options

NAME

options – display or set filer options

SYNOPSIS

options

options option

options partial-option

options [ option value ] …

DESCRIPTION

The options command is used to change configurable filer
software options. If no options are specified, then
options prints the current value of all available options.
If an option is specified with no value, then the current
value of that option is printed. If only a part of an
option is specified with no value, then the list of all
options that start with the partial-option string is
printed. This is similar to the Unix grep command. The
default value for most options is off, which means that
the option is not set. Changing the value to on enables
the option; for most options, the only valid values are on
(which can also be expressed as yes, true, or 1) in any
mixture of upper and lower case, and off (which can also
be expressed as no, false, or 0) in any mixture of upper
and lower case. The description of the option will indicate
the default if it is not off, and will indicate what
values are allowed if it isn’t an on/off option. For
options that take string values, use a double quote (“”)
as the option argument if you wish to set that option to
be the null string. Normally, arguments are limited to
255 characters in total length.

The legal options are as follows:

auditlog.enable

Enables/disables the audit logging of commands executed
at the console/telnet shell or by using rsh.
The default is on. The data is logged to the file
/etc/log/auditlog for a filer or /logs/auditlog if the
system is a NetCache. The maximum size of auditlog
file is allowed to grow to the value specified by the
auditlog.max_file_size option. If the auditlog file
reaches this size, and on every Saturday at 24:00,
/etc/log/auditlog is moved to /etc/log/auditlog.0,
/etc/log/auditlog.0 is moved to /etc/log/auditlog.1,
and so on (similarly for /logs/auditlog if it is a
NetCache). Assuming they do not get full, auditlog
files are saved for a total of six weeks.

auditlog.max_file_size

This option controls the maximum size (in bytes) that
the auditlog file is allowed to grow to (see above).
The default value for this option is 10000000.

auditlog.readonly_api.enable

This option controls auditing of APIs based on their
roles. If an API is used to retrieve information but
not for modifying the state of the system then this
API is not audited by default. The default value of
this option is off, which causes read-only APIs not to
audit. To overwrite the default value, set this
option value to true, or on.

autologout.console.enable

Enables/disables the autologout of console connections.
The default is on, which causes console connections
to be disconnected after the console has been
idle for the number of minutes specified by the autologout.console.timeout
value. Any change to this

option is effective after a command is entered.

autologout.console.timeout

The number of minutes the console is idle after which
console connections are disconnected if autologout.console.enable
is on. The default is 60 minutes.
Any change to this option is effective after a command
is entered.

autologout.telnet.enable

Enables/disables the autologout of telnet connections.
The default is on, which causes telnet connections to
be disconnected after the number of minutes specified
by the autologout.telnet.timeout value. Any change to
this option requires a logout before it takes effect.

autologout.telnet.timeout

The number of minutes after which telnet connections
are disconnected if autologout.telnet.enable is on.
The default is 60 minutes. Any change to this option
requires a logout before it takes effect.

autosupport.cifs.verbose

If on, includes CIFS session and share information in
autosupport messages. If off, those sections are omitted.
The default is off.

autosupport.content

The type of content that the autosupport notification
should contain. Allowable values are complete and
minimal. The default value is complete. The minimal
option allows the delivery of a “sanitized” and
smaller version of the autosupport, at the cost of
reduced support from Network Appliance. Please contact
Network Appliance if you feel you need to use the minimal
option. The complete option is the traditional
(and default) form of autosupport. If this option is
changed from complete to minimal then all previous and
pending autosupport messages will be deleted under the
assumption that complete messages should not be transmitted.

autosupport.doit

Triggers the autosupport daemon to send an autosupport
notification immediately. A text word entered as the
option is sent in the notification subject line and
should be used to explain the reason for the notification.

autosupport.enable

Enables/disables the autosupport notification features
(see autosupport(8)). The default is on to cause
autosupport notifications to be sent. This option will
override the autosupport.support.enable option.

autosupport.from

Defines the user to be designated as the sender of the
notification. The default is postmaster@your.domain.
Email replies from Network Appliance will be sent to
this address.

autosupport.local.nht_data.enable

Enables/disables the Health Trigger (NHT) data autosupport
to be sent to the recipients listed in autosupport.to.
NHT data is the binary, internal log data
from each disk drive, and in general, is not parsable
by other than Network Appliance. There is no customer
data in the NHT attachments. The default for this
option is off.

autosupport.local.performance_data.enable

Enables/disables performance data autosupport to be
sent to the recipients listed in autosupport.to. The
performance autosupport contains hourly samples of
system performance counters, and in general is only
useful to Network Appliance. There is no customer data
in the performance data autosupports. The default is
off.

autosupport.mailhost

Defines the list of up to 5 mailhost names. Enter the
host names as a comma-separated list with no spaces in
between. The default is an empty list.

autosupport.minimal.subject.id

Defines the type of string that is used in the identification
portion of the subject line when autosupport.content
is set to minimal. Allowable values are
systemid and hostname. The default is systemid.

autosupport.nht_data.enable

Enables/disables the generation of the Health Trigger
(NHT) data autosupport. Default is off

autosupport.noteto

Defines the list of recipients for the autosupport
short note email. Up to 5 mail addresses are allowed.
Enter the addresses as a comma-separated list with no
spaces in between. The default is an empty list to
disable short note emails.

autosupport.performance_data.enable

Enables/disables hourly sampling of system performance
data, and weekly creation of a performance data autosupport.
The default is on.

autosupport.retry.count

Number of times to try resending the mail before giving
up and dropping the mail. Minimum is 5; maximum is
4294967295 ; The default is 15 .

autosupport.retry.interval

Time in minutes to delay before trying to send the
autosupport again. Minimum is 30 seconds, maximum is
1 day. Values may end with `s’, `m’ or `h’ to indicate
seconds, minutes or hours respectively If no
units are specified, then input is assumed to be in
seconds. The default value is 4m.

autosupport.support.enable

Enables/disables the autosupport notification to Network
Appliance. The default is on to cause autosupport
notifications to be sent directly to Network
Appliance as described by the autosupport.support.transport
option. This option is superseded
(overridden) by the value of autosupport.enable.

autosupport.support.proxy

Allows the setting of an HTTP-based proxy if autosupport.support.transport
is https or http. The default

for this option is the empty string, implying no proxy
is necessary.

autosupport.support.to

This option is read only, it shows where autosupport
notifications to Network Appliance are sent if autosupport.support.transport
is smtp.

autosupport.support.transport

Allows setting the type of delivery desired for autosupport
notifications that are destined for Network
Appliance. Allowed values are https, http (for direct
Web-based posting) or smtp (for traditional email).
The default value is https. Note that http and https
may (depending on local network configuration) require
that the autosupport.support.proxy option be set correctly.
Also smtp requires that autosupport.mailhosts
be configured correctly before autosupport delivery
can be successful.

autosupport.support.url

This option is read only, it shows where autosupport
notifications to Network Appliance are sent if autosupport.support.transport
is https or http.

autosupport.throttle

Enables autosupport throttling (see autosupport(8)).
When too many autosupports are sent in too
short a time, additional messages of the same type
will be dropped. Valid values for this option are on
or off. The default value for this option is on.

autosupport.to

Defines the list of recipients for the autosupport
email notification. Up to 5 mail addresses are
allowed. Enter the addresses as a comma-separated
list with no spaces in between. The default is an
empty list. Note that it is no longer necessary to use
the standard Network Appliance autosupport email
address in this field to direct autosupport messages
to Network Appliance. Please use autosupport.support.enable
instead.

backup.log.enable

Backup logging captures important events during
dump/restore and records them in /etc/log/backup on
the root volume. The option allows users to enable or
disable this feature. By default, the option is on.

cf.giveback.auto.cifs.terminate.minutes

This options specifies the number of minutes to delay
an automatic giveback before terminating CIFS clients
that have open files. During the delay, the system
will periodically send notices to the affected workstations.
If 0 (zero) minutes are specified, then
CIFS clients will be terminated immediately.

cf.giveback.auto.enable

This options turns on/off automatic giveback. An
automatic giveback is invoked when one node of a cluster
is in takeover mode and the “down” node is
repaired and reboots. The repaired node will boot
into Data ONTAP and the node in takeover mode will
detect this and initiate a giveback.

This feature is only available on flash booted systems.

cf.giveback.auto.terminate.bigjobs

This option, when on, specifies that automatic giveback
should immediately terminate long running operations
(dump/restore, vol verify, etc.) when initiating
an automatic giveback. When this option is off,
the automatic giveback will be deferred until the long
running operations have completed.

cf.giveback.check.partner

This option turns on/off checking for partner readiness
before starting giveback. It’s being used on
flash booted systems only.

When this option is on, if operator types in “cf giveback”,
before starting giveback, the node in takeover
state checks that partner has actually booted halfway
up. If partner is not ready yet, giveback won’t start.

When this option is off, if operator types in “cf
giveback”, giveback starts without checking partner’s
status.

The default value is on, which reduces downtime caused
by a giveback.

Two filers in a cluster can have different settings
for this option.

cf.hw_assist.enable

This option turns the hardware-assisted takeover functionality
on or off.

When enabled, the hardware module notifies the partner
of certain hardware failures such as power-loss,
power-cycle, watchdog reset etc. This enables the
partner to start the takeover immediately upon notification,
rather than waiting for the configured detection
period.

When the hw_assist option is disabled, or if the hardware
failure notification doesn’t reach the partner,
the partner starts the takeover after waiting for
cf.takeover.detection.seconds.

The default value is on. The filer must have a Hardware
module such as RLM (Remote-LAN-Manager) to enable
the hardware-assisted takeover functionality.

cf.hw_assist.partner.address

The hardware failure notification is sent to this
partner IP address. If hostname is given, it is converted
into an IP address.

cf.hw_assist.partner.port

The hardware failure notification is sent to this
partner port.

cf.takeover.change_fsid

By default (the default is on), Data ONTAP changes the
file system IDs (FSIDs) of all partner volumes and
aggregates if a disaster takeover occurs in a MetroCluster
configuration. When the value is set to off,
Data ONTAP does not change the FSIDs, enabling users

to continue to access their volumes after a
disaster
takeover.

 

CAUTION:
Although clients of the disaster node would
have read access to partner volumes if the option were
set to no, they might experience data loss when
attempting to write to the volumes. Disable the
change_fsid option with great care.

cf.takeover.detection.seconds

This option provides a knob to tune the timer used in
takeover detection.

The timer is used by cluster software in monitoring
partner node’s status. If partner node has not been
responding more than n seconds, where n is the value
of this option, local node decides to take over.

Two nodes do not need to have same value for this
option. This provides asymmetric takeover behavior in
terms of aggressiveness.

The default value of this option is 15 seconds. The
option can be set to any value between 10 and 180. In
case sk.process.timeout.override has been manually
set, it is strongly advised that this option is set to
a value larger than or equal to sk.process.timeout.override+5.

cf.takeover.on_failure

This option allows automatic takeover to be disabled.
By default, this option is set to on and a filer will
automatically takeover it’s partner filer if the latter
fails. If set to off, automatic takeovers are disabled,
but operator can still initiate manual
takeovers.

This option is available only when cluster is licensed
and changing the value on one filer automatically
changes the value on the partner filer.

cf.takeover.on_disk_shelf_miscompare

This option allows negotiated takeover to be enabled
when the cluster nodes detect a mismatch in disk shelf
count. By default, this option is set to off.

This option is available only when cluster is licensed
and changing the value on one filer automatically
changes the value on the partner filer.

cf.takeover.on_network_interface_failure

This option allows negotiated takeover to be enabled
when the cluster nodes detect failures in network
interfaces. Only those network interfaces that have
explicitly enabled negotiated failover via the ifconfig
command will be monitored. By default, this
option is set to off.

This option is available only when cluster is licensed
and changing the value on one filer automatically
changes the value on the partner filer.

cf.takeover.on_network_interface_failure.policy
This option determines what policy to apply for triggering
negotiated failover when network interfaces
fail. There are two policies that are currently supported:
all_nics implying failover when all network
interfaces participating in negotiated failover fail
and any_nic implying failover when any one of the network
interfaces participating in negotiated failover
fails. By default, this option is set to all_nics.

This option is available only when cluster is
licensed.

cf.takeover.on_panic

This option turns on/off the takeover on panic feature.
It’s available only when cluster is licensed.
Changing the value on one filer automatically changes
the value on the partner filer.

This option is turned on when either fcp or iscsi is
licensed.

This option is turned off when both fcp and iscsi have
been unlicensed.

Users should use caution when manually changing the
option value.

cf.takeover.on_short_uptime

This option determines whether a cluster failover will
happen if a filer fails within sixty seconds of booting
up. By default, this option is set to on.

This option is available only when cluster is licensed
and changing the value on one filer automatically
changes the value on the partner filer.

cifs.LMCompatibilityLevel

Value of this option controls the different Authentication
tokens that the filer can accept from the
client. It can take values from 1 to 5. With each
value, filer accepts security tokens as described
below.

1 – Accepts LM, NTLM, NTLMv2 session security,
NTLMv2, Kerberos.

2 – Accepts NTLM, NTLMv2 session security,
NTLMv2, Kerberos.

