override the autosupport.support.enable option.
autosupport.from
Defines the user to be designated as the sender of the
notification. The default is postmaster@your.domain.
Email replies from NetApp Inc will be sent to this
address.
autosupport.local_collection
Use this parameter with the value false to disable
local storage of AutoSupport files when sending of
AutoSupport messages is disabled. The default setting
is true, which causes the node to store AutoSupport
files locally even if AutoSupport is disabled.
autosupport.mailhost
Defines the list of up to 5 mailhost names. Enter the
host names as a comma-separated list with no spaces in
between. The default is an empty list. Both IPv6 and
IPv4 addresses are accepted.
autosupport.max_http_size
Use this parameter to specify the maximum file size
(in bytes by default, but can also be specified in KB,
MB, TB or PB) for HTTP and HTTPS transfers. Setting
the value to 0 disables the delivery size budget.
If the size of the AutoSupport message exceeds this value, AutoSupport will deliver as much of the message as possible. You can use the "autosupport manifest show" command to identify the sections of the message that AutoSupport sent. AutoSupport collects and sends the content in order of priority. The priority is predefined for each AutoSupport message. To identify the collection order for an AutoSupport trigger, use the "autosupport trigger show" command with the -instance parameter.
autosupport.max_smtp_size
Use this parameter to specify the maximum file size
(in bytes by default, but can also be specified in KB,
MB, TB or PB) for SMTP (e-mail) transfers. Setting the
value to 0 disables the delivery size budget.
If the size of the AutoSupport message exceeds this value, AutoSupport will deliver as much of the message as possible. You can use the "autosupport manifest show" command to identify the sections of the message that AutoSupport sent. AutoSupport collects and sends the content in order of priority. The priority is predefined for each AutoSupport message. To identify the collection order for an AutoSupport trigger, use the "autosupport trigger show" command with the -instance parameter.
autosupport.minimal.subject.id
Defines the type of string that is used in the identification
portion of the subject line when autosupport.content
is set to minimal. Allowable values are
systemid and hostname. The default is systemid.
autosupport.nht_data.enable
Enables/disables the generation of the Health Trigger
(NHT) data autosupport. Default is on
autosupport.noteto
Defines the list of recipients for the autosupport
short note email. Up to 5 mail addresses are allowed.
Enter the addresses as a comma-separated list with no
spaces in between. The default is an empty list to
disable short note emails.
autosupport.ondemand.polling_interval
Defines the rate in minutes, at which the node polls
the AutoSupport OnDemand Server. Valid values range
from 5 minutes to 2880 minutes (48 hours). The
default is 60 minutes.
autosupport.ondemand.remotediag.state
Defines whether the AutoSupport OnDemand Remote Diagnostics
feature is enabled or disabled on the node.
The default is on.
autosupport.ondemand.server_url
Defines the AutoSupport OnDemand Server URL that the
node communicates with.
autosupport.ondemand.state
Defines whether the AutoSupport OnDemand feature is
enabled or disabled on the node. The default is on.
autosupport.partner.to
Defines the list of recipients for the autosupport
email notification that will receive all messages that
are or will be sent to the standard NetApp Inc autosupport
email address. Up to 5 mail addresses are
allowed. Enter the addresses as a comma-separated
list with no spaces in between. To disable, clear
this list. The default is an empty list.
autosupport.payload_format
Use this parameter to specify the file format of the
message payload. Use "7z" to specify 7-Zip archive
format. Use "tgz" to specify GNU zipped tar file. The
default is "7z".
autosupport.performance_data.doit
Triggers the autosupport daemon to send a performance
data autosupport notification immediately to NetApp
Inc, as described by the autosupport.support.transport
option. The given value for this option is ignored.
autosupport.performance_data.enable
Enables/disables hourly sampling of system performance
data, and weekly creation of a performance data autosupport.
The default is on.
autosupport.periodic.tx_window
Use this parameter to specify a randomized delay window
for periodic AutoSupport messages. The transmission
window prevents message floods from periodic
AutoSupport triggers such as "callhome.weekly", "callhome.performance.data",
autosupport.retry.interval
Time in minutes to delay before trying to send the
autosupport again. Minimum is 30 seconds, maximum is
1 day. Values may end with `s', `m' or `h' to indicate
seconds, minutes or hours respectively If no
units are specified, then input is assumed to be in
seconds. The default value is 4m.
autosupport.support.enable
Enables/disables the autosupport notification to
NetApp Inc. The default is on to cause autosupport
notifications to be sent directly to NetApp Inc as
described by the autosupport.support.transport option.
This option is superseded (overridden) by the value of
autosupport.enable.
autosupport.support.proxy
Allows the setting of an HTTP-based proxy if autosupport.support.transport
is https or http. The default
for this option is the empty string; implying that no
proxy is necessary. The format for specifying the
proxy is user:password@proxyhost:port. If the port is
not specified, the default port used is 3128. Basic
authentication is the default authentication method
used for proxies. Both IPv6 and IPv4 addresses are
accepted.
autosupport.support.put_url
This option is used to specify the support URL for
HTTP PUT operations. The URL should be entered without
an http:// or https:// prefix. If the Web server
does not accept the PUT operation, the autosupport.support.url
option is used for a POST operation.
autosupport.support.reminder
This option is used to enable or disable a reminder
message that is sent when AutoSupport is not configured
to send messages to technical support. The
default is on.
autosupport.support.to
This option is read only; it shows where autosupport
notifications to NetApp Inc are sent if autosupport.support.transport
is smtp.
autosupport.support.transport
Allows setting the type of delivery desired for autosupport
notifications that are destined for NetApp
Inc. Allowed values are https, http (for direct Webbased
posting) or smtp (for traditional email). The
default value is https. Note that http and https may
(depending on local network configuration) require
that the autosupport.support.proxy option be set correctly.
Also smtp requires that autosupport.mailhosts
be configured correctly before autosupport delivery
can be successful.
autosupport.support.url
This option is read only, it shows where autosupport
notifications to NetApp Inc are sent if autosupport.support.transport
is https or http.
autosupport.throttle
Enables autosupport throttling (see na_autosupport(1)).
When too many autosupports are sent in too
short a time, additional messages of the same type
will be dropped. Valid values for this option are on
or off. The default value for this option is on.
autosupport.to
Defines the list of recipients for the autosupport
email notification. Up to 5 mail addresses are
allowed. Enter the addresses as a comma-separated
list with no spaces in between. The default is an
empty list. Note that it is no longer necessary to use
the standard NetApp Inc autosupport email address in
this field to direct autosupport messages to NetApp
Inc. Please use autosupport.support.enable instead.
autosupport.validate_digital_certificate
Use this parameter with the value true to force the
node to validate digital certificates that it
receives.
backup.log.enable
Backup logging captures important events during
dump/restore and records them in /etc/log/backup on
the root volume. The option allows users to enable or
disable this feature. By default, the option is on.
cdpd.enable
When this option is set to ON, Cisco Discovery Protocol
v1(CDPv1) Daemon is enabled on all physical network
ports so that it starts sending and processing
CDPv1 advertisements.
cdpd.interval
This option is used to set the interval in seconds at
which CDPv1 packets are sent on each physical network
port that is up. The storage controller sends CDPv1
advertisements only when cdpd.enable is set to ON.
cdpd.holdtime
This option is used to set the holdtime advertised by
the storage controller in each CDPv1 packet. The holdtime
is the time in seconds that the neighboring CDPv1
compliant device will cache the storage controller's
advertisements.
cf.giveback.auto.cifs.terminate.minutes
This options specifies the number of minutes to delay
an automatic giveback before terminating CIFS clients
that have open files. During the delay, the system
will periodically send notices to the affected workstations.
If 0 (zero) minutes are specified, then CIFS
clients will be terminated immediately.
cf.giveback.auto.delay.seconds
This option specifies a delay before performing automatic
giveback. An automatic giveback is invoked when
one node of a High Availability (HA) configuration is
in takeover mode and the "down" node is repaired and
reboots. Using this option makes the outage during
takeover and giveback to be two short outages instead
of one longer outage. The default value is 600 seconds.
The allowed range is to 600 seconds, inclusive.
This option does not impact manual giveback.
cf.giveback.auto.enable
This options turns on/off automatic giveback. An
automatic giveback is invoked when one node of a High
Availability (HA) configuration is in takeover mode
and the "down" node is repaired and reboots. The
repaired node will boot into Data ONTAP and the node
in takeover mode will detect this and initiate a giveback.
This feature is only available on flash booted systems.
cf.giveback.auto.override.vetoes
This option, when on, specifies that automatic giveback
should immediately terminate long running operations
(dump/restore, vol verify, and so on) and override
all partner veto votes when initiating an automatic
giveback. When this option is off, the automatic
giveback will be deferred until the long running
operations have completed and will take into account
partner veto votes.
cf.giveback.check.partner
This option turns on/off checking for partner readiness
before starting giveback. It's being used on
flash booted systems only.
When this option is on, if operator types in "cf giveback", before starting giveback, the node in takeover state checks that partner has actually booted halfway up. If partner is not ready yet, giveback won't start.
When this option is off, if operator types in "cf giveback", giveback starts without checking partner's status.
The default value is on, which reduces downtime caused by a giveback.
Two nodes in a High Availability (HA) configuration can have different settings for this option.
cf.hw_assist.enable
This option turns the hardware-assisted takeover functionality
on or off.
When enabled, the hardware module notifies the partner of certain hardware failures such as power-loss, power-cycle, watchdog reset, and so on. This enables the partner to start the takeover immediately upon notification, rather than waiting for the configured detection period.
When the hw_assist option is disabled, or if the hardware failure notification doesn't reach the partner, the partner starts the takeover after waiting for cf.takeover.detection.seconds.
The default value is on. The node must have a Hardware module such as RLM (Remote-LAN-Manager) to enable the hardware-assisted takeover functionality.
cf.hw_assist.partner.address
The hardware failure notification is sent to this
partner IP address. If hostname is given, it is converted
into an IP address.
cf.hw_assist.partner.port
The hardware failure notification is sent to this
partner port.
cf.mode
This is used to set the node either in HA mode or nonHA
mode.
cf.remote_syncmirror.enable
This option when set to on in 7-Mode, enables the
MetroCluster functionality. By default, it is off.
This option is not valid for Cluster-Mode.
cf.takeover.bypass_optimization
When set to true, this option bypasses optimized operator-initiated
planned takeover. Operator-initiated
planned takeover is optimized by serially relocating
SFO aggregates to the partner prior to takeover,
thereby reducing client outage.
When this option is true, if the operator types
"storage failover takeover",
Two nodes in a High Availability (HA) configuration can have different settings for this option.
cf.takeover.change_fsid
By default (the default is on), Data ONTAP changes the
file system IDs (FSIDs) of all partner volumes and
aggregates if a disaster takeover occurs in a MetroCluster
configuration. When the value is set to off,
Data ONTAP does not change the FSIDs, enabling users
to continue to access their volumes after a disaster
takeover.
CAUTION: Although clients of the disaster node would have read access to partner volumes if the option was set to no, they might experience data loss when attempting to write to the volumes. Disable the change_fsid option with great care.
cf.takeover.detection.seconds
This option provides a knob to tune the timer used in
takeover detection.
The timer is used by the High Availability software in monitoring partner node's status. If partner node has not been responding more than n seconds, where n is the value of this option, local node decides to take over.
Two nodes do not need to have same value for this option. This provides asymmetric takeover behavior in terms of aggressiveness.
The default value of this option is 15 seconds. The option can be set to any value between 10 and 180. In case sk.process.timeout.override has been manually set, it is strongly advised that this option is set to a value larger than or equal to sk.process.timeout.override+5.
cf.takeover.on_failure
This option allows automatic takeover to be disabled.
By default, this option is set to on and a node will
automatically takeover it's partner node if the latter
fails. If set to off, automatic takeovers are disabled
but operator can still initiate manual takeovers.
This option is available only when cf is licensed and changing the value on one node automatically changes the value on the partner node.
cf.takeover.on_disk_shelf_miscompare
This option allows negotiated takeover to be enabled
when the HA nodes detect a mismatch in disk shelf
count. By default, this option is set to off.
This option is available only when cf is licensed and changing the value on one node automatically changes the value on the partner node.
Not valid for configurations supporting software-based disk ownership.
cf.takeover.on_network_interface_failure
This option allows negotiated takeover to be enabled
when the HA nodes detect failures in network interfaces.
Only those network interfaces that have explicitly
enabled negotiated failover via the ifconfig command
will be monitored. By default, this option is
set to off.
This option is available only when cf is licensed and changing the value on one node automatically changes the value on the partner node.
Valid for 7-Mode network interfaces and not for Cluster-Mode network interfaces.
cf.takeover.on_network_interface_failure.policy This option determines what policy to apply for triggering negotiated failover when network interfaces fail. There are two policies that are currently supported: all_nics implying failover when all network interfaces participating in negotiated failover fail and any_nic implying failover when any one of the network interfaces participating in negotiated failover fails. By default, this option is set to all_nics.
This option is available only when cf is licensed.
Valid for 7-Mode network interfaces and not for Cluster-Mode network interfaces.
cf.takeover.on_panic
This option turns on/off the takeover on panic feature.
It's available only when cf is licensed. Changing
the value on one node automatically changes the
value on the partner node.
Users should use caution when manually changing the option value.
cf.takeover.on_reboot
This option determines if a takeover will be initiated when the partner node reboots. If a takeover is done because of the partner node rebooting, then an automatic giveback will be done, regardless of the setting of the cf.giveback.auto.enable option. By default, this option is set to on. Changing the value on one node automatically changes the value on the partner node.
cf.takeover.on_short_uptime
This option determines whether a cf failover will happen
if a node fails within sixty seconds of booting
up. By default, this option is set to on.
This option is available only when cf is licensed and changing the value on one node automatically changes the value on the partner node.
cifs.ipv6.enable
This option controls CIFS IPv6 support. For this
option to take effect, networking stack should support
IPv6 (option ip.v6.enable). When this option is
enabled, node starts accepting new cifs sessions over
IPv6. When this option is disabled node stops accepting
any new cifs sessions over IPv6, existing IPv6
sessions will remain active and will not be disconnected.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
Values: on, off
cifs.LMCompatibilityLevel
Value of this option controls the different Authentication
tokens that the node can accept from the
client. It can take values from 1 to 5. With each
value, node accepts security tokens as described
below.
1 - Accepts LM, NTLM, NTLMv2 session security, NTLMv2, Kerberos.
2 - Accepts NTLM, NTLMv2 session security, NTLMv2, Kerberos.
3 - Accepts NTLMv2 session security, NTLMv2, Kerberos.
4 - Accepts NTLMv2, Kerberos.
5 - Accepts Kerberos only.
Default: 1
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.AD.retry_delay
The time, in seconds, to wait between trying to discover
Active Directory DC or AD-LDAP addresses
Default: 15
Min/Max: 0 - 3600 seconds
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.audit.autosave.file.extension
Specifies the type of file extension that will be
appended to the "saveas" file name when the autosave
feature is enabled. It will append a timestamp or
counter value to the saved EVT file. If a value for
this option is not specified, a timestamp is used as
the file extension; however the value "timestamp" is
not displayed.
Default: "" (null)
Effective: Immediately
Values: timestamp, counter
Persistence: Remains in effect across system reboots
cifs.audit.autosave.file.limit
Specifies how many Microsoft Event Log (EVT) files are
to be saved before they are rotated. Once the limit
of files exists on the node, the oldest file is always
overwritten. If the value of this option is 0, then
the node will have no limit to how many file are automatically
saved on the node. This option needs to have
the autosave feature enabled.
Default: "" (null)
Effective: Immediately
Min/Max: 0 - 999 files
Persistence: Remains in effect across system reboots
cifs.audit.autosave.onsize.enable
When this option is on, the CIFS Audit Logging Facility
(ALF) daemon will automatically save the cifsaudit.alf
file to the corresponding EVT file based on
the size of the cifsaudit.alf file. The option
cifs.audit.autosave.onsize.threshold is needed to be
set to specify the actual threshold to trigger the
auto save.
Default: off
Effective: Immediately
Values: on, off
Persistence: Remains in effect across system reboots
cifs.audit.autosave.onsize.threshold
This option specifies the size threshold which should
trigger an auto save. The option
cifs.audit.autosave.onsize.enable should be enabled
for this option to be used. Note that if the suffix
is percentage this should be perceived as a percentage
of the size of the cifsaudit.alf file which can be
specified by the cifs.audit.logsize option.
Default: 75%
Min/Max: 1 - 100% percent
Min/Max: 512k - 64g in kilobytes (k), megabytes (m) or gigabytes (g)
Effective: If the threshold is specified as a percentage of the size of cifsaudit.alf file, then threshold value takes effect only when the absolute threshold value is more than 512k. If absolute threshold value is less than 512k, default value of 512k is used.
Persistence: Remains in effect across system reboots
cifs.audit.autosave.ontime.enable
When this option is on, the CIFS Audit Logging Facility
(ALF) daemon will automatically save the cifsaudit.alf
file to the corresponding EVT file based on an
internal timer. The option
cifs.audit.autosave.ontime.interval is needed to be
set to specify the timer interval to trigger the auto
save.
Default: off
Effective: Immediately
Values: on, off
Persistence: Remains in effect across system reboots
cifs.audit.autosave.ontime.interval
This option specifies the time interval which should
trigger an auto save. The option
cifs.audit.autosave.ontime.enable should be enabled
for this option to be used.
Default: 1d
Min/Max: 1 - 60m minutes
Min/Max: 1 - 24h hours
Min/Max: 1 - 7d days
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.audit.enable
When this option is on, CIFS audit events may be generated
during file access and/or during logon and
logoff. For file access events to be generated, the
option cifs.audit.file_access_events.enable must also
be on. For logon and logoff events to be generated,
the option cifs.audit.logon_events.enable must also be
on.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.audit.file_access_events.enable
When both this option and the cifs.audit.enable option
are on, file access events will be audited when a file
is accessed by an account for an operation and the
file has a System Access Control List (SACL) entry
that matches the access. If no SACL entry matches the
access, then no event will be generated.
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.audit.liveview.enable
When both this option and the cifs.audit.enable option
are on, the audit events can be viewed from a CIFS
client by connecting to the node using the Event
Viewer application. The events might not show up in
Event Viewer as they are generated but they show up
after some delay, depending on the audit settings.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.audit.liveview.allowed_users
This option specifies the user or group of users who
will be allowed access to audit records using the
LiveView feature. The user or group can be either
local or domain-based. Irrespective of this option
value, local administrators always have permission to
access audit records using the LiveView feature.
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.audit.logon_events.enable
When both this option and the cifs.audit.enable option
are on, logon and logoff events will be generated.
Logon and logoff events reflect CIFS session connects
and disconnects, respectively.
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.audit.account_mgmt_events.enable
When both this option and the cifs.audit.enable option
are on, account management events will be generated.
Account management events reflect the creation, deletion
and modification of local users and groups on the
node.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.audit.logsize
Specifies the maximum event log file size in bytes.
Default: 1048576
Min/Max: 524288 - 68719476736 bytes
Effective: If the specified log size is smaller than the current log size, changes will be effective after clearing the log with the `cifs audit clear' command. Otherwise, changes are immediate.
Persistence: Remains in effect across system reboots
cifs.audit.nfs.enable
Enables auditing of NFS file access events. When
enabled, auditable events are recorded in the log
file. Auditable events are specified by the Windows
SACLs set either on the file itself, or on the file
specified in the value of cifs.audit.nfs.filter.filename,
or on the Storage-Level Access Guard associated
with the volume or qtree.
cifs.audit.nfs.filter.filename
Points to the filter file used to identify which NFS
file access events get included in the CIFS log by
default. SACL set on this file, along with the SACLs
set on the file being accessed or the Storage-Level
Access Guard associated with the volume or qtree, is
used to determine which NFS file access events get
logged. SACL set on this file would affect all NFS
file access requests irrespective of underlying qtree
security style. There is no default value for this
option; therefore it must be set before the option
cifs.audit.nfs.enable can be enabled. This option does
not have to be set if the option cifs.audit.nfs.enable
will not be enabled.
cifs.audit.saveas
Specifies the active event log file. The file must be
in an existing directory in a network share.