3 – Accepts NTLMv2 session security,
NTLMv2, Kerberos.

4 – Accepts NTLMv2, Kerberos.

5 – Accepts Kerberos only.

Default: 1

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.audit.autosave.file.extension

Specifies the type of file extension that will be
appended to the “saveas” file name when the autosave
feature is enabled. It will append a timestamp or
counter value to the saved EVT file. If a value for
this option is not specified, a timestamp is used as
the file extension, however the value “timestamp” is
not displayed.

Default: “” (null)

Effective: Immediately

Values: timestamp, counter

Persistence: Remains in effect across system reboots

cifs.audit.autosave.file.limit

Specifies how many Microsoft Event Log (EVT) files are
to be saved before they are rotated. Once the limit
of files exist on the filer, the oldest file is always
overwritten. If the value of this option is 0, then
the filer will have no limit to how many file are
automatically saved on the filer. This option needs to
have the autosave feature enabled.

Default: “” (null)

Effective: Immediately

Min/Max: 0 – 999 files

Persistence: Remains in effect across system reboots

cifs.audit.autosave.onsize.enable

When this option is on, the CIFS Audit Logging Facility
(ALF) daemon will automatically save the cifsaudit.alf
file to the corresponding EVT file based on
the size of the cifsaudit.alf file. The option
cifs.audit.autosave.onsize.threshold is needed to be
set to specify the actual threshold to trigger the
auto save.

Default: off

Effective: Immediately

Values: on, off

Persistence: Remains in effect across system reboots

cifs.audit.autosave.onsize.threshold

This option specifies the size threshold which should
trigger an auto save. The option
cifs.audit.autosave.onsize.enable should be enabled
for this option to be used. Note that if the suffix
is percentage this should be perceived as a percentage
of the size of the cifsaudit.alf file which can be
specified by the cifs.audit.logsize option

Default: “” (null)

Min/Max: 1 – 100% percent

Min/Max: 512k – 64g in kilobytes (k), megabytes (m) or
gigabytes (g)

Effective: If the threshold is specified as a percentage
of the size of cifsaudit.alf file, then threshold
value takes effect only when the absolute threshold
value is more than 512k. If absolute threshold value
is less than 512k, default value of 512k is used.

Persistence: Remains in effect across system reboots

cifs.audit.autosave.ontime.enable

When this option is on, the CIFS Audit Logging Facility
(ALF) daemon will automatically save the cifsaudit.alf
file to the corresponding EVT file based on an
internal timer. The option
cifs.audit.autosave.ontime.interval is needed to be
set to specify the timer interval to trigger the auto
save.

Default: off

Effective: Immediately

Values: on, off

Persistence: Remains in effect across system reboots

cifs.audit.autosave.ontime.interval

This option specifies the time interval which should
trigger an auto save. The option
cifs.audit.autosave.ontime.enable should be enabled
for this option to be used.

Default: “” (null)

Min/Max: 1 – 60m minutes

Min/Max: 1 – 24h hours

Min/Max: 1 – 7d days

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.audit.enable

When this option is on, CIFS audit events may be generated
during file access and/or during logon and
logoff. For file access events to be generated, the
option cifs.audit.file_access_events.enable must also
be on. For logon and logoff events to be generated,
the option cifs.audit.logon_events.enable must also be
on.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.audit.file_access_events.enable

When both this option and the cifs.audit.enable option
are on, file access events will be audited when a file
is accessed by an account for an operation and the
file has a System Access Control List (SACL) entry
that matches the access. If no SACL entry matches the
access, then no event will be generated.

Default: on

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.audit.liveview.enable

When both this option and the cifs.audit.enable option
are on, the audit events can be viewed from a CIFS
client by connecting to the filer using the Event
Viewer application. The events might not show up in
Event Viewer as they are generated but they show up
after some delay, depending on the audit settings.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.audit.logon_events.enable

When both this option and the cifs.audit.enable option
are on, logon and logoff events will be generated.
Logon and logoff events reflect CIFS session connects
and disconnects, respectively.

Default: on

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.audit.account_mgmt_events.enable

When both this option and the cifs.audit.enable option
are on, account management events will be generated.
Account management events reflect the creation, deletion
and modification of local users and groups on the
filer.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.audit.logsize

Specifies the maximum event log file size in bytes.

Default: 1048576

Min/Max: 524288 – 68719476736 bytes

Effective: If the specified log size is smaller than
the current log size, changes will be effective after
clearing the log with the `cifs audit clear’ command.
Otherwise, changes are immediate.

Persistence: Remains in effect across system reboots

cifs.audit.nfs.enable

Enables auditing of NFS file access events. When
enabled, auditable events are recorded in the log
file. Auditable events are specified by the Windows
SACLs set either on the file itself, or on the file
specified in the value of cifs.audit.nfs.filter.filename,
or on the Storage-Level Access Guard associated
with the volume or qtree.

cifs.audit.nfs.filter.filename

Points to the filter file used to identify which NFS
file access events get included in the CIFS log by
default. SACL set on this file, along with the SACLs
set on the file being accessed or the Storage-Level
Access Guard associated with the volume or qtree, is
used to determine which NFS file access events get
logged. SACL set on this file would affect all NFS
file access requests irrespective of underlying qtree
security style. There is no default value for this
option, therefore it must be set before the option
cifs.audit.nfs.enable can be enabled. This option does
not have to be set if the option cifs.audit.nfs.enable
will not be enabled.

cifs.audit.saveas

Specifies the active event log file. The file must be
in an existing directory in a network share.

Default: /etc/log/adtlog.evt

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.bypass_traverse_checking

When turned on, directories in the path to a file are
not required to have the `X’ (traverse) permission.
This option does not apply to UNIX qtrees.

Default: on

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.client.dup-detection

Windows servers attempt to detect duplicate sessions
in order to terminate any sessions that did not terminate
when a client system rebooted. Early versions of
Windows servers compare client NetBIOS names to determine
duplication, while newer ones use the client IP
addresses.

This option determines how the appliance performs
duplicate session detection. With this option set to
ip-address (the default), the appliance compares
client IP addresses. With this option set to name the
appliance compares client NetBIOS names. With this
option set to off the appliance does not perform
duplicate session detection.

Default: name

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.comment

Defines the CIFS server description. CIFS clients see
the CIFS server description when browsing servers on
the network.

Default: “” (null)

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.enable_share_browsing

When this option is turned off, requests from clients
to enumerate the list of shares on the CIFS server
will result in an empty list.

Default: on

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.gpo.enable

When this option is turned on, the filer will attempt
to communicate with the Active Directory server that
the filer is installed into in order to enforce
defined group policies that apply to the filer.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.gpo.trace.enable

When this option is turned on, messages that are useful
for debugging the application of group policies on
the filer will be printed to the system console.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.guest_account

Enables a user to get access to the filer provided
that either the filer uses a Domain Controller for
authentication and the user is not in a trusted
domain, or the filer uses the /etc/passwd file or the
NIS password database for authentication and the user
has no entry in the /etc/passwd file or the NIS password
database. If this option is set to the name of
an account in the password database, a user logging
into the filer will be assigned to the guest account
if their name is not listed in the password database
(when using /etc/passwd or NIS) or if the user is not
from a trusted domain (when using a domain controller).
The configured user name will be used for
the UNIX user ID, group ID, and group set of the specified
account. If the option is set to “” (null),
guest access is disabled.

Default: “” (null)

Effective: Upon CIFS client reconnection

Persistence: Remains in effect across system reboots

cifs.home_dir_namestyle

Specifies how the name portion of the path to a user’s
home directory is determined. If no argument is supplied,
the current value of this option is displayed.
Valid values for this option are: a null string,
ntname, hidden, mapped, or domain. All user home
directory paths begin with one of the CIFS home directory
paths, followed by a slash and the user’s name.
If this option is set to ntname then a user’s Windows
login name is used and only downward symlinks (in the
directory hierarchy) are followed. If this option is
set to hidden then a user’s Windows login name is
used. However, the user must append a dollar sign to
their user name when connecting to the filer, and the
filer will append a dollar sign to the user’s name
when enumerating the homedir share name. If the value
of this option is mapped then the user’s UNIX name is
used. The UNIX name is obtained by mapping the user’s
Windows login name using the file /etc/usermap.cfg. If
this option is set to domain then the user’s name
includes both the user’s domain and Windows login name
separated by a slash. If the option is set to “”
(null), this acts like ntname with the exception that
symlinks are followed in any direction.

Default: “” (null)

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.homedirs_public_for_admin

Specifies whether members of the filer’s
Builtin\Administrators group can connect to the CIFS
home directories of other users. If no argument is
supplied, the current value of this option is displayed.
If this option is set to on then an administrator
can connect to the CIFS home directory of user
username by specifying the share ~username (tilde
username). This can be useful when setting a user
profile to map the user’s CIFS home directory on the
filer. Windows 2000 Active Directory does not allow a
system administrator to set a user’s profile to a nonexistent
share, and normally a user’s CIFS home directory
can only be accessed by that user and not by the
administrator.

Default: on

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.idle_timeout

Specifies the amount of idle time (in seconds) before
the filer disconnects a session. An idle session is a
session in which a user does not have any files opened
on the filer.

Default: 1800

Min/Max: 600 – 4000000 seconds

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.max_mpx

This option controls how many simultaneous operations
the filer reports that it can process. An “operation”
is each I/O the client believes is pending on the
filer including outstanding change notify operations.
Clients such as Windows Terminal Server or IIS may
require that this number be increased to avoid errors
and performance delays.

CAUTION – The approved values for this parameter are
50, 126, 253, and 1124. The most accurate way to
determine which number to use is to measure the Redirector-Current
Commands statistic on the client with
NT perfmon and to increase the number until Current
Commands does not hit the negotiated limit. For more
information see Microsoft Knowledge Base articles
Q191370 and Q232890.

CAUTION – This number should only be changed while
cifs is terminated.

CAUTION – Only use the approved values to avoid
Q232890.

CAUTION – This value affects allocations in the
clients. Use the smallest value necessary for correct
behavior.

Default: 50

Values: 50, 126, 253, 1124

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.ms_snapshot_mode

Specifies the mode for snapshot access from a
Microsoft Shadow Copy client. Valid values for this
option are off, pre-xp and xp. off disables snapshot
access from all Windows Shadow Copy clients. xp
allows access to snapshots from Windows XP and later
Shadow Copy clients only. pre-xp in addition allows
access to snapshots from Windows 2000 Shadow Copy
clients. Note that the downlevel pre-xp mode should
only be used if Windows 2000 snapshot access is
required as it may introduce a very slight performance
hit when there is a heavy load on the filer and very
long pathnames are in use.

Default: xp

Values: off, xp, pre-xp

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.netbios_aliases

Provides a comma-separated list of alternative names
for the filer. A user can connect to the filer using
any of the listed names.

This command is deprecated.

System administrators are encouraged to write CIFS
NetBIOS aliases to the file /etc/cifs_nbalias.cfg (one
alias per line). Use the “cifs nbalias load” command
to cause the filer to process the
/etc/cifs_nbalias.cfg file. For more information, see
the CIFS chapter in the System Administrator’s Guide.

cifs.netbios_over_tcp.enable

This option enables the use of NetBIOS over TCP, which
is the standard protocol used for CIFS prior to Windows
2000. In certain Windows 2000 networks it is
desirable to disable that protocol. This option corresponds
to the “Enable NetBIOS over TCP” setting in
the Windows 2000 Advanced TCP/IP settings tab. If it
is set to off, all clients must be Windows 2000 (or
above), and only Windows 2000 (or above) domain controllers
and virus scanners can be used.

cifs.netbios_over_tcp.enable takes effect when cifs
starts. It should not be changed while cifs is running.

Default: on

Effective: Upon CIFS client reconnection

Persistence: Remains in effect across system reboots

cifs.nfs_root_ignore_acl

When on, ACLs will not affect root access from NFS.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.oplocks.enable

When cifs.oplocks.enable is on, the filer allows
clients to use oplocks (opportunistic locks) on files.
Oplocks are a significant performance enhancement, but
have the potential to cause lost cached data on some
networks with impaired reliability or latency, particularly
wide-area networks. In general, this option
should be disabled only to isolate problems.

Default: on

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.oplocks.opendelta

This option defines the length of artificial delay
before sending an opportunistic lock break request to
a client that has recently sent the filer an open
request. This is done to work around a bug in
Microsoft Windows clients that can cause the client to
ignore an oplock break request if it is received at a
certain time.

For example, when opendelta is 8, the filer will make
sure that at least 8 milliseconds have elapsed after
receiving or responding to an open-file request before
it sends an oplock break on that session.

CAUTION – This option should not be set higher then 35
milliseconds without consulting Network Appliance
Global Services.

Default: 8

Min/Max: 0 – 1000 milliseconds

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.per_client_stats.enable

Turning this option on causes the filer to start gathering
statistics on a per-client basis. This allows
use of the cifs top command, as well as the -u and -h
options of cifs stat. Administrators should be aware
that there is overhead associated with collecting the
per-client stats. This overhead may noticeably affect
filer performance. If the option is turned off, any
existing per-client statistics are discarded.