Default: /etc/log/adtlog.evt
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.bypass_traverse_checking
When turned on, directories in the path to a file are
not required to have the `X' (traverse) permission.
This option does not apply to UNIX qtrees.
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.client.dup-detection
Windows servers attempt to detect duplicate sessions
in order to terminate any sessions that did not terminate
when a client system rebooted. Early versions of
Windows servers compare client NetBIOS names to determine
duplication, while newer ones use the client IP
addresses.
This option determines how the appliance performs duplicate session detection. With this option set to ip-address (the default), the appliance compares client IP addresses. With this option set to name the appliance compares client NetBIOS names. With this option set to off the appliance does not perform duplicate session detection.
Default: ip-address
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.comment
Defines the CIFS server description. CIFS clients see
the CIFS server description when browsing servers on
the network.
Default: "" (null)
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.enable_share_browsing
When this option is turned off, requests from clients
to enumerate the list of shares on the CIFS server
will result in an empty list.
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.gpo.enable
When this option is turned on, the node will attempt
to communicate with the Active Directory server that
the node is installed into in order to enforce defined
group policies that apply to the node.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.gpo.trace.enable
When this option is turned on, messages that are useful
for debugging the application of group policies on
the node will be printed to the system console.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.guest_account
Enables a user to get access to the node provided that
either the node uses a Domain Controller for authentication
and the user is not in a trusted domain, or the
node uses the /etc/passwd file or the NIS password
database for authentication and the user has no entry
in the /etc/passwd file or the NIS password database.
If this option is set to the name of an account in the
password database, a user logging into the node will
be assigned to the guest account if their name is not
listed in the password database (when using
/etc/passwd or NIS) or if the user is not from a
trusted domain (when using a domain controller). The
configured user name will be used for the UNIX user
ID, group ID, and group set of the specified account.
If the option is set to "" (null), guest access is
disabled.
Default: "" (null)
Effective: Upon CIFS client reconnection
Persistence: Remains in effect across system reboots
cifs.home_dir_namestyle
Specifies how the name portion of the path to a user's
home directory is determined. If no argument is supplied,
the current value of this option is displayed.
Valid values for this option are: a null string,
ntname, hidden, mapped, or domain. All user home
directory paths begin with one of the CIFS home directory
paths, followed by a slash and the user's name.
If this option is set to ntname then a user's Windows
login name is used and only downward symlinks (in the
directory hierarchy) are followed. If this option is
set to hidden then a user's Windows login name is
used. However, the user must append a dollar sign to
their user name when connecting to the node; and the
node will append a dollar sign to the user's name when
enumerating the homedir share name. If the value of
this option is mapped then the user's UNIX name is
used. The UNIX name is obtained by mapping the user's
Windows login name using the file /etc/usermap.cfg. If
this option is set to domain then the user's name
includes both the user's domain and Windows login name
separated by a slash. If the option is set to ""
(null), this acts like ntname with the exception that
symlinks are followed in any direction.
Default: "" (null)
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.homedirs_public_for_admin
Specifies whether members of the node's Builtin\Administrators
group can connect to the CIFS home directories
of other users. If no argument is supplied, the
current value of this option is displayed. If this
option is set to on then an administrator can connect
to the CIFS home directory of user username by specifying
the share ~username (tilde username). This can
be useful when setting a user profile to map the
user's CIFS home directory on the node. Windows 2000
Active Directory does not allow a system administrator
to set a user's profile to a non-existent share, and
normally a user's CIFS home directory can only be
accessed by that user and not by the administrator.
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.idle_timeout
Specifies the amount of idle time (in seconds) before
the node disconnects a session. If "-1" is specified
idle sessions are never disconnected. An idle session
is a session in which a user does not have any files
opened on the node.
Default: 900
Min/Max: -1 - 4000000 seconds
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.max_mpx
This option controls how many simultaneous operations
the node reports that it can process. An "operation"
is each I/O the client believes is pending on the node
including outstanding change notify operations.
Clients such as Windows Terminal Server or IIS may
require that this number be increased to avoid errors
and performance delays.
CAUTION - The approved values for this parameter are 50, 126, 253, and 1124. The most accurate way to determine which number to use is to measure the Redirector-Current Commands statistic on the client with NT perfmon and to increase the number until Current Commands does not hit the negotiated limit. For more information see Microsoft Knowledge Base articles Q191370 and Q232890.
CAUTION - This number should only be changed while cifs is terminated.
CAUTION - Only use the approved values to avoid Q232890.
CAUTION - This value affects allocations in the clients. So do not increase the value unless required.
Default: 253
Values: 50, 126, 253, 1124
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.ms_snapshot_mode
Specifies the mode for snapshot access from a
Microsoft Shadow Copy client. Valid values for this
option are off, pre-xp and xp. off disables snapshot
access from all Windows Shadow Copy clients. xp
allows access to snapshots from Windows XP and later
Shadow Copy clients only. pre-xp, in addition, allows
access to snapshots from Windows 2000 Shadow Copy
clients. Note that the downlevel pre-xp mode should
only be used if Windows 2000 snapshot access is
required as it may introduce a very slight performance
hit when there is a heavy load on the node and very
long pathnames are in use.
Default: xp
Values: off, xp, pre-xp
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.netbios_aliases
Provides a comma-separated list of alternative names
for the node. A user can connect to the node using
any of the listed names.
This command is deprecated.
System administrators are encouraged to write CIFS NetBIOS aliases to the file /etc/cifs_nbalias.cfg (one alias per line). Use the "cifs nbalias load" command to cause the node to process the /etc/cifs_nbalias.cfg file. For more information, see the CIFS chapter in the System Administrator's Guide.
cifs.netbios_over_tcp.enable
This option enables the use of NetBIOS over TCP, which
is the standard protocol used for CIFS prior to Windows
2000. In certain Windows 2000 networks it is
desirable to disable that protocol. This option corresponds
to the "Enable NetBIOS over TCP" setting in
the Windows 2000 Advanced TCP/IP settings tab. If it
is set to off, all clients must be Windows 2000 (or
above), and only Windows 2000 (or above) domain controllers
and virus scanners can be used.
cifs.netbios_over_tcp.enable takes effect when cifs starts. It should not be changed while cifs is running.
Default: on
Effective: Upon CIFS client reconnection
Persistence: Remains in effect across system reboots
cifs.nfs_root_ignore_acl
When on, ACLs will not affect root access from NFS.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.oplocks.enable
When cifs.oplocks.enable is on, the storage system
allows clients to use oplocks (opportunistic locks) on
files. When set to on, this option also enables lease
oplocks. Oplocks are a significant performance
enhancement, but have the potential to cause lost
cached data on some networks with impaired reliability
or latency, particularly wide-area networks. In general,
this option should be disabled only to isolate
problems.
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.oplocks.opendelta
This option defines the length of artificial delay
before sending an opportunistic lock break request to
a client that has recently sent the storage system an
open request. This is done to work around a bug in
Microsoft Windows clients that can cause the client to
ignore an oplock break request if it is received at a
certain time.
For example, when opendelta is 8, the storage system will make sure that at least 8 milliseconds have elapsed after receiving or responding to an open-file request before it sends an oplock break on that session.
CAUTION - This option should not be set higher than 35 milliseconds without consulting NetApp Global Services.
Default: 0
Min/Max: 0 - 1000 milliseconds
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.per_client_stats.enable
Turning this option on causes the storage system to
start gathering statistics on a per-client basis. This
allows use of the cifs top command, as well as the -u
and -h options of cifs stat. Administrators should be
aware that there is overhead associated with collecting
the per-client stats. This overhead may noticeably
affect storage system performance. If the option is
turned off, any existing per-client statistics are
discarded.
Default: off
Effective: Upon CIFS client reconnection
Persistence: Remains in effect across system reboots
cifs.perfmon.allowed_users
The value for this option determines the user or the
group which has access to performance data via Perfmon.
The option takes as input either a user or a
group name. The user or group can be either local or
domain-based. By default the option is not set which
allows access only to Administrators. Irrespective of
the value of this option Administrators will always
have access. To allow all users to access performance
data, this option can be set to "Everyone".
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.perm_check_ro_del_ok
NT delete rules do not allow you to delete a file or
directory with the DOS read-only bit set. However, a
number of multi-protocol applications require UNIX
delete semantics (w-x perms in parent dir without
regard to the permissions of the file or directory).
This option controls this behavior. By default it is
off, which yields NT behavior.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.perm_check_use_gid
This option affects security checking for Windows
clients of files with UNIX security where the
requester is not the file owner. In all cases, Windows
client requests are checked against the share-level
ACL; then if the requester is the owner, the "user"
perms are used to determine the access.
If the requester is not the owner and if perm_check_use_gid is on, it means files with UNIX security are checked using normal UNIX rules. That is, if the requester is a member of the file's owning group, the "group" perms are used; otherwise the "other" perms are used.
If the requester is not the owner and if perm_check_use_gid is off, files with UNIX security style are checked in a way which works better when controlling access via share-level ACLs. In that case the requester's desired access is checked against the file's "group" permissions, and the "other" permissions are ignored. In effect, the "group" perms are used as if the Windows client were always a member of the file's owning group, and the "other" perms are never used.
If you do not plan to use share-level ACLs to control access to UNIX security style files (for example in a UNIX qtree), you should leave this setting on.
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.preserve_unix_security
This option preserves UNIX permissions as files are
edited and saved by Windows applications that read the
security properties of the file, create a new temporary
file, apply those properties to the temporary
file, and then give the temporary file the original
file name. When this option is enabled, Windows
clients that perform a security query receive a constructed
ACL that exactly represents the UNIX permissions.
This same ACL can then be assigned to the temporary
file to restore the exact same UNIX permissions
that were present in the original file. The constructed
ACL is only used to preserve the file's UNIX
permissions, as the file is updated and saved by Windows
applications; no NTFS ACLs are set using the constructed
ACL. This option only affects NFS files in
UNIX or mixed-mode qtrees.
Enabling this option also allows you to manipulate a file's UNIX permissions using the Security tab on a Windows client, or using any application that can query and set Windows ACLs. When enabled, this option causes UNIX qtrees to appear as NTFS volumes. Default: off
Values: on, off
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.restrict_anonymous
Controls the access restrictions of non-authenticated
sessions. Permitted values for this option are 0, 1
and 2. 0 sets no special access restrictions, 1 disallows
enumeration of users and shares, and 2 fully
restricts access. This option corresponds to the
RestrictAnonymous registry entry in Windows. Note
that these restrictions do not apply to mapped Null
users.
Default: 0
Values: 0, 1, 2
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.restrict_anonymous.enable
Deprecated option, use cifs.restrict_anonymous
instead.
cifs.save_case
When this option is on, CIFS will preserve the case
when files are created or renamed. If this option is
turned off, all filenames will be forced to lower
case. This can help with compatibility between certain
16-bit applications and UNIX tools.
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.scopeid
NetBIOS scope IDs allow the system administrator to
create small workgroups out of a network by partitioning
the NetBIOS name space; only clients with the same
NetBIOS scope ID as the storage system will be able to
use the storage system as a CIFS server. The default
scope ID is "" (null), but if the storage system is to
run in a NetBIOS scope other than the default one, its
scope ID must be set to the scope ID of that scope.
The scope ID can be changed only when CIFS is not running.
Default: "" (null)
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.search_domains
Specifies a list of domains that trust each other to
search for a mapped account. The argument for the
option is a comma-separated list that is searched in
order. If this option is set to "" (null), all
domains are searched. You can use this option to control
searches if you used an asterisk for a domain
name in the /etc/usermap.cfg file.
Default: "" (null)
Effective: Upon CIFS client reconnection
Persistence: Remains in effect across system reboots
cifs.show_dotfiles
When this option is set to off, all file names with a
period (.) as the first character will be hidden. The
default value is on.
cifs.show_snapshot
When this option is off, the snapshot directory ~snapshot
is no longer shown at the root of a share. This
is a change in behavior from previous versions. Setting
this to on will restore the old behavior. On
Windows NT 4 or Windows 95 clients, the user can
access snapshots by entering \\node_name\share\.snapshot
(or ~snapshot or ~snapsht) in the Start->Run
menu. Snapshots can also be accessed lower in the
share by providing a path to a lower directory. Snapshots
can be accessed through DOS on any system by
changing to the ~snapsht directory.
NOTE: When this option is on, it can confuse programs like FastFind that do not know about snapshots.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.shutdown_msg_level
Normally a message is broadcast to all clients when
CIFS is terminating. This option can be set to control
this behavior. The value 0 results in never sending
such broadcast messages. The value 1 results in sending
broadcast messages only to sessions which have
open files. The value 2 causes the messages to be sent
to all open connections.
Default: 2
Values: 0, 1, 2
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.sidcache.enable
This options controls whether or not CIFS will cache
SID-to-name translation information that it has
received from the domain controllers.
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.sidcache.lifetime
This option controls how long a SID-to-name cache
entry is used before it becomes stale. The SID-to-name
mapping functions in the storage system will query the
appropriate domain controller to update the cached
mapping when it is needed, but has become stale.
Default: 1440
Min/Max: 20 - 10080 minutes
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.signing.enable
Signing is a security feature provided by the CIFS
protocol that is designed to detect and prevent `manin-the-middle'
intrusion into CIFS communications.
This is achieved by calculating a security signature
value for every incoming and outgoing CIFS packet.
This feature introduces a performance penalty on both the client and the storage system when in use, and thus is disabled by default. In a trusted network where the performance impact of this feature might outweigh the benefits that it provides, it is recommended that this feature remain disabled.
Before enabling signing, terminate CIFS services. This ensures that existing CIFS connections are terminated. After restarting cifs, all new connections will use signing.
Default: off
Effective: Upon CIFS client reconnection
Persistence: Remains in effect across system reboots
cifs.smb2.enable
This option enables SMB 2.0 and SMB 2.1 support on the
storage system. When this option is enabled, the storage
system uses SMB 2.0 and SMB 2.1 with a Windows
client if the client supports SMB 2.0 or SMB 2.1. When
this option is disabled, the storage system will not
accept any new SMB 2.0 or SMB 2.1 sessions; existing
sessions are not terminated.
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.smb2.signing.required
This option decides whether the storage system forces
the CIFS sessions over SMB 2.0 or SMB 2.1 to be
signed. Signing prevents the packets from being tampered
with while being sent from the client to the
server. When this option is off, either there is no
signing, or the client can request for the session to
be signed. If set to on, the session is signed.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.smb2_1.branch_cache.enable
This option enables SMB 2.1 BranchCache support on the
storage system. When this option is enabled, the storage
system uses BranchCache with a Windows client to
reduce Wide Area Network (WAN) utilization, if the
BranchCache is configured on client. When this option
is disabled, the storage system doesn't support
BranchCache.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.smb2_1.branch_cache.hash_time_out
Sets the time(in seconds) for which an unused BranchCache
hash for a file can be kept in memory of the
storage system.
Default: 300s
Min/Max: 0 - 4000000 seconds
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.snapshot_file_folding.enable
This option controls whether or not CIFS will attempt
to `fold' files on close with previous snapshot versions
of themselves in order to minimize disk usage.
Disk space is saved by sharing unchanged file blocks
between the active version of the file, and the version
of the file in the latest snapshot, if any. The
storage system must compare block contents when folding
a file, so there is a performance vs. space utilization
tradeoff to consider with this option.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.symlinks.cycleguard
This option eliminates the possibility of traversing
directories cyclically during the process of following
symbolic links. With this option set to on, if the
target of the symlink resolves to a directory that is
directly above the symlink's parent directory, it is
disallowed.
With this option set to off, many standard Windows applications (such as Find in Windows 95 / Windows NT 4.0) will not operate correctly when a symlink points to a parent directory. This is because they do not understand symbolic links and will repeatedly loop on them. Users should use caution when changing this option.
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.symlinks.enable
When cifs.symlinks.enable is on, if the object being
accessed by a CIFS client is a symbolic link (whether
absolute or relative), the storage system follows the
link with the proviso that the ultimate target turns
out to reside within the originating share (thus
ensuring that the client has access permission to the
target).
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.trace_dc_connection
When cifs.trace_dc_connection is on, the storage system
logs all domain controller address discovery and
connection activities. This can be used to diagnose
DC connection problems on the storage system.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.trace_login
When cifs.trace_login is on, the storage system logs
all login-related activities. This can be used to
diagnose access problems on the storage system.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.universal_nested_groups.enable
When cifs.universal_nested_groups.enable is off, the
storage system does not include membership in nested
groups or membership in universal groups from other
domains in the forest. This option is pertinent to
all NFS clients accessing a file or directory with
Windows-style security and does not affect CIFS
clients. This option will be deprecated in a future
release when the storage system will always include
the above memberships.
CAUTION - ALL group memberships are fetched from Active Directory only when (a) user and storage system are in the same domain tree (b) or else user's domain tree has a two-way transitive trust with the storage system's domain tree.
Default: on
Effective: Upon NFS client reconnection
Persistence: Remains in effect across system reboots
cifs.W2K_password_change
This option only affects storage systems installed in
Windows 2000 domains. When on, this option causes the
storage system to change its domain password once in
every W2K_password_change_interval value duration. The
duration is counted in weeks. The password change
occurs randomly within the time period specified by
option W2K_password_change_within, starting at 01:00
AM on Sunday mornings. For Windows 2000 domains with
multiple DCs, a password change may inhibit CIFS connections
for a short time while the new password is
propagated among the DCs. This option has no effect on
storage systems installed in pre-Windows 2000 domains.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.W2K_password_change_interval
This option only affects nodes installed in Windows
2000 domains. Changing this value has no effect if
the cifs.W2K_password_change is set to "off". It is
used to set the time duration (in weeks) after which
the domain password change is triggered. The actual
password change is attempted at approximately 01:00 AM
on the Sunday morning following the day when the configured
time duration expires. This option has no
effect on nodes installed in pre-Windows 2000 domains.
Default: 4w
Min/Max: 1w - 8w in weeks
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.W2K_password_change_within
This option only affects node installed in Windows
2000 domains. Changing this value has no effect if
the cifs.W2K_password_change set to "off". It is used
to set the time duration (in hours) within which the
domain password change attempts are made after the
expiry of W2K_password_change_interval. In other
words, the password change is attempted at a random
time between 01:00 AM and W2K_password_change_within
duration on the Sunday morning following the expiry of
W2K_password_change_interval duration. This option has
no effect on nodes installed in pre-Windows 2000
domains.
Default: 1h
Min/Max: 1h - 6h in hours
Effective: Immediately
Persistence: Remains in effect across system reboots
Min/Max: 0s - 10000m in seconds (s), minutes (m) or hours (h)
Effective: Immediately
Persistence: Remains in effect across system reboots
cifs.wins_servers
This option can display or set the list of WINS
servers used by the CIFS service. To set the list,
pass a comma-separated list of IPv4 addresses. To see
the current list of WINS servers, leave the parameter
blank. To clear the list, pass a "" (null) parameter.
Default: "" (null)
Values: Comma-separated list of IPv4 addresses
Effective: Immediately
Persistence: Remains in effect across system reboots
cksum_offload.gbeII
Specifies whether calculation of TCP and UDP checksums
is offloaded to network interface cards. Offloading
reduces CPU utilization. The value "on" enables
offloading, and "off" disables it. The option affects
Ethernet Controllers numbered II and higher. TCP
checksums are offloaded for TCP packets over IPv4 as
well as IPv6, when this option is enabled. Checksums
are not offloaded for outbound UDP packets over IPv4
in most cases, regardless of the option setting.