Default: off

Effective: Upon CIFS client reconnection

Persistence: Remains in effect across system reboots

cifs.perm_check_ro_del_ok

NT delete rules do not allow you to delete a file or
directory with the DOS read-only bit set. However, a
number of multi-protocol applications require UNIX
delete semantics (w-x perms in parent dir without
regard to the permissions of the file or directory).
This option controls this behavior. By default it is
off, which yields NT behavior.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.perm_check_use_gid

This option affects security checking for Windows
clients of files with UNIX security where the
requester is not the file owner. In all cases Windows
client requests are checked against the share-level
ACL, then if the requester is the owner, the “user”
perms are used to determine the access.

If the requester is not the owner and if
perm_check_use_gid is on it means files with UNIX
security are checked using normal UNIX rules, i.e. if
the requester is a member of the file’s owning group
the “group” perms are used, otherwise the “other”
perms are used.

If the requester is not the owner and if
perm_check_use_gid is off, files with UNIX security
style are checked in a way which works better when
controlling access via share-level ACLs. In that case
the requester’s desired access is checked against the
file’s “group” permissions, and the “other” permissions
are ignored. In effect, the “group” perms are
used as if the Windows client were always a member of
the file’s owning group, and the “other” perms are
never used.

If you do not plan to use share-level ACLs to control
access to UNIX security style files (e.g. in a UNIX
qtree), you should leave this setting on.

Default: on

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.preserve_unix_security

This option preserves UNIX permissions as files are
edited and saved by Windows applications that read the
security properties of the file, create a new temporary
file, apply those properties to the temporary
file, and then give the temporary file the original
file name. When this option is enabled, Windows
clients that perform a security query receive a constructed
ACL that exactly represents the UNIX permissions.
This same ACL can then be assigned to the temporary
file to restore the exact same UNIX permissions
that were present in the original file. The constructed
ACL is only used to preserve the file’s UNIX
permissions, as the file is updated and saved by Windows
applications; no NTFS ACLs are set using the constructed
ACL. This option only affects NFS files in
UNIX or mixed-mode qtrees.

Enabling this option also allows you to manipulate a
file’s UNIX permissions using the Security tab on a
Windows client, or using any application that can
query and set Windows ACLs. When enabled, this option
causes UNIX qtrees to appear as NTFS volumes.
Default: off

Values: on, off

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.restrict_anonymous

Controls the access restrictions of non-authenticated
sessions. Permitted values for this option are 0, 1
and 2. 0 sets no special access restrictions, 1 disallows
enumeration of users and shares, and 2 fully
restricts access. This option corresponds to the
RestrictAnonymous registry entry in Windows. Note
that these restrictions do not apply to mapped Null
users.

Default: 0

Values: 0, 1, 2

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.restrict_anonymous.enable

Deprecated option, use cifs.restrict_anonymous
instead.

cifs.save_case

When this option is on, CIFS will preserve the case
when files are created or renamed. If this option is
turned off, all filenames will be forced to lower
case. This can help with compatibility between certain
16-bit applications and UNIX tools.

Default: on

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.scopeid

NetBIOS scope IDs allow the system administrator to
create small workgroups out of a network by partitioning
the NetBIOS name space; only clients with the same
NetBIOS scope ID as the filer will be able to use the
filer as a CIFS server. The default scope ID is “”
(null), but if the filer is to run in a NetBIOS scope
other than the default one, its scope ID must be set
to the scope ID of that scope. The scope ID can be
changed only when CIFS is not running.

Default: “” (null)

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.search_domains

Specifies a list of domains that trust each other to
search for a mapped account. The argument for the
option is a comma-separated list that is searched in
order. If this option is set to “” (null), all
domains are searched. You can use this option to control
searches if you used an asterisk for a domain
name in the /etc/usermap.cfg file.

Default: “” (null)

Effective: Upon CIFS client reconnection

Persistence: Remains in effect across system reboots

cifs.show_dotfiles

When this option is set to off, all file names with a
period (.) as the first character will be hidden. The
default value is on.

cifs.show_snapshot

When this option is off, the snapshot directory ~snapshot
is no longer shown at the root of a share. This
is a change in behavior from previous versions. Setting
this to on will restore the old behavior. On
Windows NT 4 or Windows 95 clients, the user can
access snapshots by entering \\filer\share\.snapshot
(or ~snapshot or ~snapsht) in the Start->Run menu.
Snapshots can also be accessed lower in the share by
providing a path to a lower directory. Snapshots can
be accessed through DOS on any system by changing to
the ~snapsht directory.

NOTE: When this option is on it can confuse programs
like FastFind that don’t know about snapshots.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.shutdown_msg_level

Normally a message is broadcast to all clients when
CIFS is terminating. This option can be set to control
this behavior. The value 0 results in never sending
such broadcast messages. The value 1 results in sending
broadcast messages only to sessions which have
open files. The value 2 causes the messages to be sent
to all open connections.

Default: 2

Values: 0, 1, 2

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.sidcache.enable

This options controls whether or not CIFS will cache
SID-to-name translation information that it has
received from the domain controllers.

Default: on

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.sidcache.lifetime

This option controls how long a SID-to-name cache
entry is used before it becomes stale. The SID-to-name
mapping functions in the filer will query the appropriate
domain controller to update the cached mapping
when it is needed, but has become stale.

Default: 1440

Min/Max: 20 – 10080 minutes

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.signing.enable

Signing is a security feature provided by the CIFS
protocol that is designed to detect and prevent `manin-the-middle’
intrusion into CIFS communications.
This is achieved by calculating a security signature
value for every incoming and outgoing CIFS packet.

This feature introduces a performance penalty on both
the client and the filer when in use, and thus is disabled
by default. In a trusted network where the performance
impact of this feature might outweigh the
benefits that it provides, it is recommended that this
feature remain disabled.

Default: off

Effective: Upon CIFS client reconnection

Persistence: Remains in effect across system reboots

cifs.snapshot_file_folding.enable

This option controls whether or not CIFS will attempt
to `fold’ files on close with previous snapshot versions
of themselves in order to minimize disk usage.
Disk space is saved by sharing unchanged file blocks
between the active version of the file, and the version
of the file in the latest snapshot, if any. The
filer must compare block contents when folding a file,
so there is a performance vs. space utilization tradeoff
to consider with this option.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.symlinks.cycleguard

This option eliminates the possibility of traversing
directories cyclically during the process of following
symbolic links. With this option set to on, if the
target of the symlink resolves to a directory that is
directly above the symlink’s parent directory, it is
disallowed.

With this option set to off, many standard Windows
applications (such as Find in Windows 95 / Windows NT
4.0) will not operate correctly when a symlink points
to a parent directory. This is because they do not
understand symbolic links and will repeatedly loop on
them. Users should use caution when changing this
option.

Default: on

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.symlinks.enable

When cifs.symlinks.enable is on, if the object being
accessed by a CIFS client is a symbolic link (whether
absolute or relative), the filer follows the link with
the proviso that the ultimate target turns out to
reside within the originating share (thus ensuring
that the client has access permission to the target).

Default: on

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.trace_dc_connection

When cifs.trace_dc_connection is on, the filer logs
all domain controller address discovery and connection
activities. This can be used to diagnose DC connection
problems on the filer.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.trace_login

When cifs.trace_login is on, the filer logs all loginrelated
activities. This can be used to diagnose
access problems on the filer.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.universal_nested_groups.enable

When cifs.universal_nested_groups.enable is off, the
filer does not include membership in nested groups or
membership in universal groups from other domains in
the forest. This option is pertinent to all NFS
clients accessing a file or directory with Windowsstyle
security and does not affect CIFS clients. This
option will be deprecated in a future release when the
filer will always include the above memberships.

CAUTION – ALL group memberships are fetched from
Active Directory only when (a) user and filer are in
the same domain tree (b) or else user’s domain tree
has a two-way transitive trust with the filer’s domain
tree.

Default: on

Effective: Upon NFS client reconnection

Persistence: Remains in effect across system reboots

cifs.weekly_W2K_password_change

This option only affects filers installed in Windows
2000 domains. When on, this option causes the filer
to change its domain password once a week, as is current
practice for the filer in NT4 domains. The password
change occurs at approximately 01:00 AM on Sunday
mornings. For Windows 2000 domains with multiple DCs,
a password change may inhibit CIFS connections for a
short time while the new password is propagated among
the DCs. This option has no effect on filers installed
in pre-Windows 2000 domains.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.widelink.ttl

When a CIFS client accesses a “wide symbolic link”
(widelink), the filer returns both a path referral and
a time-to-live value. The CIFS client can cache the
widelink path referral for the time-to-live time
period. This option allows the system administrator to
set the value which the filer returns for time-tolive.

Default: 10m

Min/Max: 0s – 10000m in seconds (s), minutes (m) or
hours (h)

Effective: Immediately

Persistence: Remains in effect across system reboots

cifs.wins_servers

This option can display or set the list of WINS
servers used by the CIFS service. To set the list,
pass a comma-separated list of IPv4 addresses. To see
the current list of WINS servers, leave the parameter
blank. To clear the list, pass a “” (null) parameter.

Default: “” (null)

Values: Comma-separated list of IPv4 addresses

Effective: Immediately

Persistence: Remains in effect across system reboots

cksum_offload.gbeII

Specifies whether calculation of TCP and UDP checksums
is offloaded to network interface cards. Offloading
reduces CPU utilization. The value “on” enables
offloading, and “off” disables it. The option affects
Ethernet Controllers numbered II and higher. Checksums
are not offloaded for outbound UDP packets in
most cases, regardless of the option setting.

On systems initially installed with 6.2 or later
releases, the default is “on”. Prior to 6.2 the
default was “off”, and a software upgrade does not
change the value.

console.encoding

Specifies how non-ASCII character information is presented.
The value can be:

nfs – NFS character set. You can use both NFS extended (>
0x7F) and SGML characters for input.

sgml – SGML character format. You can use both NFS
extended (greater than 0x7F) and SGML characters for
input.

utf8 – UTF-8 character sets. For input, any character
greater than 0x7F is the beginning of a UTF-8 encoding.

The default is nfs.

coredump.dump.attempts

Controls how many attempts should be made to dump a
core. Extra attempts are only made if the previous
attempt failed due to a disk write error. Legal values
range from 0 – 5. If 0 is chosen, no cores will
be dumped.

The default is 2.

disk.auto_assign

Specifies if disks will be auto assigned on systems
with software disk ownership. The default is on.

disk.maint_center.allowed_entries

Sets the number of times a disk is allowed to be put
into maintenance center testing as a result of reaching
a threshold. If a disk reaches another threshold
and has already been through maintenance center testing
the allowed number of times, the disk is failed.
Administrator-initiated testing is not counted. The
administrator can test disks any number of times. The
default value is 1.

disk.maint_center.enable

Enables/disables maintenance center functionality. The
default value is on.

disk.maint_center.max_disks

This option specifies the maximum number of disks that
can be running maintenance center tests on a system at
the same time. The default value is 84.

disk.maint_center.rec_allowed_entries

Sets the number of times a disk is allowed to be put
into maintenance center testing as a result of recovery
needed types of errors. If a disk encounters
another recovery needed type of error and has already
been through maintenance center testing the allowed
number of times for recovery needed errors then the
disk is failed. The default value is 5.

disk.maint_center.spares_check

This option specifies whether to check the number of
available spares before putting a disk into the maintenance
center as the result of reaching a threshold.
If this option is on and there are fewer than two
available spares when a disk reaches a threshold, the
disk is not put into the maintenance center. If the
option is off or there are atleast two available
spares, the disk is put into the maintenance center.
This option has no effect on administrator-initiated
testing of disks. The default value is on.

disk.target_port.cmd_queue_depth

Sets the maximum number of concurrent commands that
can be dispatched to any target port on an external
RAID array. This is useful on V-Series systems, which
support large numbers of LUNs behind a single device
ID. If too many commands are issued the overall performance
of the external RAID array may be degraded.
A value of 0 indicates that no limit is enforced on
any target port.

dns.domainname

Sets the DNS domainname to the specified domainname.

dns.enable

Enables DNS client on the filer. The DNS domain must
be set and the /etc/resolv.conf file must exist prior
to enabling DNS.

dns.cache.enable

Determines whether the DNS cache is used when looking
up names. It is on by default. Turning it off will
have the side effect of flushing the dns cache. This
option has no effect if DNS is not enabled.

dns.update.enable

Enables or disables DDNS (Dynamic DNS). `on’, `off’,
and `secure’ are valid options. exchanged securely if
the security protocol is appropriately configured.
DNS must be enabled prior to enabling DDNS.

fcp.enable

Determines whether FCP service starts by default on a
filer.

flexcache.access

Restricts FlexCache access to the filer. The default
value is none. For valid values, see protocolaccess(8).
Note: this is the only way to allow a volume
to be cached by a FlexCache volume. The /etc/exports
file cannot be used for this.

flexcache.enable

Enables FlexCache server on the filer. Valid values
for this option are on or off. If this option is set
to off, no FlexCache volumes can be mapped to any of
the volumes on this filer. Existing FlexCache volumes
that are currently mapped to this filer are no longer
serviced. If this option is set to on, FlexCache volumes
can be mapped to volumes on this filer. The
default value for this option is off.

flexcache.per_client_stats

Enables FlexCache client statistics on an origin
filer. Valid values for this option are on or off.
The default value for this option is off. With this
set to on, the flexcache stats -S volume -c command
will show statistics by client on an origin filer.

flexscale.enable

Enables FlexScale on the filer. Valid values for this
option are on or off. If FlexScale hardware is present
and licensed then this option will enable the
FlexScale functionality in WAFL. If no hardware is
present this option will enable FlexScale PCS (Predictive
Cache Statistics). The default value for this
option is off.

flexscale.normal_data_blocks

Controls whether normal user data blocks should be
cached by FlexScale. Valid values for this option are
on or off. If this option is set to off then only
metadata blocks are cached, except for those volumes
that have a FlexShare cache setting of keep. The
default value for this option is on.

flexscale.lopri_data_blocks

Controls whether low-priority user data blocks should
be cached by FlexScale. Valid values for this option
are on or off. This option is only used when flexscale.normal_data_blocks
is set to on. If this option

is set to on then low-priority user data blocks that
are not normally stored by FlexScale will be cached.
This may be useful for workloads that fit entirely
within FlexScale and consist of write follow by read,
or large sequential reads. The default value for this
option is off.

flexscale.max_io_qdepth

Controls the maximum I/O queue depth for FlexScale
hardware. This option allows the I/O queue depth for
FlexScale hardware to be changed from the default setting.
Using a larger value allows more concurrent I/O
and can increase caching opportunities, at the cost of
increased latency. If filer statistics indicate that
many cache operations are being disalloweded due to
I/O throttling under heavy load then increasing this
option may help.

fpolicy.enable

When turned off, this disables all file policies on
the filer, overriding the settings for individual file
policies. When turned on, the setting of a given file
policy determines if that file policy is enabled or
disabled.

ftpd.enable

When enabled (on), this option allows FTP connections
on port 21. When disabled (off), connection attempts
on port 21 are refused.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

ftpd.3way.enable

Enables/disables third-party file transfers. When
enabled (on), this option allows file transfers
directly to and from a remote FTP server. When disabled,
the IP address specified in the PORT command
must match that of the FTP client; in passive mode,
only TCP connections from the client will be allowed.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

ftpd.anonymous.enable

Enables/disables anonymous user logins. An anonymous
user will only be allowed to access “anonymous” home
directory and its subtrees. Anonymous users are not
allowed access to external volumes. Named account
users will not have this limitation unless the
ftpd.dir.restriction option is enabled. Default anonymous
users are “ftp” and “anonymous”. To use anonymous
ftp, besides turn on ftpd.anonymous.enable, the option
ftpd.anonymous.homedir must point to an existing path.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

ftpd.anonymous.home_dir

Sets the home directory for the anonymous user
account.

Default: “” (null)

Effective: Upon FTP client reconnection

Persistence: Remains in effect across system reboots

ftpd.anonymous.name

Specifies the login name for the anonymous user
account. Anonymous user can use the username as set
by this option or “ftp”. The user ftp is defined in
/etc/passwd by default. If there is no mapping of the
username specified by ftpd.anonymous.name to a UID,
UID of the user “ftp” is used. The home directory
entry in /etc/passwd file for ftp is overridden by
option ftpd.anonymous.homedir.

Default: anonymous

Effective: Upon FTP client reconnection

Persistence: Remains in effect across system reboots

ftpd.auth_style

Sets the ftpd login authentication style. In mixed
mode, usernames with “\” or “@” will authenticate via
ntlm and those without will authenticate via unix.
Setting ntlm or unix explicitly will force the respective
authentication type regardless of the format of
the username.

Default: mixed

Values: ntlm, unix, mixed

Effective: Upon FTP client reconnection

Persistence: Remains in effect across system reboots

ftpd.bypass_traverse_checking

When turned on, directories in the path to a file are
not required to have the `X’ (traverse) permission.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

ftpd.dir.restriction

Sets user home directory restriction. The off (or
none) setting indicates that there is no home directory
restriction for regular users. When this option
is set to on (or homedir), each named account user’s
access is restricted to that user’s own home directory
or to the override directory, if one is specified by
the ftpd.dir.override option.

Default: on

Values: on, off, none, homedir

Effective: Upon FTP client reconnection

Persistence: Remains in effect across system reboots

ftpd.dir.override

Sets the override path for the user home directory. A
“” (null) value indicates no home directory override;
users will be placed in their home directory upon
login. When the value of this option is a valid
directory path, users will be placed in that directory
upon login. This option applies only to named user
accounts. The behavior of the default user account is
not affected by the value of ftpd.dir.override.

Default: “” (null)

Effective: Upon FTP client reconnection

Persistence: Remains in effect across system reboots

ftpd.idle_timeout

Sets the time between requests that an FTP session can
be idle before it becomes a candidate for disconnection
by the filer.

Default: 900s

Min/Max: 300s – 2d in seconds (s), hours (h) or days
(d)

Effective: Immediately

Persistence: Remains in effect across system reboots

ftpd.log.enable

Enables/disables the logging of FTP commands and data
transfer operations.

Default: on

Effective: Immediately

Persistence: Remains in effect across system reboots

ftpd.log.filesize

Specifies the maximum file size for FTP logs in the
/etc/log directory. When one of the active FTP log
files (ftp.cmd or ftp.xfer) reaches this size, it is
renamed to ftp.cmd.1 (or ftp.xfer.1, for the transfer
log) and that renamed log history file is closed. If
there is already a historical log file, such as
ftp.cmd.1, that file is renamedto ftp.cmd.2. This
renaming process continues sequentially for all historical
log files, until the maximum number of historical
log files (specified by ftpd.log.nfiles) is
reached. Once the maximum number of historical FTP log
files is reached, the oldest log file is deleted each
time a new active FTP log file is opened. See the
description of the ftpd.log.nfiles option for more
information.

Default: 512k

Min/Max: 1K – 4G in gigabytes (G), megabytes (M),
kilobytes (K) or bytes (blank)

Effective: Immediately

Persistence: Remains in effect across system reboots

ftpd.log.nfiles

Sets the maximum number of log files to be kept. Once
an active log file reaches the size limit determined
by the ftpd.log.filesize option, a new active log file
is created. The old active log file is stored as a
historical log file by appending the file name with
“.1″. All existing historical files are renamed by
incrementing the numeric suffix; for example,
“ftp.cmd.2” becomes “ftp.cmd.3” and so on. Only the
number of files specified by ftpd.log.nfiles are kept.
When the maximum number of historical log files is
exceeded, the highest-numbered (oldest) log file is
deleted. For example, if nfiles is set to 6,
ftp.cmd.5 would be deleted rather than renamed.

Default: 6

Min/Max: 1 – 100 files

Effective: Immediately

Persistence: Remains in effect across system reboots

ftpd.locking

Sets the type of file locking used by the ftpd during
file retrieval. Setting this option to none designates
that files are not to be locked in any way during
file retrieval. When the value of this option is
delete, files being retrieved cannot be deleted or
renamed. When the value of this option is write, file
being retrieved cannot be opened for write or deleted
or renamed.

Default: none

Values: none, delete

Effective: Immediately

Persistence: Remains in effect across system reboots

ftpd.max_connections

Sets the maximum number of concurrent ftpd connections
allowed. This option is the limit of the total number
of FTP control connections allowed to the filer, or to
all vFilers hosted on the physical filer. For clustered
configurations, the number of connections permitted
is doubled when in takeover mode. If this setting
is changed to a value that is lower than the current
number of connected FTP sessions, new connections
will be refused until the total number of sessions
falls below ftpd.max_connections. Existing sessions
are unaffected.

Default: 500

Min/Max: 0 – 5000 connections

Effective: Immediately

Persistence: Remains in effect across system reboots

ftpd.tcp_window_size

Sets the TCP window size for FTP operations. The
default, 28960 bytes, works for many network environments.
Change this value only when required for your
network configuration. Changes to this option can
strongly affect ftpd performance.

Default: 28960

Values: 1600

Effective: Upon FTP client reconnection

Persistence: Remains in effect across system reboots

gfagent.enable

Enables/disables the Gateway Filer agent.

gfagent.hdm.host

Sets the host address to which Gateway agent will send
POST request.

gfagent.hdm.password

User password for Device Manager server.

gfagent.hdm.port

Port number of Device Manager’s http server.

gfagent.hdm.user

User name for Device Manager server.

gfagent.hdm.uri

Uri to which Gateway agent send POST request.

gfagent.interval.minutes

Time interval between two successive scan/report in
minutes.

httpd.admin.access

Restricts HTTP access to FilerView, the administration
area of the filer, via a private Network Appliance
URL: any URL beginning with /admin. If this value
is set, trusted.hosts is ignored for FilerView access.

Default: legacy

Values: See protocolaccess(8)

Effective: Immediately

Persistence: Remains in effect across system reboots

httpd.admin.enable

Enables HTTP access to FilerView, the administration
area of the filer, via a private Network Appliance
URL: any URL beginning with /admin is mapped to the
directory /etc/http. Thus, a man page on the filer
toaster with the file name /etc/http/man/name can be
accessed with the URL
http://toaster/admin/man/name.

Default: on

Effective: Immediately

Persistence: Remains in effect across system reboots

httpd.admin.max_connections

Sets the maximum number of concurrent httpd adminstration
connections allowed per vfiler. Httpd administration
connections are defined by
http://toaster/admin.APIconnectionsfallunderthe
httpd administration prevue. If this setting is
changed to a value that is lower than the current number
of httpd administration connections, new connections
will be refused until the total number of connections
falls below httpd.admin.max_connections.
Existing connections are unaffected.

Default: 512

Min/Max: 1 – 1023 connections

Effective: Immediately

Persistence: Remains in effect across system reboots

httpd.admin.ssl.enable

Enables HTTPS access to FilerView. To set up ssl, use
the secureadmin command. See secureadmin for
more details.

httpd.admin.hostsequiv.enable

Enables the use of /etc/hosts.equiv for administrative
HTTP authentication. If enabled, the authentication
of administrative HTTP (for APIs) will use the contents
of /etc/hosts.equiv in the same way that it is
used for rsh authentication. See hosts.equiv(5)
and rshd(8) for more details.

Default: on

Effective: Immediately

Persistence: Remains in effect across system reboots

httpd.admin.top-page.authentication

If enabled, the top-level page of FilerView will have
authenticated access.

Default: on

Effective: Immediately

Persistence: Remains in effect across system reboots

httpd.autoindex.enable

The normal response to an HTTP GET request that specifies
a url corresponding to a directory is to disply
the contents of an index file contained in that directory.
If no index file exists, a directory listing can
be generated automatically and returned instead. This
option controls whether to generate a directory listing.

The filer always searches for an index file, which is
one of “index.html”, “default.htm”, “index.htm”,
“default.html”, searched for in that order. If none is
found, and this option is on, a directory listing is
created and returned. If this option is off (the
default), the appliance will respond with a “403″
(forbidden) error code.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

httpd.access

Restricts HTTP access to the filer. Setting this
value does not affect FilerView access set by
httpd.admin.access.

Default: legacy

Values: See protocolaccess(8)

Effective: Immediately

Persistence: Remains in effect across system reboots

httpd.bypass_traverse_checking

When turned on, directories in the path to a file are
not required to have the `X’ (traverse) permission.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

httpd.enable

Enables HTTP access to the filer.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

httpd.log.format

Specifies the log format.

Default: common

Values: common, alt1

Effective: Immediately

Persistence: Remains in effect across system reboots

httpd.method.trace.enable

Specifies whether the HTTP TRACE method is enabled.
There is a potential security vulnerability associated
with the TRACE method, documented in
http://www.kb.cert.org/vuls/id/867593. The default
for this option is off, thus disabling the TRACE
method. If you want to support the TRACE method, set
the option to on.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

httpd.rootdir

Specifies the complete pathname of the root directory
that contains files and subdirectories for HTTP
access. The default for this is `XXX’ as it is normally
set to the appropriate location during http
setup.

Default: XXX

Effective: Immediately

Persistence: Remains in effect across system reboots

httpd.timeout

Specifies the minimum amount of time (in seconds)
before an idle HTTP connection will time out.

Default: 300

Min/Max: 30 – 86400 seconds

Effective: Immediately

Persistence: Remains in effect across system reboots

httpd.timewait.enable

When enabled, the filer will put HTTP connections that
have been closed by the client into the TIME_WAIT
state for one minute, which is twice the maximum segment
lifetime (2*MSL).