Checksums are not offloaded for all UDP packets over
IPv6 even when this option is enabled.
On systems initially installed with 6.2 or later releases, the default is "on". Prior to 6.2 the default was "off", and a software upgrade does not change the value.
console.encoding
Specifies how non-ASCII character information is presented.
The value can be:
nfs - NFS character set. You can use both NFS extended (> 0x7F) and SGML characters for input.
sgml - SGML character format. You can use both NFS extended (greater than 0x7F) and SGML characters for input.
utf8 - UTF-8 character sets. For input, any character greater than 0x7F is the beginning of a UTF-8 encoding.
The default is nfs.
coredump.dump.attempts
Controls how many attempts should be made to dump a
core. Extra attempts are only made if the previous
attempt failed due to a disk write error. Legal values
range from 0 - 5. If 0 is chosen, no cores will
be dumped.
The default is 2.
disk.asup_on_mp_loss
Controls whether or not an AutoSupport message is sent
if the redundant path to a shelf is lost. The default
value is on.
disk.auto_assign
Specifies if disks will be auto assigned on systems
with software disk ownership. The default is on. When
on, the default behavior is to automatically assign
disks at the adapter (stack) level of granularity. If
all assigned disks on an adapter (stack) have the same
ownership assignment, and there are unowned disks present
on that adapter (stack), automatic assignment
will assign the unowned disks to match the ownership
of the already assigned disks on that adapter (stack).
disk.auto_assign_shelf
Specifies whether disks should be auto assigned at the
shelf level of granularity or not. This option is
ignored if disk.auto_assign option is off. Otherwise,
when disk.auto_assign and disk.auto_assign_shelf
options are on, then if there are unowned disks on a
shelf and all assigned disks on that shelf have the
same ownership assignment, automatic assignment will
assign the unowned disks to match the ownership of the
already assigned disks on that shelf. The default
value is off.
disk.maint_center.allowed_entries
Sets the number of times a disk is allowed to be put
into maintenance center testing as a result of reaching
a threshold. If a disk reaches another threshold
and has already been through maintenance center testing
the allowed number of times, the disk is failed.
Administrator-initiated testing is not counted. The
administrator can test disks any number of times. The
default value is 1.
disk.maint_center.enable
Enables/disables maintenance center functionality. The
default value is on.
disk.maint_center.max_disks
This option specifies the maximum number of disks that
can be running maintenance center tests on a system at
the same time. The default value is 84.
disk.maint_center.rec_allowed_entries
Sets the number of times a disk is allowed to be put
into maintenance center testing as a result of recovery
needed types of errors. If a disk encounters
another recovery needed type of error and has already
been through maintenance center testing the allowed
number of times for recovery needed errors then the
disk is failed. The default value is 5.
disk.maint_center.spares_check
This option specifies whether to check the number of
available spares before putting a disk into the maintenance
center as the result of reaching a threshold.
If this option is on and there are fewer than two
available spares when a disk reaches a threshold, the
disk is not put into the maintenance center. If the
option is off or there are at least two available
spares, the disk is put into the maintenance center.
This option has no effect on administrator-initiated
testing of disks. The default value is on.
disk.target_port.cmd_queue_depth
Sets the maximum number of concurrent commands that
can be dispatched to any target port on an external
RAID array. This is useful on V-Series systems, which
support large numbers of LUNs behind a single device
ID. If too many commands are issued the overall performance
of the external RAID array may be degraded.
A value of 0 indicates that no limit is enforced on
any target port.
dns.domainname
Sets the DNS domainname to the specified domainname.
dns.enable
Enables DNS client on the storage system. The DNS
domain must be set and the /etc/resolv.conf file must
exist prior to enabling DNS.
dns.cache.enable
Determines whether the DNS cache is used when looking
up names. It is on by default. Turning it off will
have the side effect of flushing the dns cache. This
option has no effect if DNS is not enabled.
dns.update.enable
Enables or disables DDNS (Dynamic DNS). `on', `off',
and `secure' are valid options. exchanged securely if
the security protocol is appropriately configured.
DNS must be enabled prior to enabling DDNS.
fcp.enable
Determines whether FCP service starts by default on a
storage system.
flexcache.access
Restricts FlexCache access to the storage system. The
default value is none. For valid values, see na_protocolaccess(8).
Note: this is the only way to allow a
volume to be cached by a FlexCache volume. The
/etc/exports file cannot be used for this.
flexcache.enable
Enables FlexCache server on the storage system. Valid
values for this option are on or off. If this option
is set to off, no FlexCache volumes can be mapped to
any of the volumes on this storage system. Existing
FlexCache volumes that are currently mapped to this
storage system are no longer serviced. If this option
is set to on, FlexCache volumes can be mapped to volumes
on this storage system. The default value for
this option is off.
flexcache.per_client_stats
Enables FlexCache client statistics on an origin storage
system. Valid values for this option are on or
off. The default value for this option is on. With
this set to on, the flexcache stats -S volume -c command
will show statistics by client on an origin storage
system.
flexscale.enable
Enables FlexScale on the storage system. Valid values
for this option are on or off. If FlexScale hardware
is present and licensed then this option will enable
the FlexScale functionality in WAFL. If no hardware is
present this option will enable FlexScale PCS (Predictive
Cache Statistics). The default value for this
option is off.
flexscale.normal_data_blocks
Controls whether normal user data blocks should be
cached by FlexScale. Valid values for this option are
on or off. If this option is set to off then only
metadata blocks are cached, except for those volumes
that have a FlexShare cache setting of keep. See
na_priority(1) for details. The default value for
this option is on.
flexscale.lopri_blocks
Controls whether low-priority user data blocks should
be cached by FlexScale. Valid values for this option
are on or off. This option is only used when flexscale.normal_data_blocks
is set to on. If this option
is set to on then low-priority user data blocks that
are not normally stored by FlexScale will be cached.
This may be useful for workloads that fit entirely
within FlexScale and consist of write follow by read,
or large sequential reads. The default value for this
option is off.
flexscale.pcs_size
Controls the size of the cache emulated by FlexScale
PCS. Valid values for this option are integers
between 16 and 16383. This option is only used when
PCS is enabled. The default value of this option is
chosen automatically based on the amount of memory in
the controller, and the upper limit is further
restricted on controllers with smaller amounts of memory.
flexscale.pcs_high_res
Controls the sampling resolution of the FlexScale PCS
engine. Valid values for this option are on or off.
This option is only used when PCS is enabled. Measurement
of workloads with very small hotspots may be
improved by setting this value on. The default value
for this option is off, which should generally be sufficient.
flexscale.readahead_blocks
This option caches readahead data that the system
evicts from buffer cache. Readahead data is data that
clients are likely to request.
flexscale.rewarm
Specifies whether a FlexScale cache module (Performance
Acceleration Module family or Flash Cache family)
should attempt to preserve data across reboots.
Valid values for this option are on or off. This
option only applies to cache hardware with persistent
media. It does not apply to Predictive Cache Statistics
(PCS). Enabling this option will marginally
increase the duration of system boot and shutdown, but
it will reduce or eliminate the time required for
cache warming. The default value for this option is
determined by cache hardware type. This option is
automatically on if it is supported.
fpolicy.enable
When turned off, this disables all file policies on
the storage system, overriding the settings for individual
file policies. When turned on, the setting of a
given file policy determines if that file policy is
enabled or disabled.
fpolicy.i2p_ems_interval
Time interval in minutes between two successive fpolicy.fscreen.vol.i2p.off
EMS messages.
This EMS occurs when an FPolicy server registers for a file policy with the inode to pathname translation, but a volume monitored by the policy has inode to pathname translation disabled.
Valid values for the interval range from 0 (disabled) to 1440. The default interval is 60 minutes.
fpolicy.multiple_pipes
When enabled, FPolicy engine can open up to 10
instances of the SMB request named pipe simultaneously
to an FPolicy server. When disabled, only one instance
of the SMB request pipe is opened to an FPolicy server
at a time. The default value is on.
ftpd.enable
When enabled (on), this option allows FTP connections
on port 21. When disabled (off), connection attempts
on port 21 are refused.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
ftpd.explicit.enable
When enabled (on), this option allows Explicit FTPS
(FTP over SSL) connections on port 21. When disabled
(off), FTP connections on port 21 are not allowed to
enter secure mode.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
ftpd.explicit.allow_secure_data_conn
When enabled (on), this option allows Explicit FTPS
(FTP over SSL) connections to open data connections in
secure mode. When disabled (off), Explicit FTPS connections
are not allowed to open secure data connections
by sending the PROT P command. However
connections which already have PROT level set to P
will continue to work as is.
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
ftpd.implicit.enable
When enabled (on), this option allows Implicit FTPS
(FTP over SSL) connections on port 990. When disabled
(off), FTPS connection attempts on port 990 are
refused.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
ftpd.ipv6.enable
When enabled (on), this option allows FTP connections
over IPv6. When disabled (off), new connection
attempts over IPv6 are refused; existing IPv6 sessions
will remain active and will not be disconnected.
For this option to take effect, networking stack should support IPv6 (option ip.v6.enable).
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
ftpd.3way.enable
Enables/disables third-party file transfers. When
enabled (on), this option allows file transfers
directly to and from a remote FTP server. When disabled,
the IP address specified in the PORT command
must match that of the FTP client. In passive mode,
only TCP connections from the client will be allowed.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
ftpd.anonymous.enable
Enables/disables anonymous user logins. An anonymous
user will only be allowed to access "anonymous" home
directory and its subtrees. Anonymous users are not
allowed access to external volumes. Named account
users will not have this limitation unless the
ftpd.dir.restriction option is enabled. Default anonymous
users are "ftp" and "anonymous". To use anonymous
ftp, besides turn on ftpd.anonymous.enable, the option
ftpd.anonymous.homedir must point to an existing path.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
ftpd.anonymous.home_dir
Sets the home directory for the anonymous user
account.
Default: "" (null)
Effective: Upon FTP client reconnection
Persistence: Remains in effect across system reboots
ftpd.anonymous.name
Specifies the login name for the anonymous user
account. Anonymous user can use the username as set
by this option or "ftp". The user ftp is defined in
/etc/passwd by default. If there is no mapping of the
username specified by ftpd.anonymous.name to a UID,
UID of the user "ftp" is used. The home directory
entry in /etc/passwd file for ftp is overridden by
option ftpd.anonymous.homedir.
Default: anonymous
Effective: Upon FTP client reconnection
Persistence: Remains in effect across system reboots
ftpd.auth_style
Sets the ftpd login authentication style. In mixed
mode, usernames with "\" or "@" will authenticate via
ntlm and those without will authenticate via unix.
Setting ntlm or unix explicitly will force the respective
authentication type regardless of the format of
the username.
Default: mixed
Values: ntlm, unix, mixed
Effective: Upon FTP client reconnection
Persistence: Remains in effect across system reboots
ftpd.bypass_traverse_checking
When turned on, directories in the path to a file are
not required to have the `X' (traverse) permission.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
ftpd.dir.restriction
Sets user home directory restriction. The off (or
none) setting indicates that there is no home directory
restriction for regular users. When this option
is set to on (or homedir), each named account user's
access is restricted to that user's own home directory
or to the override directory, if one is specified by
the ftpd.dir.override option.
Default: on
Values: on, off, none, homedir
Effective: Upon FTP client reconnection
Persistence: Remains in effect across system reboots
ftpd.dir.override
Sets the override path for the user home directory. A
"" (null) value indicates no home directory override;
users will be placed in their home directory upon
login. When the value of this option is a valid
directory path, users will be placed in that directory
upon login. This option applies only to named user
accounts. The behavior of the default user account is
not affected by the value of ftpd.dir.override.
Default: "" (null)
Effective: Upon FTP client reconnection
Persistence: Remains in effect across system reboots
ftpd.idle_timeout
Sets the time between requests that an FTP session can
be idle before it becomes a candidate for disconnection
by the storage system.
Default: 900s
Min/Max: 300s - 2d in seconds (s), hours (h) or days (d)
Effective: Immediately
Persistence: Remains in effect across system reboots
ftpd.log.enable
Enables/disables the logging of FTP commands and data
transfer operations.
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
ftpd.log.filesize
Specifies the maximum file size for FTP and HTTP logs
in the /etc/log directory. When one of the active log
files, such as ftp.cmd (or ftp.xfer, or httpd.log)
reaches this size, it is renamed to ftp.cmd.1 (or
ftp.xfer.1 for the transfer log, or httpd.log.1 for
the http log) and that renamed log history file is
closed. If there is already a historical log file,
such as ftp.cmd.1, that file is renamed to ftp.cmd.2.
This renaming process continues sequentially for all
historical log files, until the maximum number of historical
log files (specified by ftpd.log.nfiles) is
reached. Once the maximum number of historical log
files is reached, the oldest log file is deleted each
time a new active log file is opened. See the description
of the ftpd.log.nfiles option for more information.
Default: 512k
Min/Max: 1K - 4G in gigabytes (G), megabytes (M), kilobytes (K) or bytes (blank)
Effective: Immediately
Persistence: Remains in effect across system reboots
ftpd.log.nfiles
Sets the maximum number of log files to be kept for
FTP and HTTP. Once an active log file reaches the
size limit determined by the ftpd.log.filesize option,
a new active log file is created. The old active log
file is stored as a historical log file by appending
the file name with ".1". All existing historical
files are renamed by incrementing the numeric suffix;
for example, "ftp.cmd.2" becomes "ftp.cmd.3" and so
on. Only the number of files specified by
ftpd.log.nfiles are kept. When the maximum number of
historical log files is exceeded, the highest-numbered
(oldest) log file is deleted. For example, if nfiles
is set to 6, ftp.cmd.5 would be deleted rather than
renamed.
Default: 6
Min/Max: 1 - 100 files
Effective: Immediately
Persistence: Remains in effect across system reboots
ftpd.locking
Sets the type of file locking used by the ftpd during
file retrieval. Setting this option to none designates
that files are not to be locked in any way during
file retrieval. When the value of this option is
delete, files being retrieved cannot be deleted or
renamed. When the value of this option is write, file
being retrieved cannot be opened for write or deleted
or renamed.
Default: none
Values: none, delete
Effective: Immediately
Persistence: Remains in effect across system reboots
ftpd.max_connections
Sets the maximum number of concurrent ftpd connections
allowed. This option is the limit of the total number
of FTP control connections allowed to the storage system,
or to all vFilers hosted on the physical storage
system. For High Availability configurations, the number
of connections permitted is doubled when in
takeover mode. If this setting is changed to a value
that is lower than the current number of connected FTP
sessions, new connections will be refused until the
total number of sessions falls below ftpd.max_connections.
Existing sessions are unaffected.
Default: 500
Min/Max: 0 - 5000 connections
Effective: Immediately
Persistence: Remains in effect across system reboots
ftpd.tcp_window_size
Sets the TCP window size for FTP operations. The
default, 28960 bytes, works for many network environments.
Change this value only when required for your
network configuration. Changes to this option can
strongly affect ftpd performance.
Default: 28960
Values: 1600
Effective: Upon FTP client reconnection
Persistence: Remains in effect across system reboots
gfagent.enable
Enables/disables the Gateway storage system agent.
gfagent.hdm.host
Sets the host address to which Gateway agent will send
POST request.
gfagent.hdm.password
User password for Device Manager server.
gfagent.hdm.port
Port number of Device Manager's http server.
gfagent.hdm.user
User name for Device Manager server.
gfagent.hdm.uri
URI to which Gateway agent send POST request.
gfagent.interval.minutes
Time interval between two successive scans/reports in
minutes.
httpd.admin.access
Restricts HTTP access to FilerView, the administration
area of the storage system, via a private NetApp Inc
URL: any URL beginning with /na_admin. If this value
is set, trusted.hosts is ignored for FilerView access.
Default: legacy
Values: See na_protocolaccess(8)
Effective: Immediately
Persistence: Remains in effect across system reboots
httpd.admin.enable
Enables HTTP access to FilerView, the administration
area of the storage system, via a private NetApp Inc
URL: any URL beginning with /na_admin is mapped to the
directory /etc/http. Thus, a man page on the storage
system toaster with the file name /etc/http/man/name
can be accessed with the URL
http://toaster/na_admin/man/name.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
httpd.admin.max_connections
Sets the maximum number of concurrent httpd administration
connections allowed per vfiler. Httpd administration
connections are defined by
http://toaster/na_admin.APIconnectionsfallunderthe
httpd administration purview. If this setting is
changed to a value that is lower than the current number
of httpd administration connections, new connections
will be refused until the total number of connections
falls below httpd.admin.max_connections.
Existing connections are unaffected.
Default: 512
Min/Max: 1 - 1023 connections
Effective: Immediately
Persistence: Remains in effect across system reboots
httpd.admin.ssl.enable
Enables HTTPS access to FilerView. To set up ssl, use
the secureadmin command. See na_secureadmin(1) for
more details. HTTPS and SSL are enabled by default on
a factory installed system. Default value is on.
httpd.admin.hostsequiv.enable
Enables the use of /etc/hosts.equiv for administrative
HTTP authentication. If enabled, the authentication
of administrative HTTP (for APIs) will use the contents
of /etc/hosts.equiv in the same way that it is
used for rsh authentication. See na_hosts.equiv(5)
and na_rshd(8) for more details.
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
httpd.admin.top-page.authentication
If enabled, the top-level page of FilerView will have
authenticated access.
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
httpd.autoindex.enable
The normal response to an HTTP GET request that specifies
a URL corresponding to a directory is to display
the contents of an index file contained in that directory.
If no index file exists, a directory listing can
be generated automatically and returned instead. This
option controls whether to generate a directory listing.
The storage system always searches for an index file, which is one of "index.html", "default.htm", "index.htm", "default.html", searched for in that order. If none is found, and this option is on, a directory listing is created and returned. If this option is off (the default), the appliance will respond with a "403" (forbidden) error code.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
httpd.access
Restricts HTTP access to the storage system. Setting
this value does not affect FilerView access set by
httpd.admin.access.
Default: legacy
Values: See na_protocolaccess(8)
Effective: Immediately
Persistence: Remains in effect across system reboots
httpd.bypass_traverse_checking
When turned on, directories in the path to a file are
not required to have the `X' (traverse) permission.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
httpd.enable
Enables HTTP access to the storage system.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
httpd.ipv6.enable
This option controls HTTP IPv6 support. For this
option to take effect, networking stack should support
IPv6 (option ip.v6.enable). When this option is
enabled, storage system starts accepting new http connections
over IPv6. When this option is disabled storage
system stops accepting any new http connections
over IPv6, existing IPv6 connections will remain
active and will not be disconnected.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
Values: on, off
httpd.log.format
Specifies the log format.
Default: common
Values: common, alt1
Effective: Immediately
Persistence: Remains in effect across system reboots
httpd.method.trace.enable
Specifies whether the HTTP TRACE method is enabled.
There is a potential security vulnerability associated
with the TRACE method, documented in
http://www.kb.cert.org/vuls/id/867593. The default
for this option is off, thus disabling the TRACE
method. If you want to support the TRACE method, set
the option to on.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
httpd.rootdir
Specifies the complete pathname of the root directory
that contains files and subdirectories for HTTP
access. The default for this is `XXX' as it is normally
set to the appropriate location during http
setup.
Default: XXX
Effective: Immediately
Persistence: Remains in effect across system reboots
httpd.timeout
Specifies the minimum amount of time (in seconds)
before an idle HTTP connection will time out.
Default: 300
Min/Max: 30 - 86400 seconds
Effective: Immediately
Persistence: Remains in effect across system reboots
httpd.timewait.enable
When enabled, the storage system will put HTTP connections
that have been closed by the client into the
TIME_WAIT state for one minute, which is twice the
maximum segment lifetime (2*MSL).