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

interface.cifs.blocked

The option is set to a comma-separated list of interface
names for which CIFS is blocked. The default is
the empty list, “”, which means that CIFS is not
blocked on any interface. The interface list cannot
include TOE-enabled interfaces or iSCSI HBAs. See the
NMG for details.

interface.iscsi.blocked

The option is set to a comma-separated list of interface
names for which iSCSI is blocked. The default is
the empty list, “”, which means that iSCSI is not
blocked on any interface. The interface list cannot
include TOE-enabled interfaces or iSCSI HBAs. See the
NMG for details.

interface.ftpd.blocked

The option is set to a comma-separated list of interface
names for which FTP is blocked. The default is
the empty list, “”, which means that FTP is not
blocked on any interface. The interface list cannot
include TOE-enabled interfaces or iSCSI HBAs. See the
NMG for details.

interface.nfs.blocked

The option is set to a comma-separated list of interface
names for which NFS is blocked. The default is
the empty list, “”, which means that NFS is not
blocked on any interface. The interface list cannot
include TOE-enabled interfaces or iSCSI HBAs. See the
NMG for details.

interface.snapmirror.blocked

The option is set to a comma-separated list of interface
names for which snapmirror is blocked. The
default is the empty list, “”, which means that snapmirror
is not blocked on any interface. The interface
list cannot include TOE-enabled interfaces or iSCSI
HBAs. See the NMG for details.

ip.fastpath.enable

If the option is on, the filer will attempt to use MAC
address and interface caching (“Fastpath”) so as to
try to send back responses to incoming network traffic
using the same interface as the incoming traffic and
(in some cases) the destination MAC address equal to
the source MAC address of the incoming data. This
allows for automatic load-balancing between multiple
interfaces of a trunk and between multiple filer
interfaces on the same subnet. Valid values for this
option are on or off. The default value for this
option is on. For TCP connections, the system will
also automatically detect if this optimization is not
feasible in a specific environment or for a specific
connection and turn Fastpath off automatically for
those connections for which using Fastpath is inappropriate.
The netstat command with the -x option can be
used to see if Fastpath is enabled for a specific connection.

ip.match_any_ifaddr

If the option is on, the filer will accept any packet
that is addressed to it even if that packet came in on
the wrong interface. If you are concerned about security,
you should turn this off. Valid values for this
option are on or off. The default value for this
option is on.

ip.path_mtu_discovery.enable

Enables/disables path MTU discovery; it is currently
used only by TCP. Path MTU discovery, described in
RFC 1191, allows a host to discover the “maximum
transmission unit”, i.e. the largest link-level
packet that can be transmitted, over a path from that
host to another host. This means that the filer
needn’t choose a conservative packet size for a TCP
connection to a host not on the same net as the filer,
but can attempt to discover the largest packet size
that can make it to the other host without fragmentation.
Valid values for this option are on or off.
The default value for this option is on.

ip.ping_throttle.drop_level

Specifies the maximum number of ICMP echo or echo
reply packets (ping packets) that the filer will
accept per second. Any further packets within one
second are dropped to prevent ping flood denial of
service attacks. The default value is 150.

ip.ping_throttle.alarm_interval

Specifies how often dropped pings will be syslogged in
minutes. This prevents a ping flood denial of service
attack from flooding the syslog with messages. A
value of 0 turns off logging of ping floods. The
default value is 0.

ip.tcp.newreno.enable

Enables/disables the use of the NewReno modification
to TCP’s fast recovery Algorithm (described in RFC
2582). Valid values for this option are on or off.
The default value for this option is on.

ip.tcp.sack.enable

Enables/disables the use of TCP Selective Acknowledgements
(described in RFC 2018). Valid values for this
option are on or off. The default value for this
option is on.

ip.ipsec.enable

Enables/disables the Internet Security Protocol
(ipsec) support on the filer. Valid values for this
option are on or off. The default value for this
option is off.

iscsi.enable

Determines whether iSCSI service starts by default on
a filer.

iscsi.isns.rev

Determines the draft level of the iSNS specification
with which the iSNS service on the filer is compatible.
There are two possible values: 18 and 22. The
default value is 22. A value of 18 allows compatibility
with older iSNS servers that support draft 18 of
the iSNS specification. A value of 22 provides compatibility
with both draft 22 of the iSNS specification
and with RFC 4171, the final iSNS specification.
For example, if the iSNS server that the filer will
connect to is compatible with RFC 4171, set the
iscsi.isns.rev to 22. This ensures that the iSNS service
on the filer is compatible with the iSNS server.
If this setting is not properly set, the filer may not
be able to successfully register with the iSNS server.

iscsi.tcp_window_size

CAUTION – This number will affect iSCSI performance,
and defines the filer’s receive TCP window size for
all iSCSI connections. The default setting is 131400
bytes. In general, for best performance, the value of
this option should be set according to your network
configuration, taking into account the latency of the
underlying network. However, improved performance may
be obtained with certain iSCSI initiators by tuning
this value beyond the normal network calculations
involving latency and round-trip time. You must
stop/start the iSCSI service for a change in this
value to take effect.

iscsi.max_connections_per_session

The option specifies the number of connections per
session allowed by the storage system. You can specify
between 1 and 16 connections, or you can accept the
default value: use_system_default. The maximum number
of connections allowed for each session is from 1 to
16. use_system_default currently equals 4.

Note that this option specifies the maximum number of
connections per session supported by the storage system.
The initiator and storage system negotiate the
actual number allowed for a session when the session
is created; this is the smaller of the initiator’s
maximum and the storage system’s maximum. The number
of connection actually used also depends on how many
connections the initiator establishes.

iscsi.max_error_recovery_level

The option specifies the maximum error recovery level
allowed by the storage system. You can specify 0, 1,
or 2, or you can accept the default value: use_system_default.
The maximum error recovery level allowed
is 0, 1, or 2. use_system_default currently equals 0.

kerberos.replay_cache.enable

This option enables the Kerberos replay cache feature.
This feature prevents passive replay attacks by storing
user authenticators on the filer for a short time,
and by insuring that the authenticators are not reused
in subsequent Kerberos tickets by attackers. Storing
and comparing the user authenticators can result in a
substantial performance penalty for higher workloads
on the filer. The default value for this option is
off.

ldap.enable

Turns LDAP lookup off or on. An entry must also be
made in the /etc/nsswitch.conf file to use LDAP for
this purpose.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.minimum_bind_level

Specifies the minimum binding level that is allowed.
It can take the following values: anonymous – anonymous
bind, simple – simple bind sasl – SASL bind.

Default: 0

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.timeout

Timeout used for LDAP searches. This is the period(in
seconds), after which an LDAP search request is timed
out on the LDAP server, if incomplete.

Default: 20

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.ssl.enable

Turns LDAP over SSL support off or on. Only server
authentication is supported. The root certificate
must be installed on the filer to have SSL authentication
to succeed. This is the trusted certificate that
is obtained from any of the recognised signing authorities.
Multiple trusted certificates maybe installed
on the filer. Keymgr is used to install root certificates
on the filer. Please refer to keymgr for
additional information. Ensure that ldap.port is set
to 636

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.ADdomain

The Active Directory Domain name in DNS format to use
for LDAP queries. Typically this will be something
like “group.company.com”.

Default: “” (null)

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.base

The base distinguished name to use for common ldap
lookups, which include user passwd lookup, group
lookup and netgroup lookup. The format of the base
string is: “(filter1):scope1;(filter2):scope2;”. Typically
the filer is something like “cn=company,cn=uk”.
The scope can be one of those three choices: BASE,
ONELEVEL or SUBTREE. The default scope is SUBTREE if
it is not specified.

Default: “” (null)

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.base.passwd

The base distinguished name to use for user passwd
lookups, this option will override the ldap.base
option. The format of the base string is: “(filter1):scope1;(filter2):scope2;”.
Typically the filer

is something like “cn=company,cn=uk”. The scope can be
one of those three choices: BASE, ONELEVEL or SUBTREE.
The default scope is SUBTREE if it is not specified.

Default: “” (null)

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.base.group

The base distinguished name to use for group lookups,
this option will override the ldap.base option. The
format of the base string is: “(filter1):scope1;(filter2):scope2;”.
Typically the filer is something like
“cn=company,cn=uk”. The scope can be one of those
three choices: BASE, ONELEVEL or SUBTREE. The default
scope is SUBTREE if it is not specified.

Default: “” (null)

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.base.netgroup

The base distinguished name to use for netgroup
lookups, this option will override ldap.base option.
The format of the base string is: “(filter1):scope1;(filter2):scope2;”.
Typically the filer

is something like “cn=company,cn=uk”. The scope can be
one of those three choices: BASE, ONELEVEL or SUBTREE.
The default scope is SUBTREE if it is not specified.

Default: “” (null)

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.name

The username to use for the administrative queries
necessary to look up UIDs and GIDs given a username.
Best practice is to make this a user with read-only
access to the database.

Default: “” (null)

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.nssmap.attribute.gecos

The substitution for RFC 2307 gecos attribute.

Default: gecos

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.nssmap.attribute.gidNumber

The substitution for RFC 2307 gidNumber attribute.

Default: gidNumber

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.nssmap.attribute.groupname

The substitution for RFC 2307 group name attribute.

Default: cn

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.nssmap.attribute.homeDirectory

The substitution for RFC 2307 homeDirectory attribute.

Default: homeDirectory

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.nssmap.attribute.loginShell

The substitution for RFC 2307 loginShell attribute.

Default: loginShell

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.nssmap.attribute.memberNisNetgroup

The substitution for RFC 2307 memberNisNetgroup
attribute.

Default: memberNisNetgroup

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.nssmap.attribute.memberUid

The substitution for RFC 2307 memberUid attribute.

Default: memberUid

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.nssmap.attribute.netgroupname

The substitution for RFC 2307 netgroup name attribute.

Default: cn

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.nssmap.attribute.nisNetgroupTriple

The substitution for RFC 2307 nisNetgroupTriple
attribute.

Default: nisNetgroupTriple

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.nssmap.attribute.uid

The substitution for RFC 2307 uid attribute.

Default: uid

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.nssmap.attribute.uidNumber

The substitution for RFC 2307 uidNumber attribute.

Default: uidNumber

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.nssmap.attribute.userPassword

The substitution for RFC 2307 userPassword attribute.

Default: userPassword

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.nssmap.objectClass.nisNetgroup

The substitution for RFC 2307 nisNetgroup object
class.

Default: nisNetgroup

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.nssmap.objectClass.posixAccount

The substitution for RFC 2307 posixAccount object
class.

Default: posixAccount

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.nssmap.objectClass.posixGroup

The substitution for RFC 2307 posixGroup object class.

Default: posixGroup

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.passwd

The password to use for the administrative user. This
will always display as six `*’s when listing the
options.

Default: “” (null)

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.port

The port to use for LDAP queries. This defaults to
389, LDAP’s well-known port assignment. When changing
this value, the filer will connect to LDAP servers
using the new value. Requests that are in process will
continue to use the old value until they complete.

Default: 389

Min/Max: 1 – 65535 port

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.servers

List of servers to use for LDAP queries. To enter multiple
server names use a space separated list enclosed
in quotes. When changing this value, the filer will
connect to the specified LDAP servers for new
requests. Requests that are in process will continue
to use the old values until they complete. Note that
if the LDAP Server is Windows AD and if it uses SASL
bind, then the value for this option should have the
server name instead of the IP Address. The information
regarding the mapping of the server name with the IP
Addresses should be in the /etc/hosts file. For Simple
binding, the value for the option can be the IP
Address of the server.

Default: “” (null)

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.servers.preferred

List of preferred LDAP servers. To enter multiple
server names use a space separated list enclosed in
quotes. Use this list to indicate servers that are on
faster links if any of the servers listed in
ldap.servers is on a WAN link or is for some other
reason considered slower or less reliable. When
changing this value, the filer will connect to the
specified LDAP servers for new requests. Requests that
are in process will continue to use the old values
until they complete.

Default: “” (null)

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.usermap.attribute.unixaccount

Specify the unix account attribute name for the ldap
usermapping search.

Default: unixaccount

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.usermap.attribute.windowsaccount

Specify the windows account attribute name for the
ldap usermapping search.

Default: windowsaccount

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.usermap.base

The base distinguished name to use for ldap usermapping.
The format of the base string is: “(filter1):scope1;(filter2):scope2;”.
Typically the filer

is something like “cn=company,cn=uk”. The scope can be
one of those three choices: BASE, ONELEVEL or SUBTREE.
The default scope is SUBTREE if it is not specified.