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
interface.blocked.cifs
The option is set to a comma-separated list of interface
names for which CIFS is blocked. The default is
the empty list, "", which means that CIFS is not
blocked on any interface (unless option interface.blocked.mgmt_data_traffic
is set to "on"). The
interface list cannot include TOE-enabled interfaces
or iSCSI HBAs. See the NMG for details.
interface.blocked.iscsi
The option is set to a comma-separated list of interface
names for which iSCSI is blocked. The default is
the empty list, "", which means that iSCSI is not
blocked on any interface (unless option interface.blocked.mgmt_data_traffic
is set to "on"). The
interface list cannot include TOE-enabled interfaces
or iSCSI HBAs. See the NMG for details.
interface.blocked.ftpd
The option is set to a comma-separated list of interface
names for which FTP is blocked. The default is
the empty list, "", which means that FTP is not
blocked on any interface. The interface list cannot
include TOE-enabled interfaces or iSCSI HBAs. See the
NMG for details.
interface.blocked.mgmt_data_traffic
This option controls the protocol filter for dedicated
mgmt ports, such as e0M on many platforms (not all
platforms have a dedicated mgmt port). If the option
is set to on (the default for new installs), then
NDMP, NFS, CIFS, iSCSI and the SNAP* family of data
protocols will be blocked by the dedicated mgmt port.
"On" is the recommended setting because a dedicated
mgmt port is a low-bandwidth port that does not support
jumbo frames, vlans, or ifgrps. If a dedicated
mgmt port is used for data traffic, it can hide misconfigurations
that might lead to a serious loss of
storage system throughput. A dedicated mgmt port
should only be configured with addresses that are on
isolated management-only subnets. See the NMG for
details.
interface.blocked.ndmp
The option is set to a comma-separated list of interface
names for which NDMP is blocked. The default is
the empty list, "", which means that NDMP is not
blocked on any interface (unless option interface.blocked.mgmt_data_traffic
is set to "on"). The
interface list cannot include TOE-enabled interfaces
or iSCSI HBAs. See the NMG for details.
interface.blocked.nfs
The option is set to a comma-separated list of interface
names for which NFS is blocked. The default is
the empty list, "", which means that NFS is not
blocked on any interface (unless option interface.blocked.mgmt_data_traffic
is set to "on"). The
interface list cannot include TOE-enabled interfaces
or iSCSI HBAs. See the NMG for details.
interface.blocked.snapmirror
The option is set to a comma-separated list of interface
names for which snap* protocols are blocked. The
default is the empty list, "", which means that snap*
protocols are not blocked on any interface (unless
option interface.blocked.mgmt_data_traffic is set to
"on"). The interface list cannot include TOE-enabled
interfaces or iSCSI HBAs. See the NMG for details.
ip.fastpath.enable
If the option is on, the storage system will attempt
to use MAC address and interface caching ("Fastpath")
so as to try to send back responses to incoming network
traffic using the same interface as the incoming
traffic and (in some cases) the destination MAC
address equal to the source MAC address of the incoming
data. This allows for automatic load-balancing
between multiple interfaces of a trunk and between
multiple storage system interfaces on the same subnet.
Valid values for this option are on or off. The
default value for this option is on. For TCP connections,
the system will also automatically detect if
this optimization is not feasible in a specific environment
or for a specific connection and turn Fastpath
off automatically for those connections for which
using Fastpath is inappropriate. The netstat command
with the -x option can be used to see if Fastpath is
enabled for a specific connection.
ip.match_any_ifaddr
If the option is on, the storage system will accept
any packet that is addressed to it even if that packet
came in on the wrong interface. If you are concerned
about security, you should turn this off. Valid values
for this option are on or off. The default value
for this option is on.
ip.path_mtu_discovery.enable
Enables/disables path MTU discovery; it is currently
used only by TCP. Path MTU discovery, described in
RFC 1191, allows a host to discover the ``maximum
transmission unit'', that is, the largest link-level
packet that can be transmitted over a path from that
host to another host. This means that the storage
system needn't choose a conservative packet size for a
TCP connection to a host not on the same net as the
storage system, but can attempt to discover the
largest packet size that can make it to the other host
without fragmentation. Valid values for this option
are on or off. The default value for this option is
on.
ip.ping_throttle.drop_level
Specifies the maximum number of ICMP echo or echo
reply packets (ping packets) that the storage system
will accept per second. Any further packets within
one second are dropped to prevent ping flood denial of
service attacks. The default value is 150.
ip.ping_throttle.alarm_interval
Specifies how often dropped pings will be syslogged in
minutes. This prevents a ping flood denial of service
attack from flooding the syslog with messages. A
value of 0 turns off logging of ping floods. The
default value is 0.
ip.tcp.newreno.enable
Enables/disables the use of the NewReno modification
to TCP's fast recovery Algorithm (described in RFC
2582). Valid values for this option are on or off.
The default value for this option is on.
ip.tcp.sack.enable
Enables/disables the use of TCP Selective Acknowledgements
(described in RFC 2018). Valid values for this
option are on or off. The default value for this
option is on.
ip.tcp.abc.enable
Enables/disables the use of Appropriate Byte Counting
in TCP Congestion Control following RFC 3465. Valid
values for this option are on or off. The default
value for this option is on.
ip.tcp.abc.l_limit
This option is used only when Appropriate Byte Counting
is used in TCP Congestion Control. It specifies
the value of the limit L used to increase congestion
window during slow start. Valid values for this option
are 1 and 2. The default value for this option is 2.
ip.tcp.rfc3390.enable
Enables/disables the use of RFC 3390 to increase the
initial window used by TCP connections. The default
value for this option is on.
ip.ipsec.enable
Enables/disables the Internet Security Protocol
(ipsec) support on the storage system. Valid values
for this option are on or off. The default value for
this option is off.
ip.v6.enable
Enables/disables the IPv6 support on the storage system.
Valid values for this option are on or off. The
default value for this option is off. When
ip.v6.enable is turned off, existing TCP and UDP connections
will get closed. The configuration files like
/etc/rc, /etc/resolv.conf, /etc/hosts, /etc/dgateways
and /etc/resolve.conf which include IPv6 addresses are
not reset and must be cleaned up manually. Interfaces
will be configured down if they have no IPv4 addresses
assigned. Enabling IPv6 will not enable the use of
IPv6 for some protocols (for example CIFS, NFS).
Those protocols have their own IPv6 enable option that
must be set in addition to the global option
ip.v6.enable.
ip.v6.ra_enable
Accepts/rejects the Router Advertisement messages that
can facilitate auto-configuration of addresses and
learning of prefixes and routes. Valid values for this
option are on or off. The default value for this
option is off. When ra_enable is turned off, router
advertisements will be dropped so no default routes
will be learned, default route failover will be disabled
and link mtu updates will be stopped but existing
auto-configured IPv6 addresses and default routes
will be retained (Duplicate address detection, network
discovery, and IPv6 path mtu discovery will all continue
to work).
iscsi.auth.radius.enable
Determines whether iSCSI service uses RADIUS for CHAP
authentication.
iscsi.enable
Determines whether iSCSI service starts by default on
a storage system.
iscsi.isns.rev
Determines the draft level of the iSNS specification
with which the iSNS service on the storage system is
compatible. There are two possible values: 18 and 22.
The default value is 22. A value of 18 allows compatibility
with older iSNS servers that support draft 18
of the iSNS specification. A value of 22 provides
compatibility with both draft 22 of the iSNS specification
and with RFC 4171, the final iSNS specification.
For example, if the iSNS server that the storage
system will connect to is compatible with RFC
4171, set the iscsi.isns.rev to 22. This ensures that
the iSNS service on the storage system is compatible
with the iSNS server. If this setting is not properly
set, the storage system may not be able to successfully
register with the iSNS server.
iscsi.tcp_window_size
CAUTION - This number will affect iSCSI performance,
and defines the node's receive TCP window size for all
iSCSI connections. The default setting is 131400
bytes. In general, for best performance, the value of
this option should be set according to your network
configuration, taking into account the latency of the
underlying network. However, improved performance may
be obtained with certain iSCSI initiators by tuning
this value beyond the normal network calculations
involving latency and round-trip time. You must
stop/start the iSCSI service for a change in this
value to take effect.
iscsi.max_connections_per_session
The option specifies the number of connections per
session allowed by the storage system. You can specify
between 1 and 16 connections, or you can accept the
default value: use_system_default. The maximum number
of connections allowed for each session is from 1 to
16. use_system_default currently equals 4.
Note that this option specifies the maximum number of connections per session supported by the storage system. The initiator and storage system negotiate the actual number allowed for a session when the session is created; this is the smaller of the initiator's maximum and the storage system's maximum. The number of connection actually used also depends on how many connections the initiator establishes.
iscsi.max_error_recovery_level
The option specifies the maximum error recovery level
allowed by the storage system. You can specify 0, 1,
or 2, or you can accept the default value: use_system_default.
The maximum error recovery level allowed
is 0, 1, or 2. use_system_default currently equals 0.
iscsi.ip_based_tpgroup
This option enables the IP-based tpgroup management
for iSCSI on the specified vFiler.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
ifgrp.failover.link_degraded
This option is meaningful in configurations of a second-level
single-mode ifgrp containing two or more
multi-mode ifgrps where one is favored (see
na_ifgrp(1)). The active ifgrp is always the one with
highest aggregate bandwidth. If the underlying ifgrps
have equal bandwidth and one is favored, then the
favored ifgrp will be active. When this option is on,
and one or more links in the active favored multi-mode
ifgrp fails or is deleted, or a link in a non-active
ifgrp comes up or is added to increase its aggregate
bandwidth, failover to a multi-mode ifgrp that has the
highest aggregate bandwidth will occur. If this
option is off, no failover will occur and the favored
degraded interface will remain active. The default
value for this option is off.
For example,
A second-level single-mode ifgrp sif is configured over
two multi-mode ifgrps mif1 and mif2, where mif1 is active.
When one or more links in mif1 goes down and,
Case 1: No ifgrp is favored.
Failover occurs if mif2 has a higher aggregate bandwidth
than mif1, irrespective of the value of
ifgrp.failover.link_degraded option.
Case 2: mif1(active ifgrp) is favored and
a) ifgrp.failover.link_degraded is on.
Failover occurs if mif2 has a higher aggregate bandwidth
than mif1. mif2 will become active.
If mif1 has a higher aggregate bandwidth than mif2 even
after the links go down, mif1 remains active.
b) ifgrp.failover.link_degraded is off.
There is no failover in this case and mif1 remains active
until all the underlying links of mif1 go down even though
mif2 has a higher aggregate bandwidth than mif1.
Value of this option is overwritten during takeover and behaves according to the value set for the host that is up.
kerberos.replay_cache.enable
This option enables the Kerberos replay cache feature.
This feature prevents passive replay attacks by storing
user authenticators on the storage system for a
short time, and by insuring that the authenticators
are not reused in subsequent Kerberos tickets by
attackers. Storing and comparing the user authenticators
can result in a substantial performance penalty
for higher workloads on the storage system. The
default value for this option is off.
ldap.enable
Turns LDAP lookup off or on. An entry must also be
made in the /etc/nsswitch.conf file to use LDAP for
this purpose.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.minimum_bind_level
Specifies the minimum binding level that is allowed.
It can take the following values: anonymous - anonymous
bind, simple - simple bind sasl - SASL bind.
Default: 0
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.timeout
Timeout used for LDAP searches. This is the period (in
seconds), after which an LDAP search request is timed
out on the LDAP server, if incomplete.
Default: 20
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.ssl.enable
Turns LDAP over SSL support off or on. Only server
authentication is supported. The root certificate
must be installed on the storage system to have SSL
authentication to succeed. This is the trusted certificate
that is obtained from any of the recognized
signing authorities. Multiple trusted certificates
maybe installed on the storage system. Keymgr is used
to install root certificates on the storage system.
Please refer to na_keymgr for additional information.
Ensure that ldap.port is set to 636.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.ADdomain
The Active Directory Domain name in DNS format to use
for LDAP queries. Typically this will be something
like "group.company.com".
Default: "" (null)
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.base
The base distinguished name to use for common ldap
lookups, which include user passwd lookup, group
lookup and netgroup lookup. The format of the base
string is: "(filter1):scope1;(filter2):scope2;". Typically
the storage system is something like "cn=company,cn=uk".
The scope can be one of those three
choices: BASE, ONELEVEL or SUBTREE. The default scope
is SUBTREE if it is not specified.
Default: "" (null)
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.base.passwd
The base distinguished name to use for user passwd
lookups, this option will override the ldap.base
option. The format of the base string is: "(filter1):scope1;(filter2):scope2;".
Typically the storage
system is something like "cn=company,cn=uk". The scope
can be one of those three choices: BASE, ONELEVEL or
SUBTREE. The default scope is SUBTREE if it is not
specified.
Default: "" (null)
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.base.group
The base distinguished name to use for group lookups,
this option will override the ldap.base option. The
format of the base string is: "(filter1):scope1;(filter2):scope2;".
Typically the storage system is something
like "cn=company,cn=uk". The scope can be one of
those three choices: BASE, ONELEVEL or SUBTREE. The
default scope is SUBTREE if it is not specified.
Default: "" (null)
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.base.netgroup
The base distinguished name to use for netgroup
lookups, this option will override ldap.base option.
The format of the base string is: "(filter1):scope1;(filter2):scope2;".
Typically the storage
system is something like "cn=company,cn=uk". The scope
can be one of those three choices: BASE, ONELEVEL or
SUBTREE. The default scope is SUBTREE if it is not
specified.
Default: "" (null)
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.name
The username to use for the administrative queries
necessary to look up UIDs and GIDs given a username.
Best practice is to make this a user with read-only
access to the database.
Default: "" (null)
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.nssmap.attribute.gecos
The substitution for RFC 2307 gecos attribute.
Default: gecos
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.nssmap.attribute.gidNumber
The substitution for RFC 2307 gidNumber attribute.
Default: gidNumber
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.nssmap.attribute.groupname
The substitution for RFC 2307 group name attribute.
Default: cn
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.nssmap.attribute.homeDirectory
The substitution for RFC 2307 homeDirectory attribute.
Default: homeDirectory
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.nssmap.attribute.loginShell
The substitution for RFC 2307 loginShell attribute.
Default: loginShell
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.nssmap.attribute.memberNisNetgroup
The substitution for RFC 2307 memberNisNetgroup
attribute.
Default: memberNisNetgroup
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.nssmap.attribute.memberUid
The substitution for RFC 2307 memberUid attribute.
Default: memberUid
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.nssmap.attribute.netgroupname
The substitution for RFC 2307 netgroup name attribute.
Default: cn
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.nssmap.attribute.nisNetgroupTriple
The substitution for RFC 2307 nisNetgroupTriple
attribute.
Default: nisNetgroupTriple
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.nssmap.attribute.uid
The substitution for RFC 2307 uid attribute.
Default: uid
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.nssmap.attribute.uidNumber
The substitution for RFC 2307 uidNumber attribute.
Default: uidNumber
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.nssmap.attribute.userPassword
The substitution for RFC 2307 userPassword attribute.
Default: userPassword
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.nssmap.objectClass.nisNetgroup
The substitution for RFC 2307 nisNetgroup object
class.
Default: nisNetgroup
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.nssmap.objectClass.posixAccount
The substitution for RFC 2307 posixAccount object
class.
Default: posixAccount
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.nssmap.objectClass.posixGroup
The substitution for RFC 2307 posixGroup object class.
Default: posixGroup
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.passwd
The password to use for the administrative user. This
will always display as six `*'s when listing the
options.
Default: "" (null)
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.port
The port to use for LDAP queries. This defaults to
389, LDAP's well-known port assignment. When changing
this value, the storage system will connect to LDAP
servers using the new value. Requests that are in process
will continue to use the old value until they
complete.
Default: 389
Min/Max: 1 - 65535 port
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.servers
List of servers to use for LDAP queries. To enter multiple
server names use a space separated list enclosed
in quotes. When changing this value, the storage system
will connect to the specified LDAP servers for new
requests. Requests that are in process will continue
to use the old values until they complete. Note that
if the LDAP Server is Windows AD and if it uses SASL
bind, then the value for this option should have the
server name instead of the IP Address. The information
regarding the mapping of the server name with the IP
Addresses should be in the /etc/hosts file. For Simple
binding, the value for the option can be the IP
Address of the server.
Default: "" (null)
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.servers.preferred
List of preferred LDAP servers. To enter multiple
server names use a space separated list enclosed in
quotes. Use this list to indicate servers that are on
faster links if any of the servers listed in
ldap.servers is on a WAN link or is for some other
reason considered slower or less reliable. When
changing this value, the storage system will connect
to the specified LDAP servers for new requests.
Requests that are in process will continue to use the
old values until they complete.
Default: "" (null)
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.usermap.attribute.unixaccount
Specify the LDAP account attribute name for the ldap
usermapping search.
Default: unixaccount
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.usermap.attribute.windowsaccount
Specify the windows account attribute name for the
ldap usermapping search.
Default: windowsaccount
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.usermap.base
The base distinguished name to use for ldap usermapping.
The format of the base string is: "(filter1):scope1;(filter2):scope2;".
Typically the storage
system is something like "cn=company,cn=uk". The scope
can be one of those three choices: BASE, ONELEVEL or
SUBTREE. The default scope is SUBTREE if it is not
specified.
Default: "" (null)
Effective: Immediately
Persistence: Remains in effect across system reboots
ldap.usermap.enable
Enable the storage system to search an LDAP database
for the user mapping between UNIX users and Windows
accounts.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
licensed_feature.disk_sanitization.enable
Allows the operation of the Disk Sanitization functionality.
Note: once enabled, this option cannot be
turned off, this option cannot be accessed remotely
and must be configured via the console. The default
value isoff.
licensed_feature.fcp.enable
Allows the operation of FCP functionality. Enabling
FCP via this option is not available on all platforms.
Some platforms may require the installation of an fcp
license key instead of using this option. The default
value isoff.
licensed_feature.flexcache_nfs.enable
Allows operation of the FlexCache NFS fuctionality.
This feature is not available on all plaforms. The
default value isoff.
licensed_feature.iscsi.enable
Allows the operation of iSCSI functionality. Enabling
iSCSI via this option is not available on all platforms.
Some platforms may require the installation of
an iscsi license key instead of using this option. The
default value isoff.
licensed_feature.multistore.enable
Allows the operation of MultiStore functionality.
Enabling MultiStore via this option is not available
on all platforms. Some platforms may require the
installation of a multistore license key instead of
using this option. The default value isoff.
licensed_feature.nearstore_option.enable
Allows operation as a NearStore. This feature is not
available on all plaforms. The default value isoff.
licensed_feature.vld.enable
Allows the operation of the Virtualized Local Disk
(VLD) functionalty. This feature is not avaliable on
all platforms and requires a reboot to disable the
functionality. The default value is off.
locking.grace_lease_seconds
Sets the grace period for clients to reclaim file
locks after a server failure. The grace period is
expressed in seconds. For lease-based lock protocols
(currently NFSv4), it also sets the locking lease
period. Clients that have been inactive for a period
equal or longer to the lease period may lose all their
locking state on a storage system.
lun.partner_unreachable.*
These options control the behavior of the SCSI Target
when the HA interconnect is down, or when a takeover
or giveback is in progress. Do not change these
options unless directed by technical support.
These options are usually hidden, but they can become visible if manually changed, or during the normal upgrade process.
lun.use_partner.cc.enable
Enables the SCSI Target Partner Path config checker.
Turning the option on causes the config checker to
issue the FCP PARTNER PATH MISCONFIGURED AutoSupport
message when there is too much FCP traffic over the HA
interconnect. This option can be turned off in those
cases where excessive FCP Partner Path traffic is
expected/needed, but normally it should be left on so
that the storage system will complain when there is
too much Partner Path I/O, which is probably a sign of
something wrong on the SAN.
lun.use_partner.cc.warn_limit
This option allows the administrator to control the
threshold window ( in seconds ) for which period the
config checker would check whether the FCP traffic
over the interconnect has exceeded their respective
threshold values. A FCP PARTNER PATH MISCONFIGURED
AutoSupport message would be issued if there was too
much FCP traffic for the threshold window over the
interconnect.