Default: “” (null)

Effective: Immediately

Persistence: Remains in effect across system reboots

ldap.usermap.enable

Enable the filer to search an LDAP database for the
user mapping between Unix users and Windows accounts.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

locking.grace_lease_seconds

Sets the grace period for clients to reclaim file
locks after a server failure. The grace period is
expressed in seconds. For lease-based lock protocols
(currently NFSv4), it also sets the locking lease
period. Clients that have been inactive for a period
equal or longer to the lease period may lose all their
locking state on a filer.

lun.use_partner.cc.enable

Enables the SCSI Target Partner Path config checker.
Turning the option on causes the config checker to
issue the FCP PARTNER PATH MISCONFIGURED AutoSupport
message when there is too much FCP traffic over the
cluster interconnect. This option can be turned off
in those cases where excessive FCP Partner Path traffic
is expected/needed, but normally it should be left
on so that the filer will complain when there is too
much Partner Path I/O, which is probably a sign of
something wrong on the SAN.

ndmpd.access

Allows the administrator to restrict access to NDMP
operations based on the hostname or the IP address.
The default value for this option is all. See protocolaccess(8)
for details.

ndmpd.authtype

Allows the administrator to control which authentication
methods the filer will accept. NDMP supports two
authentication types: challenge and plaintext. The
default type is challenge. Challenge was MD5 and
plaintext was text prior to Data ONTAP 6.4.

ndmpd.connectlog.enabled

Allows NDMP to track all the NDMP connection events
for security purposes. Turning the option on allows
all the NDMP connection events to be recorded in the
syslog(/etc/messages) file. The default value for this
option is being changed from on to off. By default,
Data ONTAP 6.4 NDMP connection logging allows NDMP
connection events for security audit purposes. This
optional logging support causes all NDMP connection
events to be recorded in the /etc/messages file. When
used in conjunction with standard intrusion detection
software NDMP connection logging provides a powerful
security audit mechanism. However NDMP connection logging
significantly increased the number of log messages
written to the /etc/messages file. If NDMP connection
auditing is not desired, it is advisable to
disable NDMP connection logging option to reduce the
size of the /etc/messages file. NDMP connection logging
can be disabled by issuing the following command
at the filer console: options ndmpd.connectlog.enabled
off. NDMP connection logging can be enabled by issuing
the following command at the filer console: options
ndmpd.connectlog.enabled on.

ndmpd.enable

If on the NDMP daemon accepts requests. Turning the
option off disables request handling by the NDMP daemon.
The default is off. Enabling and disabling this
option is equivalent to executing ndmpd on and ndmpd
off respectively.

ndmpd.ignore_ctime.enabled

This option, when on, allows user to exclude files
with ctime changed from filer incremental dumps since
other processes like virus scanning often alter the
ctime of files. When this option is off, backup on the
filer will include all files with a change or modified
time later then the last dump in the previous level
dump. This option is persistent across reboots.

Most WIN32 APIs are often unaware of the “last changed
time”, ctime, they often incorrectly set a later time
for files, causing these files to be included in the
filer’s incremental dumps, making the incremental dump
very large. This is partially defying the purpose of
having incremental dumps, since one uses incremental
dumps to speed up the backup by only dumping files
that were “changed” since the last backup.

ndmpd.password_length

Allows administrator to select either 8-byte or
16-byte NDMP specific passwords. The default value is
16. This is the length in all existing versions of
ONTAP that support this feature, so it will be backwards
compatible. This option is persistent and the
only legal values are 8 and 16. If an illegal value is
entered, the following message will be prompted:
options ndmpd.password_length: Length must be either 8
or 16. The options ndmpd.password_length controls
password length during both generation and authentication.
Supporting multiple concurrent NDMP specific
password lengths is NOT required, and will not be possible.
That is, if this options is set to 8, all NDMP
applications managing backups for that filer MUST use
an 8-byte password for authentication.

ndmpd.preferred_interface

You can specify the filer network interface to be used
when establishing an NDMP data connection to another
filer. This option is not available on no-default
vfilers.

By default, an NDMP data connection uses the same network
interface as the NDMP control connection established
by the NDMP backup application. However, when
a data connection between NDMP-enabled devices needs
to be established over an alternate network, it is
necessary to specify the filer’s interface through
which the alternate network will be accessed.

For example, a Unix or NT resident NDMP backup application
and multiple NDMP-enabled filers can be interconnected
via a corporate network. The same NDMPenabled
devices can also be interconnected via an isolated
private network. To minimize load on the corporate
network, the ndmpd.preferred_interface option can
be used to direct all NDMP data connections over the
isolated private network.

To specify the preferred network interface to be used
for NDMP data connections, issue the following command:
options ndmpd.preferred_interface interface.
interface identifies the network interface to be used
for all NDMP data connections. Any network interface
providing TCP/IP access can be specified. If no argument
is specified, the command returns the name of the
interface currently configured for data connections.
If no interface is currently set, it reports disable.
You can find the available network interfaces by using
the ifconfig -a command.

To disable a preferred network interface specification
and force the NDMP default interface to be used for
data connections, issue the following command: options
ndmpd.preferred_interface disable. The default value
for the ndmp.preferred_interface option is disable.

Note: The ndmpd.preferred_interface option is persistent
across filer reboots.

ndmpd.tcpnodelay.enable

Enables/Disables the TCPNODELAY configuration parameter
for the socket between the storage system and the
DMA. When set to true , the Nagle algorithm is disabled
and small packets are sent immediately rather
than held and bundled with other small packets. This
optimizes the system for response time rather than
throughput.

The default value is false.

This option becomes active when the next NDMP session
starts. Existing sessions are unaffected.

This option is persistent across reboots.

nfs.acache.persistence.enabled

The default for this option is “on”. (enabled). This
option controls whether the vfiler’s access cache is
periodically saved on disk. A persistently-stored
access cache is restored into memory on reboot or
failver, avoiding the need to resolve access requests
which have been saved in the cache. To disable this
feature, the option can be set to “off”.

nfs.export.exportfs_comment_on_delete

This option controls the deletion behaviour for
exportfs -z. It controls whether entries are removed
or commented from the /etc/exports file. The default
value is true and entries are commented out. To remove
entries on deletion set it to false.

nfs.export.allow_provisional_access

The default for this option is enabled. This option
controls whether provisional access is granted in the
event that a name service outage prevents the filer
from determining if a given client has access to an
exported path.

For example, the client in question may have readwrite
access to an exported path. In this situation
access is provided in IP address format. The client
however could also be part of a netgroup that is given
read-only access to the same path. Under normal circumstances
the client would not be given write access
because of how access rules are applied. In the event
that the netgroup could not be resolved or expanded,
the client would provisionally be granted write access
since an entry for it could be found in IP form.

This example illustrates a security issue in that it
is possible for clients to be given more access rights
than originally intended. Therefore, the option is
provided to disable provisional access. This has the
effect of delaying access until it is possible for the
filer to definitively determine access rights for the
client.

nfs.assist.queue.limit

The default for this option is 40. This option controls
the percentage of NFS asynchronous messages
which can be placed onto the NFS assist queue. Once
this limit has been reached, further NFS requests
which need to undergo a name service transaction will
instead have permissions granted based on
nfs.export.allow_provisional_access. The number of
available NFS asynchronous messages can be determined
with nfsstat -d.

nfs.export.auto-update

The default for this option is enabled. This option
controls whether automatic updates are performed on
the /etc/exports file. If it is not set, then the
commands vol create, vol delete, and vol rename will
not automatically rewrite the file. Instead they will
syslog the need to edit the file. When volumes are
moved between vfilers, automatic updates on the
/etc/exports file of the source and destination vfilers
are dependent on this option.

nfs.export.harvest.timeout

The default for this option is 3600 seconds (one
hour). This option sets the idle expiration time for
entries in the export access cache. This timer resets
every time the export is accessed from the host. The
minimum value is 60 seconds and the maximum is 7 days.

nfs.export.neg.timeout

The default for this option is 1800 seconds (30 minutes).
This option sets the refresh time for entries
which were denied access in the export access cache.
The minimum value is 60 seconds and the maximum is 7
days.

nfs.export.pos.timeout

The default for this option is 36000 seconds (ten
hours). This option sets the refresh time for entries
granted access in the export access cache. The minimum
value is 60 seconds and the maximum is 7 days.

nfs.export.resolve.timeout

The default for this option is 8 seconds. This option
had been hidden before and may have had a default of
either 30 or 15 seconds. This option controls how long
a name service lookup is allowed to proceed before the
NFS export code will determine that the name servers
are not responding in a timely fashion.

nfs.kerberos.file_keytab.enable

The default for this option is off. When enabled, the
vfiler is directed to use a file based Kerberos key
table (in /etc/krb5.keytab), with a format equal to
that generated by an MIT-based kadmin command.

nfs.kerberos.principal

The default for this string option is a zero length
string. If nfs.kerberos.file_keytab.enable is
enabled, then the nfs.kerberos.principal option must
be set to the host specific part of an NFS server’s
Kerberos principal name. For example, if nfs.kerberos.principal
is set to elrond.mycompany.com, then
the resulting principal name of the NFS server will be
nfs/elrond.mycompany.com@realm, where realm is the
value of nfs.kerberos.realm. Note that
nfs/elrond.mycompany.com@realm must appear as an entry
in /etc/krb5.keytab.

nfs.kerberos.realm

The default for this string option is a zero length
string. If nfs.kerberos.file_keytab.enable is
enabled, then the nfs.kerberos.realm option must be
set to the host specific part of an NFS server’s Kerberos
principal name. For example, if nfs.kerberos.realm
is set to MYCOMPANY.COM, then the resulting
principal name of the NFS server will be nfs/principal@MYCOMPANY.COM,
where principal is value of

nfs.kerberos.principal. Note that nfs/principal@MYCOMPANY.COM
must appear as an entry in
/etc/krb5.keytab.

nfs.locking.check_domain

The default for this option is on. If this option is
set to off, then the NFS version 2 and 3 lock manager
(NLM) and the NFS version 2 and 3 status monitor (NSM)
will ignore the domain suffix when comparing the
client host name in an NSM request with that of client
host name associated with an outstanding lock. One
might want to set the nfs.locking.check_domain to off
if one has NFS version 2 or 3 clients that issue NLM
requests with fully qualified domain names (FQDNs) and
NSM requests with non-FQDNs. Similarly, if the converse
is true, one might want to turn nfs.locking.check_domain
off. Otherwise, clients that send
hostnames inconsistently will leave locks held on the
filer, requiring manual intervention even after the
client reboots (and sends the NSM recovery message).

If nfs.locking.check_domain is off, then one must take
care to make sure than the non-FQDNs of each client
are unique, lest two clients with different domains
cause each other to lose locks. For example, if the
option is off, then two NFS clients, one named
wally.eng.mycompany.com and the other named
wally.corp.mycompany.com will be considered as the
same for purposes of processing the NSM recovery message
when either client reboots. It is strongly recommended
that clients be fixed and/or reconfigured to
obviate the need for setting nfs.locking.check_domain
to off.

Because NFS version 4 uses schemes for locking and
lock recovery that are completely different than NLM
and NSM, the nfs.locking.check_domain option and the
associated issue, do not apply to NFS version 4.

nfs.mount_rootonly

When enabled, the mount server will deny the request
if the client is not root user using privileged ports.
Valid values for this option are on (enabled) or off
(disabled). The default value for this option is on
for more secure access.

nfs.mountd.trace

When enabled, all mount requests are logged. This
option is intended to help debug denied mount
requests. Valid values for this option are on
(enabled) or off (disabled). The default value for
this option is off to avoid too many messages. The
output is stored in /mountd_trace.log and can be
translated by the mountd_trace.pl program, which can
be found on the NOW site. Turning the option on
clears the log file and starts the logging process.
Since the logs are kept in memory, the option needs to
be turned off to flush the logs to the file.

nfs.netgroup.strict

When enabled, all entries in the export access lists
which do not have a `@’ prepended are considered to
not be netgroups. This setting will bypass a potentially
spurious netgroup lookup for each non-netgroup
entry in the access lists.

nfs.notify.carryover

This is set to on by default. When set to off, the
hosts present in the /etc/sm/notify file are not sent
NSM reboot notifications after a filer panic/reboot. A
zero-byte file /etc/sm/.dontcarryover is created after
atleast one round of notifications or after one hour
passes since the notifications began (whichever comes
later). If the /etc/sm/.dontcarryover file exists and
the above option is false, then the existing
/etc/sm/notify file is truncated. In all other cases,
the exisiting /etc/sm/notify file is used for subsequent
notifications.

nlm.cleanup.timeout

This timeout value controls the cleanup frequency of
the nlm lock control information. The default value
for this option is 5 seconds.

nlm.trace

When enabled, all asynchronous nlm requests and server
callbacks are logged. This option is intended to help
debug asynchronous nlm requests and all lock requests
which were blocked on the server because of a conflict
and require the server to send a callback to the
client. This option is persistent across reboots so it
should be used carefully. Valid values for this
option are on (enabled) or off (disabled). The
default value for this option is off to avoid too many
messages.

nfs.per_client_stats.enable

Enables/disables the collection and display of perclient
NFS statistics, as described in nfsstat.
Valid values for this option are on or off. The
default value for this option is off.

nfs.require_valid_mapped_uid

If this option is “on” it forces all NFS requests to
be successfully mapped via the /etc/usermap.cfg mechanism.
This allows NFS requests to be selectively validated
by UID or IP address. This mapping is described
in usermap.cfg(5). Valid values for this option
are on or off. The default value for this option is
off.

nfs.response.trace

If this option is “on”, it forces all NFS requests
which have exceeded the time set in nfs.response.trigger
to be logged. If this option is “off”, only one
message will be logged per hour. The default value
for this option is off.

nfs.response.trigger

Any NFS request which takes longer to complete than
the time set by this option will be logged, according
to the state of nfs.response.trace. The results of
this option can be used to determine if the client
side message “NFS Server not responding” is due to the
server or the network. The default value for this
option is 60 seconds.

nfs.rpcsec.ctx.high

The default is zero. If set to a value other than zero
it sets a high-water mark on the number of stateful
RPCSEC_GSS (see RFC2203) authentication contexts
(today, only Kerberos V5 produces stateful authentication
state in NFS). If it is zero, then no explicit
high-water mark is set.

nfs.rpcsec.ctx.idle

Default is 360 seconds. This is the amount of time, in
seconds, an RPCSEC_GSS context (see the description
for the nfs.rpcsec.ctx.high option) will be permitted
to be unused before it is deleted.

nfs.tcp.enable

When enabled, the NFS server supports NFS over TCP.
By default, the feature is disabled since some clients
which support NFS over TCP do so with performance
inferior to UDP. It can be enabled if this is not an
issue in your environment. Valid values for this
option are on or off. The default value for this
option is off.

nfs.ifc.xmt.high

NFS goes into transmit flow control when the send window
is full and the number of outstanding requests
increases beyond nfs.ifc.xmt.high. At that time NFS
will stop reading from the TCP input window. The
default value for this option is set to 16. Its maximum
limit is 64. This is a persistent option.

nfs.ifc.xmt.low

NFS comes out of flow control when the number of outstanding
requests goes below nfs.ifc.xmt.low. The
default value for this option is set to 8. Its minimum
value is 0. This is a persistent option.

nfs.hide_snapshot

This is off by default and is persistent across
reboots. This is effective only when nosnapdir is disabled.
Setting this option to on allows snapshots to
be hidden in the NFS directory listings. The .snapshot
directory itself is visible, but the actual snapshots
will be hidden. At the same time, an explicit access
to snapshots is allowed even though they are not visible
in the directory listings.