These options are usually hidden, but they can become visible if manually changed, or during the normal upgrade process.
lun.use_partner.cc.ops
This option allows the administrator to control the
number of FCP read and write ops threshold, which the
config checker would use to check whether the FCP
traffic ( in ops ) over the interconnect has exceeded
this specified threshold. A FCP PARTNER PATH MISCONFIGURED
AutoSupport message would be issued if there
was too much FCP traffic for the threshold window over
the interconnect.
These options are usually hidden, but they can become visible if manually changed, or during the normal upgrade process.
lun.use_partner.cc.bytes
This option allows the administrator to control the
number of FCP read and write bytes threshold, which
the config checker would use to check whether the FCP
traffic (in bytes ) over the interconnect has exceeded
this specified threshold. A FCP PARTNER PATH MISCONFIGURED
AutoSupport message would be issued if there
was too much FCP traffic for the threshold window over
the interconnect.
These options are usually hidden, but they can become visible if manually changed, or during the normal upgrade process.
ndmpd.access
Allows the administrator to restrict access to NDMP
operations based on the hostname or the IP address.
The default value for this option is all. See na_protocolaccess(8)
for details.
ndmpd.authtype
Allows the administrator to control which authentication
methods the storage system will accept. NDMP supports
two authentication types: challenge and plaintext.
The default type is challenge. Challenge was MD5
and plaintext was text prior to Data ONTAP 6.4.
ndmpd.connectlog.enabled
Allows NDMP to track all the NDMP connection events
for security purposes. Turning the option on allows
all the NDMP connection events to be recorded in the
syslog(/etc/messages) file. The default value for this
option is being changed from on to off. By default,
Data ONTAP 6.4 NDMP connection logging allows NDMP
connection events for security audit purposes. This
optional logging support causes all NDMP connection
events to be recorded in the /etc/messages file. When
used in conjunction with standard intrusion detection
software NDMP connection logging provides a powerful
security audit mechanism. However NDMP connection logging
significantly increased the number of log messages
written to the /etc/messages file. If NDMP connection
auditing is not desired, it is advisable to
disable NDMP connection logging option to reduce the
size of the /etc/messages file. NDMP connection logging
can be disabled by issuing the following command
at the storage system console: options ndmpd.connectlog.enabled
off. NDMP connection logging can be
enabled by issuing the following command at the storage
system console: options ndmpd.connectlog.enabled
on.
ndmpd.data_port_range
This option allows administrators to specify a port
range on which the NDMP server can listen for data
connections.
Syntax: options ndmpd.data_port_range { <start_port>-<end_port> | all }. start_port, end_port can have values between [1024-65535]; start_port must be lesser than or equal to end_port.
If a valid range is specified, NDMP uses a port within that range to listen for data connections. A listen request fails if no ports in the specified range are free.
The value `all' implies that any available port can be used to listen for data connections. The default value for this option is `all'.
This option is persistent across reboots.
ndmpd.enable
If on the NDMP daemon accepts requests. Turning the
option off disables request handling by the NDMP daemon.
The default is off. Enabling and disabling this
option is equivalent to executing ndmpd on and ndmpd
off respectively.
ndmpd.ignore_ctime.enabled
This option, when on, allows user to exclude files
with ctime changed from node incremental dumps since
other processes like virus scanning often alter the
ctime of files. When this option is off, backup on the
node will include all files with a change or modified
time later then the last dump in the previous level
dump. This option is persistent across reboots.
Most WIN32 APIs are often unaware of the "last changed time", ctime; they often incorrectly set a later time for files, causing these files to be included in the node's incremental dumps, and making the incremental dump very large. This is partially defying the purpose of having incremental dumps, since one uses incremental dumps to speed up the backup by only dumping files that were "changed" since the last backup.
ndmpd.maxversion
This option can be used to set the highest NDMP protocol
version supported by the NDMP server. The default
value is 4.
ndmpd.offset_map.enable
This option is used to enable or disable generation of
the inode offset map during NDMP based dump backups.
The offset map is required to perform Enhanced Direct
Access Restore (DAR) on the backup data. Enhanced DAR
provides support for directory DAR and DAR of files
with NT streams.
The default value is on.
This option persists across reboots.
ndmpd.password_length
Allows administrator to select either 8-byte or
16-byte NDMP specific passwords. The default value is
16. This is the length in all existing versions of
ONTAP that support this feature, so it will be backwards
compatible. This option is persistent and the
only legal values are 8 and 16. If an illegal value is
entered, the following message will be prompted:
options ndmpd.password_length: Length must be either 8
or 16. The options ndmpd.password_length controls
password length during both generation and authentication.
Supporting multiple concurrent NDMP specific
password lengths is NOT required, and will not be possible.
That is, if this options is set to 8, all NDMP
applications managing backups for that node MUST use
an 8-byte password for authentication.
ndmpd.preferred_interface
You can specify the node network interface to be used
when establishing an NDMP data connection to another
node. This option is not available on no-default vfilers.
By default, an NDMP data connection uses the same network interface as the NDMP control connection established by the NDMP backup application. However, when a data connection between NDMP-enabled devices needs to be established over an alternate network, it is necessary to specify the node's interface through which the alternate network will be accessed.
For example, a UNIX or NT resident NDMP backup application and multiple NDMP-enabled nodes can be interconnected via a corporate network. The same NDMPenabled devices can also be interconnected via an isolated private network. To minimize load on the corporate network, the ndmpd.preferred_interface option can be used to direct all NDMP data connections over the isolated private network.
To specify the preferred network interface to be used for NDMP data connections, issue the following command: options ndmpd.preferred_interface interface. interface identifies the network interface to be used for all NDMP data connections. Any network interface providing TCP/IP access can be specified. If no argument is specified, the command returns the name of the interface currently configured for data connections. If no interface is currently set, it reports disable. You can find the available network interfaces by using the ifconfig -a command.
To disable a preferred network interface specification and force the NDMP default interface to be used for data connections, issue the following command: options ndmpd.preferred_interface disable. The default value for the ndmp.preferred_interface option is disable.
Note: The ndmpd.preferred_interface option is persistent across node reboots.
ndmpd.tcpnodelay.enable
Enables/Disables the TCPNODELAY configuration parameter
for the socket between the storage system and the
DMA. When set to true, the Nagle algorithm is disabled
and small packets are sent immediately rather than
held and bundled with other small packets. This optimizes
the system for response time rather than
throughput.
The default value is false.
This option becomes active when the next NDMP session starts. Existing sessions are unaffected.
This option is persistent across reboots.
ndmpd.tcpwinsize
This option can be used to change the TCP buffer size
of the NDMP data connection. The minimum and maximum
values are 8192(8K) and 262,144(256K), respectively.
The default value is 32768.
nfs.acache.persistence.enabled
The default for this option is "on" (enabled). This
option controls whether the vfiler's access cache is
periodically saved on disk. A persistently-stored
access cache is restored into memory on reboot or
failover, avoiding the need to resolve access requests
which have been saved in the cache. To disable this
feature, the option can be set to "off".
nfs.export.exportfs_comment_on_delete
This option controls the deletion behavior for
exportfs -z. It controls whether entries are removed
or commented from the /etc/exports file. The default
value is true and entries are commented out. To remove
entries on deletion set it to false.
nfs.export.allow_provisional_access
The default for this option is enabled. This option
controls whether provisional access is granted in the
event that a name service outage prevents the node
from determining if a given client has access to an
exported path.
For example, the client in question may have readwrite access to an exported path. In this situation access is provided in IP address format. The client however could also be part of a netgroup that is given read-only access to the same path. Under normal circumstances the client would not be given write access because of how access rules are applied. In the event that the netgroup could not be resolved or expanded, the client would provisionally be granted write access since an entry for it could be found in IP form.
This example illustrates a security issue in that it is possible for clients to be given more access rights than originally intended. Therefore, the option is provided to disable provisional access. This has the effect of delaying access until it is possible for the node to definitively determine access rights for the client.
nfs.assist.queue.limit
The default for this option is 40. This option controls
the percentage of NFS asynchronous messages
which can be placed onto the NFS assist queue. Once
this limit has been reached, further NFS requests
which need to undergo a name service transaction will
instead have permissions granted based on
nfs.export.allow_provisional_access. The number of
available NFS asynchronous messages can be determined
with nfsstat -d.
nfs.export.auto-update
The default for this option is enabled. This option
controls whether automatic updates are performed on
the /etc/exports file. If it is not set, then the
commands vol create, vol delete, and vol rename will
not automatically rewrite the file. Instead they will
syslog the need to edit the file. When volumes are
moved between vfilers, automatic updates on the
/etc/exports file of the source and destination vfilers
are dependent on this option.
nfs.export.harvest.timeout
The default for this option is 1800 seconds (30 minutes).
This option sets the idle expiration time for
entries in the export access cache. This timer resets
every time the export is accessed from the host. The
minimum value is 60 seconds and the maximum is 7 days.
nfs.export.neg.timeout
The default for this option is 3600 seconds (one
hour). This option sets the refresh time for entries
which were denied access in the export access cache.
The minimum value is 60 seconds and the maximum is 7
days.
nfs.export.pos.timeout
The default for this option is 36000 seconds (ten
hours). This option sets the refresh time for entries
granted access in the export access cache. The minimum
value is 60 seconds and the maximum is 7 days.
nfs.export.resolve.timeout
The default for this option is 8 seconds. This option
had been hidden before and may have had a default of
either 30 or 15 seconds. This option controls how long
a name service lookup is allowed to proceed before the
NFS export code will determine that the name servers
are not responding in a timely fashion.
nfs.kerberos.enable
This option is off by default. It's not a configurable
option. It will be turned on when you do kerberos
setup.
nfs.kerberos.file_keytab.enable
The default for this option is off. When enabled, the
vfiler is directed to use a file based Kerberos key
table (in /etc/krb5.keytab), with a format equal to
that generated by an MIT-based kadmin command.
nfs.kerberos.principal
The default for this string option is a zero length
string. If nfs.kerberos.file_keytab.enable is
enabled, then the nfs.kerberos.principal option must
be set to the host specific part of an NFS server's
Kerberos principal name. For example, if nfs.kerberos.principal
is set to elrond.mycompany.com, then
the resulting principal name of the NFS server will be
nfs/elrond.mycompany.com@realm, where realm is the
value of nfs.kerberos.realm. Note that
nfs/elrond.mycompany.com@realm must appear as an entry
in /etc/krb5.keytab.
nfs.kerberos.realm
The default for this string option is a zero length
string. If nfs.kerberos.file_keytab.enable is
enabled, then the nfs.kerberos.realm option must be
set to the host specific part of an NFS server's Kerberos
principal name. For example, if nfs.kerberos.realm
is set to MYCOMPANY.COM, then the resulting
principal name of the NFS server will be nfs/principal@MYCOMPANY.COM,
where principal is value of
nfs.kerberos.principal. Note that nfs/principal@MYCOMPANY.COM
must appear as an entry in
/etc/krb5.keytab.
nfs.locking.check_domain
The default for this option is on. If this option is
set to off, then the NFS version 2 and 3 lock manager
(NLM) and the NFS version 2 and 3 status monitor (NSM)
will ignore the domain suffix when comparing the
client host name in an NSM request with that of client
host name associated with an outstanding lock. One
might want to set the nfs.locking.check_domain to off
if one has NFS version 2 or 3 clients that issue NLM
requests with fully qualified domain names (FQDNs) and
NSM requests with non-FQDNs. Similarly, if the converse
is true, one might want to turn nfs.locking.check_domain
off. Otherwise, clients that send
hostnames inconsistently will leave locks held on the
node, requiring manual intervention even after the
client reboots (and sends the NSM recovery message).
If nfs.locking.check_domain is off, then one must take care to make sure than the non-FQDNs of each client are unique, lest two clients with different domains cause each other to lose locks. For example, if the option is off, then two NFS clients, one named wally.eng.mycompany.com and the other named wally.corp.mycompany.com will be considered as the same for purposes of processing the NSM recovery message when either client reboots. It is strongly recommended that clients be fixed and/or reconfigured to obviate the need for setting nfs.locking.check_domain to off.
Because NFS version 4 uses schemes for locking and lock recovery that are completely different than NLM and NSM, the nfs.locking.check_domain option and the associated issue, do not apply to NFS version 4.
nfs.mount_rootonly
When enabled, the mount server will deny the request
if the client is not root user using privileged ports.
Valid values for this option are on (enabled) or off
(disabled). The default value for this option is on
for more secure access.
nfs.mountd.trace
When enabled, all mount requests are logged. This
option is intended to help debug denied mount
requests. Valid values for this option are on
(enabled) or off (disabled). The default value for
this option is off to avoid generating too many messages.
The logging output is stored in /etc/messages.
nfs.max_num_aux_groups
The default value for this option is 32. This option
controls the maximum number of auxiliary UNIX groups
of which a UNIX user can be a member. Valid values:
32 or 256.
nfs.netgroup.strict
When enabled, all entries in the export access lists
which do not have a `@' prepended are considered to
not be netgroups. This setting will bypass a potentially
spurious netgroup lookup for each non-netgroup
entry in the access lists. Entries in the export
access lists, which do not have a `@' prepended, need
to be unexported and re-exported, for this option to
take effect.
nfs.notify.carryover
This is set to on by default. When set to off, the
hosts present in the /etc/sm/notify file are not sent
NSM reboot notifications after a node panic/reboot. A
zero-byte file /etc/sm/.dontcarryover is created after
atleast one round of notifications or after one hour
passes since the notifications began (whichever comes
later). If the /etc/sm/.dontcarryover file exists and
the above option is false, then the existing
/etc/sm/notify file is truncated. In all other cases,
the exisiting /etc/sm/notify file is used for subsequent
notifications.
nfs.per_client_stats.enable
Enables/disables the collection and display of perclient
NFS statistics, as described in na_nfsstat(1).
Valid values for this option are on or off. The
default value for this option is off.
nfs.require_valid_mapped_uid
If this option is "on" it forces all NFS requests to
be successfully mapped via the /etc/usermap.cfg mechanism.
This allows NFS requests to be selectively validated
by UID or IP address. This mapping is described
in na_usermap.cfg(5). Valid values for this option
are on or off. The default value for this option is
off.
nfs.response.trace
If this option is "on", it forces all NFS requests
which have exceeded the time set in nfs.response.trigger
to be logged. If this option is "off", only one
message will be logged per hour. The default value
for this option is off.
nfs.response.trigger
Any NFS request which takes longer to complete than
the time set by this option will be logged, according
to the state of nfs.response.trace. The results of
this option can be used to determine if the client
side message "NFS Server not responding" is due to the
server or the network. The default value for this
option is 60 seconds.
nfs.rpcsec.ctx.high
The default is zero. If set to a value other than zero
it sets a high-water mark on the number of stateful
RPCSEC_GSS (see RFC2203) authentication contexts
(today, only Kerberos V5 produces stateful authentication
state in NFS). If it is zero, then no explicit
high-water mark is set.
nfs.rpcsec.ctx.idle
Default is 360 seconds. This is the amount of time, in
seconds, an RPCSEC_GSS context (see the description
for the nfs.rpcsec.ctx.high option) will be permitted
to be unused before it is deleted.
nfs.rpcsec.trace
When enabled, all rpcsec_gss authenticaion requests
are logged. This option is intended to help debug
denied rpcsec_gss requests. Valid values for this
option are on (enabled) or off (disabled). The
default value for this option is off to avoid generating
too many messages. The logging output is stored
in /etc/messages.
nfs.tcp.enable
When enabled, the NFS server supports NFS over TCP.
By default, the feature is disabled since some clients
which support NFS over TCP do so with performance
inferior to UDP. It can be enabled if this is not an
issue in your environment. Valid values for this
option are on or off. The default value for this
option is on.
nfs.udp.enable
When enabled, the NFS server supports NFS over UDP.
Valid values for this option are on or off. The
default value for this option is on.
nfs.thin_prov.ejuke
This option is on by default. When enabled, the NFS
server sends EJUKEBOX to the client. The client can
then resend the request after some delay. When the
option is disabled, the NFS server sends EOFFLINE and
terminates the connection.
nfs.ipv6.enable
When enabled, the NFS server supports IPv6 based services.
By default, the feature is disabled. Enabling
NFS over IPv6 requires a restart of the nfs services
with an nfs off and nfs on. Disabling NFS IPv6 support
would not affect the IPv4 traffic. The ONTAP IPv6
stack should be turned on with the ip.v6.enable option
before NFS can run over IPv6. Valid values for this
option are on or off. The default value for this
option is off.
nfs.ifc.rcv.high
The option nfs.ifc.rcv.high controls the high watermark
after which the NFS level flow control will kick
in. This option is also controlled by nfs.tcp.recvwindowsize.
Changing the nfs.tcp.recvwindowsize option
will automatically change the value of
nfs.ifc.rcv.high.
nfs.ifc.rcv.low
The option sets lower limit for NFS flow control window.
nfs.ifc.xmt.high
NFS goes into transmit flow control when the send window
is full and the number of outstanding requests
increases beyond nfs.ifc.xmt.high. At that time NFS
will stop reading from the TCP input window. The
default value for this option is set to 16. Its maximum
limit is 64. This is a persistent option.
nfs.ifc.xmt.low
NFS comes out of flow control when the number of outstanding
requests goes below nfs.ifc.xmt.low. The
default value for this option is set to 8. Its
minimum value is 0. This is a persistent option.
nfs.hide_snapshot
This is off by default and is persistent across
reboots. This is effective only when nosnapdir is disabled.
Setting this option to on allows snapshots to
be hidden in the NFS directory listings. The .snapshot
directory itself is visible, but the actual snapshots
will be hidden. At the same time, an explicit access
to snapshots is allowed even though they are not visible
in the directory listings.
Also, when this option is set to on, a hidden ".snapshot" directory is available within the ".snapshot" directory. This new entry is not visible in the directory listings of parent ".snapshot" but when accessed, will give the list of named snapshots that were hidden in the parent ".snapshot" directory. Basically, this provides a convenient way to see the list of snapshots available in the parent ".snapshot" directory, even when this option is set to on.
NOTE: When this option is on and if you have mounted a path ending with ".snapshot", `pwd' may not work correctly in such a mounted path and its directory tree on the client. As a result, any applications that depend on obtaining the current working directory using the standard UNIX library calls like getpwd(3C) may not function correctly. The exact result reported when asked for current working directory is dependent on the client's `pwd' implementation.
nfs.udp.xfersize
The maximum transfer size (in bytes) that the NFS
mount protocol will negotiate with the client for UDP
transport. Larger transfer sizes often result in better
NFS performance. The default is 32768. The maximum
value for this option is 57344 (56K).
nfs.v2.df_2gb_lim
Causes the node to return replies to the "file system
statistics" NFS version 2 request that shows no more
than (2**31)-1 (or 2,147,483,647) total, free, or
available bytes (i.e., 2GB) on the file system.
Some NFS clients require this option because, if they get return values from the "file system statistics" request with more than the specified number of bytes, they'll incorrectly compute the amount of free space on the file system, and may think that there's no free space on a file system that has more than 2GB free. Valid values for this option are on or off. The default value for this option is off.
nfs.v2.enable
When enabled, the NFS server supports NFS version 2.
Valid values for this option are on (enabled) or off
(disabled). The default value for this option is on.
In certain cases, enabling this option does not automatically enable MOUNT support at version 2 level, causing a subsequent mount operation to fail. If this occurs - or to avoid the issue - stop and restart the NFS server after enabling this option.
nfs.v3.enable
When enabled, the NFS server supports NFS version 3.
Disable this option if there is a problem with some
client when using NFS version 3, and that client can
be configured to use NFS version 2. Valid values for
this option are on (enabled) or off (disabled). The
default value for this option is on.
In certain cases, enabling this option does not automatically enable MOUNT version 3 of the NFS server. Hence, a fresh mount over NFS version 3 may not be successful. A workaround would be to switch NFS server off followed by switching it on.
nfs.v4.enable
When enabled, the NFS server supports NFS version 4.
NFS version 4 support is only over the TCP protocol.
Valid values for this option are on (enabled) or off
(disabled). The default value for this option is off.
nfs.nfs_rootonly
When enabled, the NFS server will reject client
requests from the non-reserved ports(>=1024) except
for the NULL call. Ports lower than 1024 can only be
used by the root user. Valid values for this option
are on (enabled) or off (disabled). The default value
for this option is off.
nfs.v4.read_delegation
Read delegations allow NFS version 4 clients to do
read operations locally without contacting the server.
These include open for read, read locks and file read
operations. Both the server and client must support
read delegations for this feature to work. When
enabled, read delegations are supported for NFS version
4. This feature is not supported for NFS versions
2 and 3. The default value for this option is off.
nfs.v4.write_delegation
Write delegations allow NFS version 4 clients to do
write operations locally without contacting the
server. These include open for write, write locks and
writing to files. Both the server and client must support
write delegations for this feature to work. When
enabled, write delegations are supported for NFS version
4. This feature is not supported over NFS versions
2 and 3. Valid values for this option are on
(enabled) or off (disabled). The default value for
this option is off.
nfs.v4.id.domain
This option controls the domain portion of the string
form of user and group names as defined in the NFS
version 4 protocol. The domain name is normally taken
from the NIS domain in use, or otherwise from the DNS
domain. However if this option is set, it will override
this default behavior.
nfs.v4.id.allow_numerics
This option allows numeric string identifiers in NFSv4
owner attributes. The default value for this option
is off. Numeric string identifiers in NFSv4 owner
attributes will be treated as NOBODY if this option is
off.
nfs.v4.acl.enable
When enabled, ACLs are supported for NFS version 4.
The ACL option controls setting and getting NFSV4
ACLs. It does not control enforcement of these ACLs
for access checking. This feature is not supported
over NFS versions 2 and 3. The default value for this
option is off.
nfs.vstorage.enable
When enabled, NFS vStorage feature is supported. The
vStorage option provides Copy Offload (server side
copy) feature. The default value for this option is
off.
nfs.ntacl_display_permissive_perms
This option controls the permissions that are displayed
to NFS version 3 and NFS version 4 clients on a
file/directory that has an NT ACL set. When enabled,
the permissions displayed are based on the maximum
access granted by the NT ACL to any user. When disabled,
the permissions displayed are based on the minimum
access granted by NT ACL to any user. The
default value for this option is off.
nfs.webnfs.enable
When enabled, the NFS server supports WebNFS lookups.
Valid values for this option are on (enabled) or off
(disabled). The default value for this option is off.
nfs.webnfs.rootdir
Specifies the WebNFS rootdir. Once the rootdir is set,
WebNFS clients can issue lookups relative to the rootdir
using the public filehandle. The default value
for this option is `XXX'. This option is only used
when nfs.webnfs.rootdir.set is on, and nfs.webnfs.rootdir.set
can only be on if this option contains
the fully qualified pathname to a valid, existing
directory.
nfs.webnfs.rootdir.set
This option needs to be enabled for the rootdir setting
to take effect. Disabling this option disables
the existing rootdir setting. Valid values for this
option are on (enabled) or off (disabled). The
default value for this option is off. Note that this
option can only be enabled if the nfs.webnfs.rootdir
option contains a fully qualified pathname to a valid,
existing directory.
nis.domainname
Sets the NIS domain to the specified domainname. The
default for value for this option is the null string.
nis.enable
Enables NIS client on the node. The NIS domain must be
set prior to enabling NIS. Valid values for this
option are on or off. The default value for this
option is off.
nis.group_update.enable
Enables the local caching of the NIS group files.
Valid values for this option are on or off. The
default value for this option is off.
nis.group_update_schedule
Specifies the hours of the day when the local NIS
group cache has to be updated. `now' will update the
cache immediately. The valid value for this option is
a comma separated list of hours, in the range of 1 to
24. The default value for this option is 24.
nis.netgroup.domain_search.enable
Specifies whether netgroup entry comparisons will consider
the domainnames in the search directive from
/etc/resolv.conf. The default value for this option
is on.
nis.netgroup.legacy_nisdomain_search.enable Specifies whether netgroup entry comparisons will consider the legacy SUNOS compatible nisdomainname in the search directive. The default value for this option is on.
nis.servers
Specifies the list of preferred NIS servers. Valid
values for this option is `*' or a comma separated
list of ip addresses. The default value for this
option is `*'.
nis.slave.enable
Enables NIS slave on the node. Valid values for this
option are on or off. The default value for this
option is off.
nlm.cleanup.timeout
This timeout value controls the max duration for which
nlm tries to clean-up stale objects. The default value
for this option is 100 milli-seconds.
nlm.trace
When enabled, all asynchronous nlm requests and server
callbacks are logged. This option is intended to help
debug asynchronous nlm requests and all lock requests
which were blocked on the server because of a conflict
and require the server to send a callback to the
client. This option is persistent across reboots so it
should be used carefully. Valid values for this
option are on (enabled) or off (disabled). The
default value for this option is off to avoid too many
messages.
pcnfsd.access_check
If on, enables synchronization between PCNFSD and NFS
locks (shared vs byte locks) on the file objects. See
burt 249076. Any changes done to this option, needs a
node reboot to become effective.
pcnfsd.enable
Enables/disables the PCNFSD (PC)NFS authentication
request server (see na_pcnfsd(8)). Valid values for
this option are on or off. The default value for this
option is off.
rquotad.enable
Enables/disables the RQUOTA daemon (see na_rquotad(8)).
Valid values for this option are on or off.
The default value for this option is on.
pcnfsd.umask
Specifies the default umask for files created by (PC)
NFS clients. The value of this option is a threedigit
octal number, and the digits correspond to the
read, write, and execute permissions for owner, group,
and other, respectively. The default value for this
option is 022, which means that files normally created
with mode 666 effectively will have mode 644. ("644"
means that the file owner has read and write permissions,
but the members of the group and others have
only read permission.).
nfs.always.deny.truncate
This option controls whether NFSv2 and NFSv3 clients
can truncate a file in UNIX qtree when the same file
is also opened from a CIFS client with DENY write permissions.
Valid values for this option are on
(enabled) or off (disabled). The default value for
this option is on.
If you enable this option, NFSv2 and NFSv3 clients cannot modify a file when the file is opened from a CIFS client with DENY write permissions. This protects the file's integrity in such a scenario.
If you disable this option, NFSv2 and NFSv3 clients can modify a file when the file is opened from a CIFS client with DENY write permissions. You might want to disable this option in an environment where UNIX semantics need to prevail on a UNIX qtree for stateless clients like NFSv2 and NFSv3. However, in some situations this can lead to the file's integrity being compromised.
ra.path_switch.threshold
When excessive errors are encountered on a device
within a short enough time period to raise concern
that there might be a faulty component between the
Fibre Channel initiator and backend storage, a
scsi.path.excessiveErrors EMS event is logged and the
associated path will be avoided by Data ONTAP.
This option controls the sensitivity of intermittent path error detection. Setting this option to a lower value will reduce the number of errors required to trigger the avoidance functionality. Setting it to a higher value requires more errors to trigger this event and decreases the sensitivity of path failure detection.
Valid values for this threshold range from 1 to 2000. The default value for this option is 100 and should only be changed when recommended by service personnel.
raid.background_disk_fw_update.enable
Determines the behavior of automatic disk firmware
update. Valid values for this option are on or off.
The default value for this option is on. If the
option is set to on, firmware updates to spares and
filesystem disks within RAID-DP, mirrored RAID-DP and
mirrored RAID4 volumes is performed in a non-disruptive
manner via a background process. Firmware updates
for disks within RAID4 volumes will however be done at
boot. If the option is turned off then disk firmware
update is run manually. When disk firmware update runs
manually it makes disks inaccessible for up to 2 minutes,
so network sessions using the node should be
closed down before running it. This is particularly
true for CIFS sessions, which will normally be terminated
while disk firmware update command executes.
This whole process is very disruptive to the operation
of the node and is highly discouraged.
raid.disk.copy.auto.enable
Determines the action taken when a disk reports a predictive
failure. Valid values for this option are on
or off. The default value for this option is on.
Sometimes, it is possible to predict that a disk will fail soon based on a pattern of recovered errors that have happened on the disk. In such cases, the disk will report a predictive failure to Data ONTAP. If this option is set to on, Data ONTAP will initiate Rapid RAID Recovery to copy data from the failing disk to an available spare. When data is copied, the disk will be failed and placed in the pool of broken disks. If a spare is not available, the node will continue to use the prefailed disk until the disk fails.
If the option is set to off, the disk will be failed immediately and placed in the pool of broken disks. A spare will be selected and data from the missing disk will be reconstructed from other disks in the RAID group. The disk will not be failed if the RAID group is already degraded or reconstructing so that another disk failure would lead to a failure of the whole RAID group.
raid.disktype.enable
This option is obsolete. Use options
raid.mix.hdd.disktype.capacity and raid.mix.hdd.disktype.performance
instead.
raid.mix.hdd.disktype.performance
Controls mixing of FCAL and SAS disk types. The
default value is off, which prevents mixing.
If you set this option to on, FCAL and SAS disk types are considered interchangeable for all aggregate operations, including aggregate creation, adding disks to an aggregate, and replacing disks within an existing aggregate, whether this is done by the administrator or automatically by Data ONTAP.
When this option is set to off, FCAL and SAS disks cannot be combined within the same aggregate. If you have existing aggregates that combine those disk types, those aggregates will continue to function normally and accept either disk type.
raid.mix.hdd.disktype.capacity
Controls mixing of SATA, BSAS, FSAS and ATA disk
types. The default value is on, which allows mixing.
When this option is set to on, SATA, BSAS, FSAS and ATA disk types are considered interchangeable for all aggregate operations, including aggregate creation, adding disks to an aggregate, and replacing disks within an existing aggregate, whether this is done by the administrator or automatically by Data ONTAP.
If you set this option to off, SATA, BSAS, FSAS and ATA disks cannot be combined within the same aggregate. If you have existing aggregates that combine those disk types, those aggregates will continue to function normally and accept any of those disk types.
raid.media_scrub.enable
Enables/disables continuous background media scrubs
for all aggregates (including those embedded in traditional
volumes) in the system. Valid values for this
option are on or off. The default value for this
option is on. When enabled, a low-overhead version of
scrub which checks only for media errors runs continuously
on all aggregates in the system. Background
media scrub incurs negligible performance impact on
user workload and uses aggressive disk and CPU throttling
to achieve that.
raid.media_scrub.spares.enable
Enables/Disables continuous background media scrubs
for all spares drives within the system. Valid values
for this option are on or off. The default value for
this option is on. When enabled a low overhead version
of scrub which checks only for media errors runs
continuously on all spare drives of the system. Background
media scrub incurs negligible performance
impact on user workload and uses aggressive disk and
CPU throttling to achieve that. This option is used
in conjunction with raid.media_scrub.enable which
enables/disables media_scrub on a system-wide basis.
The value for this option has no effect if the systemwide
option is set to off.
raid.media_scrub.rate
Sets the rate of media scrub on an aggregate (including
those embedded in traditional volumes). Valid values
for this option range from 300 to 3000 where a
rate of 300 represents a media scrub of approximately
512 MBytes per hour, and 3000 represents a media scrub
of approximately 5 GBytes per hour. The default value
for this option is 600, which is a rate of approximately
1 GByte per hour.
raid.min_spare_count
Specifies the minimum number of spare drives required
to avoid warnings for low spares. If there are at
least raid.min_spare_count spare drives that are
appropriate replacements for any filesystem disk, then
there will be no warnings for low spares. This option
can be set from 0 to 4. The default setting is 1. Setting
this option to 0 means that there will be no
warnings for low spares even if there are no spares
available. This option can be set to 0 only on systems
with 16 or fewer attached drives and that are running
with RAID-DP aggregates. A setting of 0 is not allowed
on systems with RAID4 aggregates.
raid.mirror_read_plex_pref
Specifies the plex preference when reading from a mirrored
traditional volume or aggregate on a MetroCluster-configured
system. There are three possible values
-- `local' indicates that all reads are handled by
the local plex (plex consisting of disks from Pool0),
`remote' indicates that all reads are handled by the
remote plex (plex consisting of disks from Pool1), and
`alternate' indicates that the handling of read
requests is shared between the two plexes. This
option is ignored if the system is not in a MetroCluster
configuration, that is, option cf.remote_syncmirror.enable
is not enabled. The option setting
applies to all traditional volumes and aggregates on
the node.
raid.mirror_skip_config_checks
Enables/disables the enforcement of disk pool separation
in RAID SyncMirror. Valid values are on or off.
The default value is off. When set to off, RAID checks
when the first mirrored aggregate is created that
disks are separated into pools based on the adapter
loop they are attached to. When set to on, these
checks are bypassed. Disk pool separation is important
for SyncMirror robustness. Therefore, this option
should be used with care.
raid.reconstruct_speed
This option is obsolete. See raid.reconstruct.perf_impact
for the option that controls the
effect of RAID reconstruction.
raid.reconstruct.perf_impact
Sets the overall performance impact of RAID reconstruction.
When the CPU and disk bandwidth are not
consumed by serving clients, RAID reconstruction consumes
as much as it needs. If the serving of clients
is already consuming most or all of the CPU and disk
bandwidth, this option allows control over how much of
the CPU and disk bandwidth will be taken away for
reconstruction, and hence how much of a negative performance
impact it will be to the serving of clients.
As the value of this option is increased, the speed of
reconstruction will also increase. The possible values
for this option are low, medium, and high. The
default value is medium. There is also a special
value of default, which will use the current default
value. When mirror resync and reconstruction are running
at the same time, the system does not distinguish
between their separate resource consumption on shared
resources (like CPU or a shared disk). In this case,
the resource utilization of these operations taken
together is limited to the maximum of their configured
individual resource entitlements.
raid.reconstruct.wafliron.enable
Enables starting wafliron (see na_vol(1)) when reconstruction
encounters a medium error. Valid values for
this option are on and off. The default value for this
option is on. When a medium error is encountered in
an aggregate during reconstruction, access to the volume(s)
it contains is temporarily restricted and
reconstruction proceeds, bypassing media errors. If
this option is enabled, wafliron is started automatically,
thus bringing the aggregate and its volume(s)
back online. If this option is disabled, the volume(s)
stay restricted.
raid.resync.perf_impact
Sets the overall performance impact of RAID mirror
resync (whether started automatically by the system or
implicitly by an operator-issued command). When the
CPU and disk bandwidth are not consumed by serving
clients, a resync operation consumes as much as it
needs. If the serving of clients is already consuming
most or all of the CPU and disk bandwidth, this option
controls how much of the CPU and disk bandwidth will
be taken away for resync operations, and hence how
much of a negative performance impact it will be to
the serving of clients. As the value of this option
is increased, the speed of resync will also increase.
The possible values for this option are low, medium,
and high. The default value is medium. There is also
a special value of default, which will use the current
default value. When RAID mirror resync and reconstruction
are running at the same time, the system
does not distinguish between their separate resource
consumption on shared resources (like CPU or a shared
disk). In this case, the resource utilization of
these operations taken together is limited to the maximum
of their configured individual resource entitlements.
raid.rpm.ata.enable
This option is obsolete. Use option
raid.mix.hdd.rpm.capacity instead.
raid.mix.hdd.rpm.capacity
Controls separation of capacity-based hard disk drives
(ATA, SATA, BSAS, FSAS, MSATA) by uniform rotational
speed (RPM). If you set this option to off, Data
ONTAP always selects disks with the same RPM when creating
new aggregates or when adding disks to existing
aggregates using these disk types. If you set this
option to on, Data ONTAP does not differentiate
between these disk types based on rotational speed.
For example, Data ONTAP might use both 5400 RPM and
7200 RPM disks in the same aggregate. The default
value is on.
raid.rpm.fcal.enable
This option is obsolete. Use option
raid.mix.hdd.rpm.performance instead.
raid.mix.hdd.rpm.performance
Controls separation of performance-based hard disk
drives (SAS, FCAL) by uniform rotational speed (RPM).
If you set this option to off, Data ONTAP always
selects disks with the same RPM when creating new
aggregates or when adding disks to existing aggregates
using these disk types. If you set this option to on,
Data ONTAP does not differentiate between these disk
types based on rotational speed. For example, Data
ONTAP might use both 10K RPM and 15K RPM disks in the
same aggregate. The default value is off.
raid.scrub.duration
Sets the duration of automatically started scrubs, in
minutes. If this is not set or set to 0, it defaults
to 6 hours (360 minutes). If set to `-1', all automatic
scrubs will run to completion.
raid.scrub.enable
Enables/disables the RAID scrub feature (see
na_disk(1)). Valid values for this option are on or
off. The default value for this option is on. This
option only affects the scrubbing process that gets
started from cron. This option is ignored for userrequested
scrubs.
raid.scrub.perf_impact
Sets the overall performance impact of RAID scrubbing
(whether started automatically or manually). When the
CPU and disk bandwidth are not consumed by serving
clients, scrubbing consumes as much as it needs. If
the serving of clients is already consuming most or
all of the CPU and disk bandwidth, this option controls
how much of the CPU and disk bandwidth will be
taken away for scrubbing, and hence how much of a negative
performance impact it will be to the serving of
clients. As the value of this option is increased,
the speed of scrubbing will also increase. The possible
values for this option are low, medium, and high.
The default value is low. There is also a special
value of default, which will use the current default
value. When scrub and mirror verify are running at
the same time, the system does not distinguish between
their separate resource consumption on shared
resources (like CPU or a shared disk). In this case,
the resource utilization of these operations taken
together is limited to the maximum of their configured
individual resource entitlements.
raid.scrub.schedule
Specifies the weekly schedule (day, time, and duration)
for scrubs started automatically by the
raid.scrub.enable option. The default schedule is Sunday
1 a.m. for the duration specified by the
raid.scrub.duration option. If an empty string ("")
is specified as an argument, it will delete the previous
scrub schedule and add the default schedule. One
or more schedules can be specified using this option.
The syntax is duration[h|m]@weekday@start_time,[duration[h|m]@weekday@start_time,...]
where duration is
the time period for which scrub operation is allowed
to run, in hours or minutes ('h' or `m' respectively).
If duration is not specified, the raid.scrub.duration
option value will be used as duration for the schedule.
weekday is the day when scrub operation should start. Valid values are sun, mon, tue, wed, thu, fri, sat.
start_time is the time when scrub should start, specified in 24 hour format. Only the hour (0-23) needs to be specified.
For example, options raid.scrub.schedule 240m@tue@2,8h@sat@22 will cause scrub to start on every Tuesday at 2 a.m. for 240 minutes, and on every Saturday at 10 p.m. for 480 minutes.
raid.timeout
Sets the time, in hours, that the system will run
after a single disk failure in a RAID4 group or a two
disk failure in a RAID-DP group has caused the system
to go into degraded mode or double degraded mode
respectively, or after NVRAM battery failure has
occurred. The default is 24, the minimum acceptable
value is 0 and the largest acceptable value is
4,294,967,295. If the raid.timeout option is specified
when the system is in degraded mode or in double
degraded mode, the timeout is set to the value specified
and the timeout is restarted. If the value specified
is 0, automatic system shutdown is disabled.
raid.verify.perf_impact
Sets the overall performance impact of RAID mirror
verify. When the CPU and disk bandwidth are not consumed
by serving clients, a verify operation consumes
as much as it needs. If the serving of clients is
already consuming most or all of the CPU and disk
bandwidth, this option controls how much of the CPU
and disk bandwidth will be taken away for verify, and
hence how much of a negative performance impact it
will be to the serving of clients. As you increase
the value of this option, the verify speed will also
increase. The possible values for this option are
low, medium, and high. The default value is low.