Also, when this option is set to on, a hidden “.snapshot”
directory is available within the “.snapshot”
directory. This new entry is not visible in the directory
listings of parent “.snapshot” but when accessed,
will give the list of named snapshots that were hidden
in the parent “.snapshot” directory. Basically, This
provides a convenient way to see the list of snapshots
available in the parent “.snapshot” directory, even
when this option is set to on.

NOTE: When this option is on and if you have mounted a
path ending with “.snapshot”, `pwd’ may not work correctly
in such a mounted path and its directory tree
on the client. As a result, any applications that
depend on obtaining the current working directory
using the standard UNIX library calls like getpwd(3C)
may not function correctly. The exact result reported
when asked for current working directory is dependent
on the client’s `pwd’ implementation.

nfs.udp.xfersize

The maximum transfer size (in bytes) that the NFS
mount protocol will negotiate with the client for UDP
transport. Larger transfer sizes often result in better
NFS performance. The default is 32768. The maximum
value for this option is 57344 (56K).

nfs.v2.df_2gb_lim

Causes the filer to return replies to the “file system
statistics” NFS version 2 request that shows no more
than (2**31)-1 (or 2,147,483,647) total, free, or
available bytes (i.e., 2GB) on the file system.

Some NFS clients require this option because, if they
get return values from the “file system statistics”
request with more than the specified number of bytes,
they’ll incorrectly compute the amount of free space
on the file system, and may think that there’s no free
space on a file system that has more than 2GB free.
Valid values for this option are on or off. The
default value for this option is off.

nfs.v3.enable

When enabled, the NFS server supports NFS version 3.
Disable this option if there is a problem with some
client when using NFS version 3, and that client cannot
be configured to use NFS version 2. Valid values
for this option are on (enabled) or off (disabled).
The default value for this option is on.

In certain cases, enabling this option does not automatically
enable MOUNT version 3 of the NFS server.
Hence, a fresh mount over NFS version 3 may not be
successful. A workaround would be to switch NFS server
off followed by switching it on.

nfs.v4.enable

When enabled, the NFS server supports NFS version 4.
NFS version 4 support is only over the TCP protocol.
Valid values for this option are on (enabled) or off
(disabled). The default value for this option is on.

nfs.v4.read_delegation

Read delegations allow NFS version 4 clients to do
read operations locally without contacting the server.
These include open for read, read locks and file read
operations. Both the server and client must support
read delegations for this feature to work. When
enabled, read delegations are supported for NFS version
4. This feature is not supported for NFS versions
2 and 3. The default value for this option is off.

nfs.v4.write_delegation

Write delegations allow NFS version 4 clients to do
write operations locally without contacting the
server. These include open for write, write locks and
writing to files. Both the server and client must support
write delegations for this feature to work. When
enabled, write delegations are supported for NFS version
4. This feature is not supported over NFS versions
2 and 3. Valid values for this option are on
(enabled) or off (disabled). The default value for
this option is off.

nfs.v4.id.domain

This option controls the domain portion of the string
form of user and group names as defined in the NFS
version 4 protocol. The domain name is normally taken
from the NIS domain in use, or otherwise from the DNS
domain. However if this option is set, it will override
this default behavior.

nfs.v4.acl.enable

When enabled, ACLs are supported for NFS version 4.
The ACL option controls setting and getting NFSV4
ACLs. It does not control enforcement of these ACLs
for access checking. This feature is not supported
over NFS versions 2 and 3. The default value for this
option is off.

nfs.ntacl_display_permissive_perms

This option controls the permissions that are displayed
to NFS version 3 and NFS version 4 clients on a
file/directory that has an NT ACL set. When enabled,
the permissions displayed are based on the maximum
access granted by the NT ACL to any user. When disabled,
the permissions displayed are based on the minimum
access granted by NT ACL to any user. The
default value for this option is off.

nfs.webnfs.enable

When enabled, the NFS server supports WebNFS lookups.
Valid values for this option are on (enabled) or off
(disabled). The default value for this option is off.

nfs.webnfs.rootdir

Specifies the WebNFS rootdir. Once the rootdir is set,
WebNFS clients can issue lookups relative to the rootdir
using the public filehandle. The default value
for this option is `XXX’. This option is only used
when nfs.webnfs.rootdir.set is on, and nfs.webnfs.rootdir.set
can only be on if this option contains
the fully qualified pathname to a valid, existing
directory.

nfs.webnfs.rootdir.set

This option needs to be enabled for the rootdir setting
to take effect. Disabling this option disables
the existing rootdir setting. Valid values for this
option are on (enabled) or off (disabled). The
default value for this option is off. Note that this
option can only be enabled if the nfs.webnfs.rootdir
option contains a fully qualified pathname to a valid,
existing directory.

nis.domainname

Sets the NIS domain to the specified domainname. The
default for value for this option is the null string.

nis.enable

Enables NIS client on the filer. The NIS domain must
be set prior to enabling NIS. Valid values for this
option are on or off. The default value for this
option is off.

nis.group_update.enable

Enables the local caching of the NIS group files.
Valid values for this option are on or off. The
default value for this option is off.

nis.group_update_schedule

Specifies the hours of the day when the local NIS
group cache has to be updated. `now’ will update the
cache immediately. The valid value for this option is
a comma separated list of hours, in the range of 1 to
24. The default value for this option is 24.

nis.netgroup.domain_search.enable

Specifies whether netgroup entry comparisons will consider
the domainnames in the search directive from
/etc/resolv.conf. The default value for this option
is on.

nis.netgroup.legacy_nisdomain_search.enable
Specifies whether netgroup entry comparisons will consider
the legacy SUNOS compatible nisdomainname in the
search directive. The default value for this option
is on.

nis.servers

Specifies the list of preferred NIS servers. Valid
values for this option is `*’ or a comma separated
list of ip addresses. The default value for this
option is `*’.

nis.slave.enable

Enables NIS slave on the filer. Valid values for this
option are on or off. The default value for this
option is off.

pcnfsd.access_check

If on, enables synchronization between PCNFSD and NFS
locks (shared vs byte locks) on the file objects. See
burt 249076. Any changes done to this option, needs a
filer reboot to become effective.

pcnfsd.enable

Enables/disables the PCNFSD (PC)NFS authentication
request server (see pcnfsd(8)). Valid values for
this option are on or off. The default value for this
option is off.

pcnfsd.umask

Specifies the default umask for files created by
(PC)NFS clients. The value of this option is a threedigit
octal number, and the digits correspond to the
read, write, and execute permissions for owner, group,
and other, respectively. The default value for this
option is 022, which means that files normally created
with mode 666 effectively will have mode 644. (“644”
means that the file owner has read and write permissions,
but the members of the group and others have
only read permission.)

ra.path_switch.threshold

When excessive errors are encountered on a device
within a short enough time period to raise concern
that there might be a faulty component between the
Fibre Channel initiator and backend storage, a
scsi.path.excessiveErrors EMS event is logged and the
associated path will be avoided by Data ONTAP.

This option controls the sensitivity of intermittent
path error detection. Setting this option to a lower
value will reduce the number of errors required to
trigger the avoidance functionality. Setting it to a
higher value requires more errors to trigger this
event and decreases the sensitivity of path failure
detection.

Valid values for this threshold range from 1 to 2000.
The default value for this option is 100 and should
only be changed when recommended by service personnel.

raid.background_disk_fw_update.enable

Determines the behaviour of automatic disk firmware
update. Valid values for this option are on or off.
The default value for this option is on. If the
option is set to on, firmware updates to spares and
filesystem disks within RAID-DP, mirrored RAID-DP and
mirrored RAID4 volumes is performed in a non-distruptive
manner via a background process. Firmware updates
for disks within RAID4 volumes will however be done at
boot. If the option is turned off automatic firmware
update will occur in a manner similar to that for previous
releases, namely at boot or during disk insertion.
More information can be found within
disk_fw_update man pages.

raid.disk.copy.auto.enable

Determines the action taken when a disk reports a predictive
failure. Valid values for this option are on
or off. The default value for this option is on.

Sometimes, it is possible to predict that a disk will
fail soon based on a pattern of recovered errors that
have happened on the disk. In such cases, the disk
will report a predictive failure to Data ONTAP. If
this option is set to on, Data ONTAP will initiate
Rapid RAID Recovery to copy data from the failing disk
to an available spare. When data is copied, the disk
will be failed and placed in the pool of broken disks.
If a spare is not available, the filer will continue
to use the prefailed disk until the disk fails.

If the option is set to off, the disk will be failed
immediately and placed in the pool of broken disks. A
spare will be selected and data from the missing disk
will be reconstructed from other disks in the RAID
group. The disk will not be failed if the RAID group
is already degraded or reconstructing so that another
disk failure would lead to a failure of the whole RAID
group.

raid.media_scrub.enable

Enables/disables continuous background media scrubs
for all aggregates (including those embedded in traditional
volumes) in the system. Valid values for this
option are on or off. The default value for this
option is on. When enabled, a low-overhead version of
scrub which checks only for media errors runs continuously
on all aggregates in the system. Background
media scrub incurs negligible performance impact on
user workload and uses aggressive disk and CPU throttling
to achieve that.

raid.media_scrub.spares.enable

Enables/Disables continuous background media scrubs
for all spares drives within the system. Valid values
for this option are on or off. The default value for
this option is on. When enabled a low overhead version
of scrub which checks only for media errors runs
continuously on all spare drives of the system. Background
media scrub incurs negligible performance
impact on user workload and uses aggressive disk and
CPU throttling to achieve that. This option is used
in conjunction with raid.media_scrub.enable which
enables/disables media_scrub on a system-wide basis.
The value for this option has no effect if the systemwide
option is set to off.

raid.media_scrub.rate

Sets the rate of media scrub on an aggregate (including
those embedded in traditional volumes). Valid values
for this option range from 300 to 3000 where a
rate of 300 represents a media scrub of approximately
512 MBytes per hour, and 3000 represents a media scrub
of approximately 5 GBytes per hour. The default value
for this option is 600, which is a rate of approximately
1 GByte per hour.

raid.min_spare_count

Specifies the minimum number of spare drives required
to avoid warnings for low spares. If there are at
least raid.min_spare_count spare drives that are
appropriate replacements for any filesystem disk, then
there will be no warnings for low spares. This option
can be set from 0 to 4. The default setting is 1. Setting
this option to 0 means that there will be no
warnings for low spares even if there are no spares
available. This option can be set to 0 only on systems
with 16 or fewer attached drives and that are running
with RAID-DP aggregates. A setting of 0 is not allowed
on systems with RAID4 aggregates.

raid.mirror_read_plex_pref

Specifies the plex preference when reading from a mirrored
traditional volume or aggregate on a metrocluster-configured
system. There are three possible values
— `local’ indicates that all reads are handled by
the local plex (plex consisting of disks from Pool0),
`remote’ indicates that all reads are handled by the
remote plex (plex consisting of disks from Pool1), and
`alternate’ indicates that the handling of read
requests is shared between the two plexes. This
option is ignored if the system is not in a metrocluster
configuration, i.e., cluster_remote is not
licensed. The option setting applies to all traditional
volumes and aggregates on the filer.

raid.reconstruct_speed

This option is obsolete. See raid.reconstruct.perf_impact
for the option that controls the
effect of RAID reconstruction.

raid.reconstruct.perf_impact

Sets the overall performance impact of RAID reconstruction.
When the CPU and disk bandwidth are not
consumed by serving clients, RAID reconstruction consumes
as much as it needs. If the serving of clients
is already consuming most or all of the CPU and disk
bandwidth, this option allows control over how much of
the CPU and disk bandwidth will be taken away for
reconstruction, and hence how much of a negative performance
impact it will be to the serving of clients.
As the value of this option is increased, the speed of
reconstruction will also increase. The possible values
for this option are low, medium, and high. The
default value is medium. There is also a special
value of default, which will use the current default
value. When mirror resync and reconstruction are running
at the same time, the system does not distinguish
between their separate resource consumption on shared
resources (like CPU or a shared disk). In this case,
the resource utilization of these operations taken
together is limited to the maximum of their configured
individual resource entitlements.