There is also a special value of default, which will
use the current default value. When scrub and mirror
verify are running at the same time, the system does
not distinguish between their separate resource consumption
on shared resources (like CPU or a shared
disk). In this case, the resource utilization of
these operations taken together is limited to the maximum
of their configured individual resource entitlements.
replication.logical.reserved_transfers
This option guarantees that the specified number of
qtree SnapMirror or SnapVault source/destination
transfers can always be run. Setting this option will
reduce the maximum limits for all other transfer
types. The default value for this option is 0.
replication.throttle.enable
Enables global network throttling of SnapMirror and
SnapVault transfers. The default value for this
option is off.
replication.throttle.incoming.max_kbs
This option specifies the maximum total bandwidth used
by all the incoming (applied at destination) SnapMirror
and SnapVault transfers, specified in kilobytes/sec.
The default value for this option is unlimited,
which means there is no limit on total bandwidth
used. This option is valid only when the option replication.throttle.enable
is on.
replication.throttle.outgoing.max_kbs
This option specifies the maximum total bandwidth used
by all the outgoing (applied at source) SnapMirror and
SnapVault transfers specified in kilobytes/sec. The
default value for this option is unlimited, which
means there is no limit on total bandwidth used. This
option is valid only when the option replication.throttle.enable
is on.
replication.volume.reserved_transfers
This option guarantees that the specified number of
volume SnapMirror source/destination transfers can
always be run. Setting this option will reduce the
maximum limits for all other transfer types. The
default value for this option is 0.
replication.volume.use_auto_resync
This option enables auto resync functionality for Synchronous
SnapMirror relations. This option if enabled
on Synchronous SnapMirror, destination will update
from the source using the latest common base snapshot
deleting all destination side snapshots newer than the
common base snapshot. The default value for this
option is off.
rlm.setup
Displays whether the RLM has been configured. The RLM
is configured through the setup or the rlm setup command.
rlm.autologout.enable
Enables or disables the automatic logout of idle RLM
SSH connections. The default is on, which causes RLM
SSH connections to be disconnected after the number of
minutes specified by the rlm.autologout.timeout
value. Any change to this option requires a logout
from the RLM before it takes effect.
rlm.autologout.timeout
The number of minutes after which RLM SSH idle connections
are The number of minutes after which telnet
connections are disconnected if rlm.autologout.enable
is on. The default is 60 minutes. Any change to this
option requires a logout from the RLM before it takes
effect.
rlm.ssh.access
Restricts SSH access to the RLM. For valid values,
see na_rlmaccess(8).
rmc.setup
If LAN settings have been provided for a remote management
controller, this will be set to on and the
presence of its dedicated LAN interface and external
power supply is periodically verified.
rpc.nlm.tcp.port
This option allows the NLM rpc service over TCP to be
registered on a port other than the default. nfs off
followed by nfs on is required to re-register the service
on the new port. This is a per host option and is
persistent across reboots. The results are undefined
if more than one RPC services are registered on the
same port.
rpc.nlm.udp.port
This option allows the NLM rpc service over UDP to be
registered on a port other than the default. nfs off
followed by nfs on is required to re-register the service
on the new port. This is a per host option and is
persistent across reboots. The results are undefined
if more than one RPC services are registered on the
same port.
rpc.nsm.tcp.port
This option allows the NSM rpc service over TCP to be
registered on a port other than the default. nfs off
followed by nfs on is required to re-register the service
on the new port. This is a per host option and is
persistent across reboots. The results are undefined
if more than one RPC services are registered on the
same port.
rpc.nsm.udp.port
This option allows the NSM rpc service over UDP to be
registered on a port other than the default. nfs off
followed by nfs on is required to re-register the service
on the new port. This is a per host option and is
persistent across reboots. The results are undefined
if more than one RPC services are registered on the
same port.
rpc.mountd.tcp.port
This option allows the MOUNTD rpc service over TCP to
be registered on a port other than the default. nfs
off followed by nfs on is required to re-register the
service on the new port. This is a per host option and
is persistent across reboots. The results are undefined
if more than one RPC services are registered on
the same port.
rpc.mountd.udp.port
This option allows the MOUNTD rpc service over UDP to
be registered on a port other than the default. nfs
off followed by nfs on is required to re-register the
service on the new port. This is a per host option and
is persistent across reboots. The results are undefined
if more than one RPC services are registered on
the same port.
rpc.pcnfsd.tcp.port
This option allows the PCNFSD rpc service over TCP to
be registered on a port other than the default. nfs
off followed by nfs on is required to re-register the
service on the new port. This is a per host option and
is persistent across reboots. The results are undefined
if more than one RPC services are registered on
the same port.
rpc.pcnfsd.udp.port
This option allows the PCNFSD rpc service over UDP to
be registered on a port other than the default. nfs
off followed by nfs on is required to re-register the
service on the new port. This is a per host option and
is persistent across reboots. The results are undefined
if more than one RPC services are registered on
the same port.
rpc.rquotad.udp.port
This option allows the RQUOTAD rpc service over UDP to
be registered on a port other than the default. nfs
off followed by nfs on is required to re-register the
service on the new port. This is a per host option and
is persistent across reboots. This service is only
registered over UDP. The results are undefined if more
than one RPC services are registered on the same port.
rsh.access
Restricts rsh access to the node. For valid values,
see na_protocolaccess(8).
rsh.enable
Enables the RSH server on the node. Valid values for
this option are on or off. The starting default value
on a factory install for this option is off.
security.admin.authentication
This option controls where the node finds authentication
information for admins. Authentication can be
done via the local administrative repository or
through repositories found in the nsswitch.conf file.
Authentication via nsswitch.conf allows ldap and nis
centralized administration. The value of this option
can be `internal', `nsswitch', `internal,nsswitch', or
`nsswitch,internal'. The repositories are searched in
the order specified. The default value is `internal'.
security.admin.nsswitchgroup
This option specifies which group found in the nsswitch.conf
file has administrative access to the node.
This option must be set to a valid group to give any
nsswitch users login privileges. See na_useradmin(1)
for more information about the admin role. The default
value is no group.
security.passwd.firstlogin.enable
This option controls whether all admins (except for
root) must change their passwords upon first login. A
value of on means that newly created admins, or admins
whose passwords were changed by another admin, may
only run the passwd command until the password is
changed. Default value is off.
security.passwd.lockout.numtries
This option controls how many attempts an admin can
try a login before the account is disabled. This
account may be re-enabled by having a different admin
change the disabled admin's password. If this value is
default, then failing to login will never disable an
account. The default value for this option is
4294967295.
security.passwd.rootaccess.enable
This option controls whether root can have access to
the system. A value of off means that root cannot
login or execute any commands. This option is reset to
on if a user changes root's password, or during a boot
without etc/rc. By default, this option is on.
security.passwd.rules.enable
This option controls whether a check for password composition
is performed when new passwords are specified.
See na_passwd(1) and/or na_useradmin(1) for
additional information on relevant effected functionality.
A value of on means that the check will be
made, and the password rejected if it doesn't pass the
check. A value of off means that the check won't be
made. The default value for this option is on. By
default, this option does not apply to the users
"root" or "Administrator" (the NT Administrator
account).
security.passwd.rules.everyone
This option controls whether a check for password composition
is performed for all users, including "root"
and "Administrator". A value of off means that the
checks do not apply to "root" or "Administrator" (but
still may apply to all other users). The starting
default value on a factory install or a newly created
vfiler for this option is on. security.passwd.rules.enable
must have the value on or
this option is ignored.
security.passwd.rules.history
This option controls whether an administrator can reuse
a previous password. A value of 5 means that the
appliance will store 5 passwords, none of which an
admin can re-use. A value of 0 means that an admin is
not restricted by any previous password. The starting
default value on a factory install or a newly created
vfiler is 6. security.passwd.rules.enable must have
the value on or this option is ignored. To prevent
administrators from abusing this option by cycling
through the password history, see the `-m' option in
na_useradmin(1).
security.passwd.rules.maximum
This option controls the maximum number of characters
a password can have. Though there is no default value
for this option, only the first 16 characters are
saved. Users with passwords greater than 14 characters
will not be able to log in via the Windows interfaces,
so if you are using Windows, we recommend this value
to be 14.) security.passwd.rules.enable must have the
value on or this option is ignored.
security.passwd.rules.minimum
This option controls the minimum number of characters
a password must have. The default value for this
option is 8. security.passwd.rules.enable must have
the value on or this option is ignored.
security.passwd.rules.minimum.alphabetic
This option controls the minimum number of alphabetic
characters a password must have. (NOTE: A password
cannot be just digits and symbols.) These are capital
and lowercase letters from a to z. The default value
for this option is 2. security.passwd.rules.enable
must have the value on or this option is ignored.
security.passwd.rules.minimum.uppercase
This option controls the minimum number of uppercase
alphabetic characters ("A" to "Z") that a password
must contain. If set to a non-zero value, a password
cannot be comprised only of digits, symbols and lowercase
characters. The default value for this option is
0 (zero). security.passwd.rules.enable must have the
value on or this option is ignored.
security.passwd.rules.minimum.lowercase
This option controls the minimum number of lowercase
alphabetic characters ("a" to "z") that a password
must contain. If set to a non-zero value, a password
cannot be comprised only of digits, symbols and uppercase
characters. The default value for this option is
0 (zero). security.passwd.rules.enable must have the
value on or this option is ignored.
security.passwd.rules.minimum.digit
This option controls the minimum number of digit characters
a password must have. These are numbers from 0
to 9. The default value for this option is 1. security.passwd.rules.enable
must have the value on or
this option is ignored.
security.passwd.rules.minimum.symbol
This option controls the minimum number of symbol
characters a password must have. These are whitespace
and punctuation characters. The default value for this
option is 0. security.passwd.rules.enable must have
the value on or this option is ignored.
sftp.enable
When enabled (on), this option allows SFTP(SSH File
Transfer Protocol) connections on port 22. When disabled
(off), SFTP connection attempts are refused.
SFTP can be started only if SSH2 is enabled.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
sftp.auth_style
Sets the SFTP(SSH File Transfer Protocol) login
authentication style. In mixed mode, usernames with
"\" or "@" will authenticate via ntlm and those without
will authenticate via unix. Setting ntlm or unix
explicitly will force the respective authentication
type regardless of the format of the username.
Default: mixed
Values: ntlm, unix, mixed
Effective: Upon SFTP client reconnection
Persistence: Remains in effect across system reboots
sftp.bypass_traverse_checking
When turned on, directories in the path to a file are
not required to have the `X' (traverse) permission.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
sftp.dir_restriction
Sets user home directory restriction. The off (or
none) setting indicates that there is no home directory
restriction for regular users. When this option
is set to on (or homedir), each named account user's
access is restricted to that user's own home directory
or to the override directory, if one is specified by
the sftp.dir.override option.
Default: on
Values: on, off, none, homedir
Effective: Upon SFTP client reconnection
Persistence: Remains in effect across system reboots
sftp.dir_override
Sets the override path for the user home directory. A
"" (null) value indicates no home directory override;
users will be placed in their home directory upon
login. When the value of this option is a valid
directory path, users will be placed in that directory
upon login. This option applies only to named user
accounts. The behavior of the default user account is
not affected by the value of sftp.dir.override.
Default: "" (null)
Effective: Upon SFTP client reconnection
Persistence: Remains in effect across system reboots
sftp.idle_timeout
Sets the time between requests that a SFTP(SSH File
Transfer Protocol) session can be idle before it
becomes a candidate for disconnection by the node.
Default: 900s
Min/Max: 300s - 48h in seconds (s), minutes(m) or hours (h)
Effective: Immediately
Persistence: Remains in effect across system reboots
sftp.log_enable
Enables/disables the logging of SFTP(SSH File Transfer
Protocol) packets and data transfer operations.
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
sftp.log_filesize
Specifies the maximum file size for SFTP(SSH File
Transfer Protocol) logs in the /etc/log directory.
When one of the active log files, such as sftp.cmd
reaches this size, it is renamed to sftp.cmd.1, and
that renamed log history file is closed. If there is
already a historical log file, such as sftp.cmd.1,
that file is renamed to sftp.cmd.2. This renaming process
continues sequentially for all historical log
files, until the maximum number of historical log
files (specified by sftp.log.nfiles) is reached. Once
the maximum number of historical log files is reached,
the oldest log file is deleted each time a new active
log file is opened. See the description of the
sftp.log.nfiles option for more information.
Default: 512k
Min/Max: 1K - 4G in gigabytes (G), megabytes (M), kilobytes (K) or bytes (blank)
Effective: Immediately
Persistence: Remains in effect across system reboots
sftp.log_nfiles
Sets the maximum number of log files to be kept for
SFTP(SSH File Transfer Protocol). Once an active log
file reaches the size limit determined by the
sftp.log.filesize option, a new active log file is
created. The old active log file is stored as a historical
log file by appending the file name with ".1".
All existing historical files are renamed by incrementing
the numeric suffix; for example, "sftp.cmd.2"
becomes "sftp.cmd.3" and so on. Only the number of
files specified by sftp.log.nfiles are kept. When the
maximum number of historical log files is exceeded,
the highest-numbered (oldest) log file is deleted.
For example, if nfiles is set to 6, sftp.cmd.5 would
be deleted rather than renamed.
Default: 6
Min/Max: 1 - 100 files
Effective: Immediately
Persistence: Remains in effect across system reboots
sftp.locking
Sets the type of file locking used by the SFTP(SSH
File Transfer Protocol) during file retrieval. Setting
this option to none designates that files are not
to be locked in any way during file retrieval. When
the value of this option is delete, files being
retrieved cannot be deleted or renamed. When the value
of this option is write, file being retrieved cannot
be opened for write or deleted or renamed.
Default: none
Values: none, delete
Effective: Immediately
Persistence: Remains in effect across system reboots
sftp.max_connections
Sets the maximum number of concurrent SFTP(SSH File
Transfer Protocol) connections allowed. This option
is the limit of the total number of SFTP control connections
allowed to the node, or to all vFilers hosted
on the physical node. For HA configurations, the number
of connections permitted is doubled when in
takeover mode. If this setting is changed to a value
that is lower than the current number of connected
SFTP sessions, new connections will be refused until
the total number of sessions falls below sftp.max_connections.
Existing sessions are unaffected.
Default: 15
Min/Max: 0 - 15 connections
Effective: Immediately
Persistence: Remains in effect across system reboots
sftp.max_connections_threshold
This option allows an administrator to set a threshold
on the number of concurrent SFTP(SSH File Transfer
Protocol) connections. When this threshold is reached
an EMS message sftp.connections.threshold, warning the
administrator that the number of concurrent SFTP connections
is approaching the maximum limit allowed by
the option sftp.max_connections, is generated.
This option is set as a percentage of the maximum concurrent SFTP connections allowed by the option sftp.max_connections. If the value is set to zero, then this EMS generation is disabled.
Default: 75%
Min/Max: 0 - 99% percent
Effective: Immediately
Persistence: Remains in effect across system reboots
sftp.override_client_permissions
Enables/disables the override of permissions sent by
SFTP(SSH File Transfer Protocol) client. If enabled,
the UNIX permissions set on a newly created
file/directory would be 0755, irrespective of the permissions
sent by the client.
Default: off
Effective: Immediately
Persistence: Remains in effect across system reboots
shelf.atfcx.auto.reset.enable
This option controls the automatic power-cycle feature
of capable AT-FCX shelf enclosures. If enabled, capable
shelf enclosures automatically power-cycle to
recover from certain failures in a non-disruptive manner.
Valid settings are on, off, and auto. The
default value is auto. auto behaves the same as off in
a Single Path HA storage configuration. auto behaves
the same as on in any other storage configurations.
This option will only have effect on DS14mk2-AT shelf enclosures equipped with HE Power Reset Capable power supplies and NDR Capable AT-FCX Shelf Firmware.
shelf.esh4.auto.reset.enable
This option controls the automatic power-cycle feature
of capable ESH4 shelf enclosures. If enabled, capable
shelf enclosures automatically power-cycle to recover
from certain failures in a non-disruptive manner.
Valid settings are on, off, and auto. The default
value is auto. auto behaves the same as off in a Single
Path HA storage configuration. auto behaves the
same as on in any other storage configurations.
This option will only have effect on DS14mk2-FC and DS14mk4-FC shelf enclosures equipped with HE Power Reset Capable power supplies and NDR Capable ESH4 Shelf Firmware Revision.
snaplock.autocommit_period
This option can be used to specify a time delay to be
used with the SnapLock auto-commit feature. This feature
automatically converts to WORM status any file on
any SnapLock volume if the file has not changed during
the delay period. The retention date on the committed
file will be determined by the volume's default retention
period.
To specify a time delay, set this option to a value consisting of an integer count followed by an indicator of the time period: `h' for hours, `d' for `days, `m' for months, or `y' for years. For example, to specify an auto-commit delay period of 4 hours, set this option to `4h'.
To disable the SnapLock auto-commit feature, set this option to none. This is the default value.
The minimum delay that can be specified is two hours. Because auto-commits are performed by a scanner, it could take some time after the delay period ends for the file to be committed to WORM.
snaplock.compliance.write_verify
This option is used to verify all disk writes to
snaplock compliance volumes. It is used when immediate
verification of the recording process is required. By
default the options is `off'.
Using this option will have a negative impact on volume performance.
snaplock.log.default_retention
This option can be used to specify a default retention
policy for a secure log file. The default value is 6
months `6m' and cannot be set to less than 6 months.
The option may be specified in m|y.
The default retention is used only when operations that are being logged do not specify a retention period. A secure log will be retained for the maximum retention time necessary to verify secure operations performed on files in the log.
snaplock.log.maximum_size
This option specifies the maximum size for a secure
log before the file is closed and a new log file is
generated for use by the secure logging infrastructure.
The default value is `10m' and the possible
values for units are `k', `m', `g' and `t'. If no unit
is specified, given size is assumed to be in bytes.
The minimum size of any log file is 100k and the maximum size is (4t-1).
snapmirror.access
This option determines which SnapMirror destination
nodes may initiate transfers, and over which network
interfaces. When set to "legacy", SnapMirror uses the
older snapmirror.allow to determine access. The
option value is a string containing an expression
which provides the access filter. An example of the
options command for snapmirror.access is options snapmirror.access
host=toaster,fridge. The default value
is "legacy". See na_snapmirror(1) , na_snapmirror.allow(5)
and na_protocolaccess(8) for more
details.
snapmirror.checkip.enable
Enables IP address based verification of SnapMirror
destination nodes by source nodes. Valid values are
on or off. The default value is off. See na_snapmirror.allow(5)
for more details.
snapmirror.delayed_acks.enable
Enables TCP/IP delayed acknowledgements. Disabling
this can improve performance of SnapMirror network
connections in high latency networks. Valid values
are on or off. The default value is on.
This uses the slow start and congestion avoidance algorithms as described in RFC 2581. Do note that disabling this option can be disruptive to other clients on the same network as the SnapMirror connection.
snapmirror.volume.local_nwk_bypass.enable
Enables bypassing network for local Volume SnapMirror
transfers. Valid values for this option are on or
off. The default value for this option is on. When
option is off, local Volume SnapMirror transfers use
the network stack to transfer data.
snapmirror.enable
Enable or disable SnapMirror operations. Valid values
for this option are on or off. The default value for
this option is off. When on (SnapMirror must be
licensed), SnapMirror data transfers and SnapMirror
scheduler are enabled. The command snapmirror on and
snapmirror off has the same effect as this option.
See na_snapmirror(1) for more details.
snapmirror.log.enable
Determines whether SnapMirror activity is logged to
the SnapMirror log file. The setting does not affect
syslog output from SnapMirror. Valid values for this
option are on or off. The default value for this
option is on. When on, all the SnapMirror activities
will be logged in /etc/log/snapmirror. See na_snapmirror(5)
for more details.
snapvalidator.version
Determines the version of Oracle that will be validated
for by SnapValidator. This setting applies to
all volumes that have the `svo_enable' option set to
on. For more information on the this options see
na_vol(1). Valid values for this option are 9 or 10.
The default value for this option is 9.
snapvault.access
Restricts/allows client and server access to snapvault
from a different node. The default value is "none"
For valid values, see na_protocolaccess(8).
snapvault.enable
Enable or disable snapvault operation. Valid values
for this option are on or off. The default value for
this option is off.
snapvault.lockvault_log_volume
Configures the LockVault Log Volume. Valid values for
this option are online SnapLock volume names. See
na_snapvault(1) for details.
snapvault.nbu.archival_snap_default
Sets the default value for the vol option
nbu_archival_snap on new volumes. The
nbu_archival_snap vol option will be initialized
according to the value of snapvault.nbu.archival_snap_default.
This initialization
occurs when the first SnapVault for NetBackup backup
to that volume starts, unless the nbu_archival_snap
vol option is already configured manually. Valid values
for this option are on or off. The default value
for this option is on.
snapvault.snapshot_for_dr_backup
This option is applicable at Volume SnapMirror destination
only, while using SnapVault to backup Volume
SnapMirror destination. This option allows SnapVault
to choose the primary snapshot for the backup. Valid
values are vsm_base_only, named_snapshot_only and
named_snapshot_preferred.
When the option is set to vsm_base_only, SnapVault does the backup of most recent Volume SnapMirror created snapshot.
When the option is set to named_snapshot_only, SnapVault does the backup of destination requested snapshot. If the requested snapshot is not available at the Volume SnapMirror destination, then the backup will fail.
When the option is set to named_snapshot_preferred, SnapVault tries to backup destination requested snapshot. If the destination requested snapshot is not available, then it backs up the most recent Volume SnapMirror created snapshot.
The default value for this option is vsm_base_only.
snapvault.stale_config_cleanup_enable
This option enables or disables the cleanup of stale
SnapVault configurations. The valid values for this
option are on and off.The default value for this
option is on.
snapvault.ossv.compression
This option enables or disables network compression
for Open System SnapVault transfers. The valid values
are on and off. The default value for this option is
off. For a specific relationship this option is overridden
by the per-relationship compression option when
the per-relationship compression option has been set
to values other than the default. See na_snapvault(1)
for setting the per-relationship compression option.
snapvault.preservesnap
This option allows a user to enable/disable recycling
of the SnapVault archival snapshots. The valid values
are on and off. It applies only when the number of
SnapVault archival snapshots reaches the retention
count. When it is set to off, SnapVault will create
room for a new snapshot by deleting the oldest SnapVault
archival snapshot. When it is set to on, SnapVault
will just preserve all the existing SnapVault
archival snapshots and fail the new snapshot creation.
So, further snapshots and SnapVault updates by that
schedule will not be possible until the user deletes
any older archived snapshot(s) to bring the count to
less than retention count or increase the retention
count or turns off this option. The default value for
this option is off. For a specific relationship this
option is overridden by the per-relationship preserve
option when the per-relationship preserve option has
been set to values other than the default. See
na_snapvault(1) for setting the per-relationship preserve
option.
snmp.access
Restricts SNMP access to the node. For valid values,
see na_protocolaccess(8).
snmp.enable
Enables the SNMP server on the node. Valid values for
this option are on or off. The default value for this
option is on.
sparse.tcp_windowsize
Sets the TCP window size for sparse operations,
including FlexCache. The default, 262144 bytes, works
for many network environments. Change this value only
when required for your network configuration. Changes
to this option can strongly affect FlexCache performance.
The option can be used on both the FlexCache
node and the origin node.
sp.autologout.enable
Enables or disables the automatic logout of idle SP
SSH connections. The default is on, which causes SP
SSH connections to be disconnected after the number of
minutes specified by the sp.autologout.timeout
value. Any change to this option requires a logout
from the SP before it takes effect.
sp.autologout.timeout
The number of minutes after which SP SSH idle connections
are disconnected if sp.autologout.enable is on.
The default is 60 minutes. Any change to this option
requires a logout from the SP before it takes effect.
sp.setup
Displays whether the SP has been configured. The SP is
configured through the setup or the sp setup command.
sp.ssh.access
Restricts SSH access to the SP. For valid values, see
na_spaccess(8).
ssh.access
Restricts ssh access to the node. For valid values,
see na_protocolaccess(8).
ssh.enable
Enables or disables the SSH 2.0 protocol on the node.
Valid values for this option are on or off. The
starting default value on a factory install for this
option is on.
ssh.idle.timeout
Timeout value for ssh sessions in seconds. For example,
options ssh.idle.timeout 300 will set the timeout
value for ssh sessions to 300 seconds. The default
value for this option is 600 seconds. A value of
zero, the default setting, is interpreted as 600 seconds.
ssh.passwd_auth.enable
Enables or disables the password authentication on the
ssh server. Valid values for this option are on or
off. The default value for this option is on.
ssh.port
Changes the port of the ssh daemon. The default value
for this option is 22.
ssh.pubkey_auth.enable
Enables or disables the public key authentication on
the ssh server. Valid values for this option are on
or off. The default value for this option is on.
ssh1.enable
Enables or disables the SSH 1.x protocol on the node.
Valid values for this option are on or off. The
default value for this option is off.
ssh2.enable
Enables or disables the SSH 2.0 protocol on the node.
Valid values for this option are on or off. The
starting default value on a factory install for this
option is on. This option is equivalent to the
ssh.enable option.
ssl.v2.enable
Enables or disables the SSLv2 protocol on https and
ldap connections. Valid values for this option are on
or off. The default value for this option is on. This
setting takes effect immediately and is persistent
across reboots.
ssl.v3.enable
Enables or disables the SSLv3 protocol on https and
ldap connections. Valid values for this option are on
or off. The default value for this option is on. This
setting takes effect immediately and is persistent
across reboots.
tape.persistent_reservations
Deprecated option. Use option tape.reservations
instead.
tape.reservations
Enables SCSI reservations or persistent reservations
for all tape drives, medium changers, bridges, and
tape libraries (including those with embedded bridges)
attached to the node via Fibre Channel, including
those attached through switches. Only the initiator
which holds the reservation may change the position or
state of the device, protecting it from other initiators.
This option determines which type of reservation
is applied when a device open operation requests
a reservation. The device is released when it is
closed.
Standard "classic" SCSI reservation isolates well under normal conditions, but reservations can be lost during interface error recovery procedures, allowing device access by initiators other than the erstwhile owner. Error recovery mechanisms such as loop reset do not affect persistent reservations.
This option replaces option tape.persistent_reservations, which is no longer used. Valid values are off, scsi, or persistent. The default value is off. This option has no effect on devices attached to parallel SCSI adapters, since the adapter already has exclusive access to the devices.
Tape drives, medium changers, tape libraries, or bridges do not all implement persistent reservations correctly. If persistent does not protect a device properly, then use scsi instead, or turn the option off.
telnet.access
Restricts telnet access to the node. For valid values,
see na_protocolaccess(8). If this value is set,
trusted.hosts is ignored for telnet.
telnet.enable
Enables the Telnet server on the node. Valid values
for this option are on or off. The default value for
this option is off. If this option is toggled during
a telnet session, then it goes into effect on the next
telnet login.
telnet.distinct.enable
Enables making the telnet and console separate user
environments. If it is off, then telnet and console
share a session. The two sessions view each other's
inputs/outputs and both acquire the privileges of the
last user to login. If this option is toggled during a
telnet session, then it goes into effect on the next
telnet login. Valid values for this option are on or
off. The starting default value on a factory install
for this option is on. This option is set to on if a
user belonging to "Compliance Administrators" is configured
and cannot be set to off till the user is configured.
telnet.hosts
Deprecated option, use trusted.hosts instead.
tftpd.enable
Enables the tftp (Trivial File Transfer Protocol)
server on the node. Valid values for this option are
on or off. The default value for this option is off.
When enabled, the node's tftp server allows get
requests, but does not allow put requests.
tftpd.logging
Enables console logging of accesses for files via
tftp. Valid values for this option are on or off.
The default value for this option is off.
tftpd.max_connections
This option controls the maximum number of simultaneous
tftpd connections that will be served. The minimum
value is 4 and the maximum is 32. The default
value for this option is 8. If this setting is
changed to a value that is lower than the current number
of connected TFTP sessions, new connections will
be refused until the total number of sessions falls
below ftpd.max_connections. Existing sessions are
unaffected.
tftpd.rootdir
Specifies the tftpd rootdir. All relative accesses to
files via tftp are considered relative to this directory.
All absolute accesses via tftp can only access a
file if it lies in the filesystem tree rooted at this
directory. A valid value for this option is the fully
qualified pathname to a valid, existing directory on
any volume on the node. The default value of this
option is /etc/tftpboot.
timed.enable
If on and a remote protocol is specified the time daemon
(timed) synchronizes to an external source. If
off, time is not synchronized to an external source.
Valid values for this option are on or off. The
default value for this option is on.
HA pair considerations: To keep time synchronized across the nodes in the HA pair, timed should be enabled on both nodes.
timed.log
Specifies whether time changes initiated by timed
should be logged to the console.
This option is obsolete and does not have an effect in Data ONTAP 8.0 or later. However, if this option is modified, the changes would take effect if the system is reverted to a release that does support this option.
timed.max_skew
Specifies the maximum amount of skew between the time
reported by the time server and the node's time that
we will allow when synchronizing the time. If the
difference in the time reported by the server and the
node's time is greater than this value, the node will
not synchronize to the time reported by the time
server. The maximum skew is specified in seconds
(suffix s), minutes (suffix m), or hours (suffix h).
Defaults to "30m".
This option is obsolete and does not have an effect in Data ONTAP 8.0 or later. However, if this option is modified, the changes would take effect if the system is reverted to a release that does support this option.
HA pair considerations: Specifies the maximum amount of skew between the time reported by the time master and the time slave's time.
timed.min_skew
Specifies the minimum amount of skew between the time
reported by the time server and the node's time that
is required to trigger the process of time correction
into action. If the difference in the time reported by
the server and the node's time is less than this
value, the node will not attempt to correct the time.
The minimum skew is specified in seconds (suffix s),
minutes (suffix m), or hours (suffix h). Defaults to
"0".
This option is obsolete and does not have an effect in Data ONTAP 8.0 or later. However, if this option is modified, the changes would take effect if the system is reverted to a release that does support this option.
Cluster considerations: Specifies the minimum amount of skew between the time reported by the time master and the time slave's time.
timed.proto
Specifies the protocol used to synchronize time.
Valid values for this option are rdate, ntp or rtc.
rdate specifies the rdate (RFC 868) protocol. ntp
specifies the Network Time Protocol (RFC 1305). rtc
specifies the internal Real-Time Clock chip. The
default value for this option is ntp.
Note that sntp can be used as an alias for the ntp setting. Releases before Data ONTAP 8 use the Simple Network Time Protocol (RFC 2030) instead of the Network Time Protocol.
The option to use the rdate and rtc protocols is no longer supported in Data ONTAP 8.0 or later. However, if this protocol is specified, the changes would take effect if the system is reverted to a release that does support the protocols.
timed.sched
Specifies the timed synchronization schedule. There
are several pre-defined schedules:
hourly
synchronize every hour (the default)
multihourly
synchronize every 6 hours
daily
synchronize every day at midnight
Custom schedules may also be specified by giving the number of minutes or hours between time synchronization. Minutes are specified by digits followed by an "m"; hours are specified by digits followed by an "h". For example, options timed.sched 2h will cause time to be synchronized every two hours.
To avoid overburdening the time server, the node randomly selects the exact time of the synchronization within a window specified by timed.window.
After timed.sched is set, timed.window is capped at ten percent of timed.sched.
This option is obsolete and does not have an effect in Data ONTAP 8.0 or later. However, if this option is modified, the changes would take effect if the system is reverted to a release that does support this option.
HA pair considerations: specifies the time synchronization schedule for the time slave.
timed.servers
Specifies up to five time servers used by the time
daemon. Time servers are contacted in the order specified;
if a server can't be contacted, the time daemon
tries the next one in the list. The default value for
this option is the null string.
HA pair considerations: The timed.servers option must be configured on both nodes in the HA pair. For best results, the servers specified should be identical.
timed.window
Specifies a window around the synchronization time set
by timed.sched. The actual synchronization time is
randomly chosen from within this window. timed.window
is specified in seconds (suffix s) or minutes (suffix
m). The value may be 0, but it may not exceed ten percent
of timed.sched. timed.window defaults to "0s".
This option is obsolete and does not have an effect in Data ONTAP 8.0 or later. However, if this option is modified, the changes would take effect if the system is reverted to a release that does support this option.
HA pair considerations: Specifies a window around the synchronization time set by timed.sched for the time slave.
tls.enable
Enables or disables the TLS (Transport Layer Security)
protocol on https, ftps and ldap connections. Valid
values for this option are on or off. The default
value for this option is off. This setting takes
effect immediately and is persistent across reboots.
trusted.hosts
Specifies up to 5 clients that will be allowed telnet,
rsh, and administrative HTTP (that is FilerView)
access to the server. The host names should be
entered as a comma-separated list with no spaces in
between. Enter a "*" to allow access to all clients;
this is the default. Enter a "-" to disable access to
the server. NOTE: this option used to be called telnet.hosts,
and in fact that is still an alias for this
option. This value is ignored for telnet if telnet.access
is set, and is ignored for administrative
HTTP if httpd.admin.access is set. See na_protocolaccess(8)
for more details.
vol.copy.throttle
Specifies the default speed of all volume copy operations.
The speed can be a number in the range from 1
to 10, with 10 being the highest speed and the
default. When a vol copy operation is started, its
throttle is set to this value. See na_vol(1) for more
details on the vol copy command.
wafl.default_nt_user
Specifies the NT user account to use when a UNIX user
accesses a file with NT security (has an ACL), and
that UNIX user would not otherwise be mapped. If this
option is set to the null string, such accesses will
be denied. The default value for this option is the
null string.
wafl.default_security_style
Specifies the default security style assigned to a new
volume. All qtrees created on the volume get this as
their security style. Legal values for this option
are `unix', `ntfs', or `mixed'. The default value for
this option is `unix', unless the node is an NTFS-only
node, in which case the default is `ntfs'.
wafl.default_unix_user
Specifies the UNIX user account to use when an authenticated
NT user did not match an entry in the
usermap.cfg file. If this option is set to the null
string, NT users which are not matched in the
usermap.cfg file will not be allowed to log in. The
default value for this option is `pcuser'.
wafl.group_cp
Specifies the WAFL behavior for coordinating consistency
points between groups of volumes in an appliance.
If the WAFL Group-CP feature is active then
WAFL will coordinate updates across multiple traditional
volumes and aggregates during a WAFL consistency
point. If WAFL Group-CP is not active then consistency
points are not coordinated across traditional
volumes and aggregates during recovery. The allowed
values for this option are `on', `off' or `default'.
If the value is set to `default' then the option is
set based on whether MetroCluster is enabled for the
appliance; if MetroCluster is enabled then the default
is on, otherwise the default is off.
wafl.nt_admin_priv_map_to_root
When on (the default), an NT administrator is mapped
to UNIX root.
wafl.root_only_chown
When enabled, only the root user can change the owner
of a file. When disabled, non-root users can change
the owner of files that they own. When a non-root
user changes the owner of a file they own, both the
set-UID and set-GID bits of that file are cleared for
security reasons. A non-root user is not allowed to
give away a file if it would make the recipient overrun
its user quota. wafl.root_only_chown is enabled
by default.
wafl.wcc_minutes_valid
Specifies the number of minutes a WAFL credential
cache entry is valid. The value can range from 1
through 20160. The default is 20.
webdav.enable
Enables WebDAV access to the node. Valid values for
this option are on or off.
Default: on
Effective: Immediately
Persistence: Remains in effect across system reboots
Multiple options can be set at once in an options command. For example:
options nfs.tcp.enable on nfs.v2.df_2gb_lim on raid.timeout 48
Turns on the logging for all CIFS login related activities.
options cifs
Prints all the options that start with cifs.
However, a few options must have the same setting for both nodes in a HA configuration for takeover to work properly. If you change the setting for one of these options on one node, the node displays a message reminding you to make the same change on the other node. In takeover mode, the same option values are used for both nodes.
The following list of options must have the same values on both nodes in a HA configuration:
snmp.enable telnet.enable trusted.hosts wafl.group_cp
timed.enable timed.log timed.max_skew timed.proto timed.sched timed.servers timed.window
The following list of options is overwritten by the live node's values during takeover:
auditlog.enable auditlog.max_file_size autologout.telnet.enable autologout.telnet.timeout dns.domainname dns.enable httpd.log.format httpd.timeout httpd.timewait.enable ip.match_any_ifaddr ip.path_mtu_discovery.enable nfs.per_client_stats.enable nfs.v2.df_2gb_lim nfs.v3.enable nis.domainname nis.enable nis.group_update.enable nis.group_update_schedule nis.servers nis.slave.enable pcnfsd.enable nfs.always.deny.truncate raid.disk.copy.auto.enable raid.disktype.enable raid.media_scrub.enable raid.reconstruct.perf_impact raid.reconstruct.wafliron.enable raid.resync.perf_impact raid.rpm.ata.enable raid.rpm.fcal.enable raid.timeout raid.verify.perf_impact rmc.setup sparse.tcp_windowsize vol.copy.throttle wafl.root_only_chown wafl.wcc_minutes_valid
cifs.AD.retry_delay cifs.audit.enable cifs.audit.file_access_events.enable cifs.audit.logon_events.enable cifs.audit.logsize cifs.audit.saveas cifs.bypass_traverse_checking cifs.comment cifs.guest_account cifs.home_dir_namestyle cifs.homedirs_public_for_admin cifs.idle_timeout cifs.max_mpx cifs.netbios_aliases cifs.netbios_over_tcp.enable cifs.nfs_root_ignore_acl cifs.oplocks.enable cifs.oplocks.opendelta cifs.perm_check_ro_del_ok cifs.perm_check_use_gid cifs.preserve_unix_security cifs.restrict_anonymous.enable cifs.save_case cifs.scopeid cifs.search_domains cifs.show_snapshot cifs.shutdown_msg_level cifs.sidcache.enable cifs.sidcache.lifetime cifs.snapshot_file_folding.enable cifs.symlinks.cycleguard cifs.symlinks.enable cifs.trace_login cifs.universal_nested_groups.enable dns.domainname dns.enable ndmpd.access ndmpd.authtype ndmpd.connectlog.enabled ndmpd.enable ndmpd.ignore_ctime.enabled ndmpd.password_length nfs.mount_rootonly nfs.per_client_stats.enable nfs.require_valid_mapped_uid nfs.tcp.enable nfs.udp.xfersize nfs.v2.df_2gb_lim nfs.v3.enable nfs.webnfs.enable nfs.webnfs.rootdir nfs.webnfs.rootdir.set nis.domainname nis.enable nis.group_update.enable nis.group_update_schedule nis.servers nis.slave.enable pcnfsd.enable pcnfsd.umask nfs.always.deny.truncate rsh.access rsh.enable security.passwd.rules.enable snapmirror.enable snapmirror.checkip.enable snapmirror.access snapvault.access snapvault.enable wafl.default_nt_user wafl.default_unix_user wafl.nt_admin_priv_map_to_root wafl.wcc_max_entries wafl.wcc_minutes_valid