raid.reconstruct.wafliron.enable

Enables starting wafliron (see vol) when reconstruction
encounters a medium error. Valid values for
this option are on and off. The default value for
this option is on. When a medium error is encountered
in an aggregate during reconstruction, access to the
volume(s) it contains is temporarily restricted and
reconstruction proceeds bypassing media errors. If
this option is enabled, wafliron is started automatically,
thus bringing the aggregate and its volume(s)
back online. If this option is disabled, the volume(s)
stay restricted.

raid.resync.perf_impact

Sets the overall performance impact of RAID mirror
resync (whether started automatically by the system or
implicitly by an operator-issued command). When the
CPU and disk bandwidth are not consumed by serving
clients, a resync operation consumes as much as it
needs. If the serving of clients is already consuming
most or all of the CPU and disk bandwidth, this option
controls how much of the CPU and disk bandwidth will
be taken away for resync operations, and hence how
much of a negative performance impact it will be to
the serving of clients. As the value of this option
is increased, the speed of resync will also increase.
The possible values for this option are low, medium,
and high. The default value is medium. There is also
a special value of default, which will use the current
default value. When RAID mirror resync and reconstruction
are running at the same time, the system
does not distinguish between their separate resource
consumption on shared resources (like CPU or a shared
disk). In this case, the resource utilization of
these operations taken together is limited to the maximum
of their configured individual resource entitlements.

raid.rpm.ata.enable

Enforces separation of ATA disks by uniform rotational
speed (RPM). If you set this option to on, Data ONTAP
always selects ATA disks with the same RPM when creating
new aggregates or when adding disks to existing
aggregates. If you set this option to off, Data ONTAP
does not differentiate between ATA disks based on
rotational speed. For example, Data ONTAP might use
both 5400 RPM and 7200 RPM disks in the same aggregate.
The default value is off.

raid.rpm.fcal.enable

Enforces separation of FC-AL disks by uniform rotational
speed (RPM). If you set this option to on,
Data ONTAP always selects FC-AL disks with the same
RPM when creating new aggregates or when adding disks
to existing aggregates. If you set this option to
off, Data ONTAP does not differentiate between FC-AL
disks based on rotational speed. For example, Data
ONTAP might use both 10K RPM and 15K RPM disks in the
same aggregate. The default value is on.

raid.scrub.duration

Sets the duration of automatically started scrubs, in
minutes. If this is not set or set to 0, it defaults
to 6 hours (360 minutes). If set to `-1′, all
automatic scrubs will run to completion.

raid.scrub.enable

Enables/disables the RAID scrub feature (see
disk). Valid values for this option are on or
off. The default value for this option is on. This
option only affects the scrubbing process that gets
started from cron. This option is ignored for userrequested
scrubs.

raid.scrub.perf_impact

Sets the overall performance impact of RAID scrubbing
(whether started automatically or manually). When the
CPU and disk bandwidth are not consumed by serving
clients, scrubbing consumes as much as it needs. If
the serving of clients is already consuming most or
all of the CPU and disk bandwidth, this option controls
how much of the CPU and disk bandwidth will be
taken away for scrubbing, and hence how much of a negative
performance impact it will be to the serving of
clients. As the value of this option is increased,
the speed of scrubbing will also increase. The possible
values for this option are low, medium, and high.
The default value is low. There is also a special
value of default, which will use the current default
value. When scrub and mirror verify are running at
the same time, the system does not distinguish between
their separate resource consumption on shared
resources (like CPU or a shared disk). In this case,
the resource utilization of these operations taken
together is limited to the maximum of their configured
individual resource entitlements.

raid.scrub.schedule

Specifies the weekly schedule (day, time and duration)
for scrubs started automatically by the
raid.scrub.enable option. The default schedule is Sunday
1 a.m. for the duration specified by the
raid.scrub.duration option. If an empty string (“”)
is specified as an argument, it will delete the previous
scrub schedule and add the default schedule. One
or more schedules can be specified using this option.
The syntax is duration[h|m]@weekday@start_time,[duration[h|m]@weekday@start_time,…]
where duration is

the time period for which scrub operation is allowed
to run, in hours or minutes (‘h’ or `m’ respectively).
If duration is not specified, the raid.scrub.duration
option value will be used as duration for the schedule.

weekday is the day when scrub operation should start.
Valid values are sun, mon, tue, wed, thu, fri, sat.

start_time is the time when scrub should start, specified
in 24 hour format. Only the hour (0-23) needs to
be specified.

For example, options raid.scrub.schedule
240m@tue@2,8h@sat@22 will cause scrub to start on
every Tuesday at 2 a.m. for 240 minutes, and on every
Saturday at 10 p.m. for 480 minutes.

raid.timeout

Sets the time, in hours, that the system will run
after a single disk failure in a RAID4 group or a two
disk failure in a RAID-DP group has caused the system
to go into degraded mode or double degraded mode
respectively. The default is 24, the minimum acceptable
value is 0 and the largest acceptable value is
4,294,967,295. If the raid.timeout option is specified
when the system is in degraded mode or in double
degraded mode, the timeout is set to the value specified
and the timeout is restarted. If the value specified
is 0, automatic system shutdown is disabled.

raid.verify.perf_impact

Sets the overall performance impact of RAID mirror
verify. When the CPU and disk bandwidth are not consumed
by serving clients, a verify operation consumes
as much as it needs. If the serving of clients is
already consuming most or all of the CPU and disk
bandwidth, this option controls how much of the CPU
and disk bandwidth will be taken away for verify, and
hence how much of a negative performance impact it
will be to the serving of clients. As you increase
the value of this option, the verify speed will also
increase. The possible values for this option are
low, medium, and high. The default value is low.
There is also a special value of default, which will
use the current default value. When scrub and mirror
verify are running at the same time, the system does
not distinguish between their separate resource consumption
on shared resources (like CPU or a shared
disk). In this case, the resource utilization of
these operations taken together is limited to the maximum
of their configured individual resource entitlements.

replication.logical.reserved_transfers

This option guarantees that the specified number of
qtree SnapMirror or SnapVault source/destination
transfers can always be run. Setting this option will
reduce the maximum limits for all other transfer
types. The default value for this option is 0.

replication.logical.transfer_limits

This option is available for customers who do not need
increased stream counts. It is provided to revert back
to the legacy stream counts. The default value for
this option is current.

replication.throttle.enable

Enables global network throttling of SnapMirror and
SnapVault transfers. The default value for this
options is off.

replication.throttle.incoming.max_kbs

This option specifies the maximum total bandwidth used
by all the incoming (applied at destination) SnapMirror
and SnapVault transfers, specified in kilobytes/sec.
The default value for this option is unlimited,
which means there is no limit on total bandwidth
used. This option is valid only when the option replication.throttle.enable
is on.

replication.throttle.outgoing.max_kbs

This option specifies the maximum total bandwidth used
by all the outgoing (applied at source) SnapMirror and
SnapVault transfers specified in kilobytes/sec. The
default value for this option is unlimited, which
means there is no limit on total bandwidth used. This
option is valid only when the option
replication.throttle.enable is on.

replication.volume.reserved_transfers

This option guarantees that the specified number of
volume SnapMirror source/destination transfers can
always be run. Setting this option will reduce the
maximum limits for all other transfer types. The
default value for this option is 0.

replication.volume.transfer_limits

This option is available for customers that do not
need increased stream counts, this option is provided
to revert back to the legacy stream counts. The
default value for this option is current.

replication.volume.use_auto_resync

This option enables auto resync functionality for Synchronous
SnapMirror relations. This option if enabled
on Synchronous SnapMirror, destination will update
from the source using the latest common base snapshot
deleting all destination side snapshots newer than the
common base snapshot. The default value for this
option is off.

rmc.setup

If LAN settings have been provided for a remote management
controller, this will be set to on and the
presence of its dedicated LAN interface and external
power supply is periodically verified.

rpc.nlm.tcp.port

This option allows the NLM rpc service over TCP to be
registered on a port other than the default. nfs off
followed by nfs on is required to re-register the service
on the new port. This is a per host option and is
persistent across reboots. The results are undefined
if more than one RPC services are registered on the
same port.

rpc.nlm.udp.port

This option allows the NLM rpc service over UDP to be
registered on a port other than the default. nfs off
followed by nfs on is required to re-register the service
on the new port. This is a per host option and is
persistent across reboots. The results are undefined
if more than one RPC services are registered on the
same port.

rpc.nsm.tcp.port

This option allows the NSM rpc service over TCP to be
registered on a port other than the default. nfs off
followed by nfs on is required to re-register the service
on the new port. This is a per host option and is
persistent across reboots. The results are undefined
if more than one RPC services are registered on the
same port.

rpc.nsm.udp.port

This option allows the NSM rpc service over UDP to be
registered on a port other than the default. nfs off
followed by nfs on is required to re-register the service
on the new port. This is a per host option and is
persistent across reboots. The results are undefined
if more than one RPC services are registered on the
same port.

rpc.mountd.tcp.port

This option allows the MOUNTD rpc service over TCP to
be registered on a port other than the default. nfs
off followed by nfs on is required to re-register the
service on the new port. This is a per host option and
is persistent across reboots. The results are undefined
if more than one RPC services are registered on
the same port.

rpc.mountd.udp.port

This option allows the MOUNTD rpc service over UDP to
be registered on a port other than the default. nfs
off followed by nfs on is required to re-register the
service on the new port. This is a per host option and
is persistent across reboots. The results are undefined
if more than one RPC services are registered on
the same port.

rpc.pcnfsd.tcp.port

This option allows the PCNFSD rpc service over TCP to
be registered on a port other than the default. nfs
off followed by nfs on is required to re-register the
service on the new port. This is a per host option and
is persistent across reboots. The results are undefined
if more than one RPC services are registered on
the same port.

rpc.pcnfsd.udp.port

This option allows the PCNFSD rpc service over UDP to
be registered on a port other than the default. nfs
off followed by nfs on is required to re-register the
service on the new port. This is a per host option and
is persistent across reboots. The results are undefined
if more than one RPC services are registered on
the same port.

rpc.rquotad.udp.port

This option allows the RQUOTAD rpc service over UDP to
be registered on a port other than the default. nfs
off followed by nfs on is required to re-register the
service on the new port. This is a per host option and
is persistent across reboots. This service is only
registered over UDP. The results are undefined if more
than one RPC services are registered on the same port.

rsh.access

Restricts rsh access to the filer. For valid values,
see protocolaccess(8).

rsh.enable

Enables the RSH server on the filer. Valid values for
this option are on or off. The default value for this
option is on.

security.admin.authentication

This option controls where the filer finds authentication
information for admins. Authentication can be
done via the local administrative repository or
through repositories found in the nsswitch.conf file.
Authentication via nsswitch.conf allows ldap and nis
centralized administration. The value of this option
can be `internal’, `nsswitch’, `internal,nsswitch’ or
`nsswitch,internal’. The repositories are searched in
the order specified. The default value is `internal’.

security.admin.nsswitchgroup

This option specifies which group found in the nsswitch.conf
file has administrative access to the
filer. This option must be set to a valid group to
give any nsswitch users login privileges. See useradmin
for more information about the admin role.
The default value is no group.

security.passwd.firstlogin.enable

This option controls whether all admins (except for
root) must change their passwords upon first login. A
value of on means that newly created admins, or admins
whose passwords were changed by another admin, may
only run the passwd command until the password is
changed. Default value is off.

security.passwd.lockout.numtries

This option controls how many attempts an admin can
try a login before the account is disabled. This
account may be re-enabled by having a different admin
change the disabled admin’s password. If this value is
default, then failing to login will never disable an
account. The default value for this option is
4294967295.

security.passwd.rootaccess.enable

This option controls whether root can have access to
the system. A value of off means that root cannot
login or execute any commands. This option is reset to
on if a user changes root’s password, or during a boot
without etc/rc. By default, this option is on.

security.passwd.rules.enable

This option controls whether a check for password composition
is performed when new passwords are specified.
See passwd and/or useradmin for
additional information on relevant effected functionality.
A value of on means that the check will be
made, and the password rejected if it doesn’t pass the
check. A value of off means that the check won’t be
made. The default value for this option is on. By
default, this option does not apply to the users
“root” or “Administrator” (the NT Administrator
account).

security.passwd.rules.everyone

This option controls whether a check for password composition
is performed for all users, including “root”
and “Administrator”. A value of off means that the
checks do not apply to “root” or “Administrator” (but
still may apply to all other users). The default value
value for this option is off. security.passwd.rules.enable
must have the value on or

this option is ignored.

security.passwd.rules.history

This option controls whether an administrator can reuse
a previous password. A value of 5 means that the
appliance will store 5 passwords, none of which an
admin can re-use. A value of 0 means that an admin is
not restricted by any previous password. Default value
is 0. security.passwd.rules.enable must have the value
on or this option is ignored. To prevent administrators
from abusing this option by cycling through the
password history, see the `-m’ option in useradmin.

security.passwd.rules.maximum

This option controls the maximum number of characters
a password can have. Though there is no default value
for this option, only the first 16 characters are
saved. Users with passwords greater than 14 characters
will not be able to log in via the Windows interfaces,
so if you are using Windows, we recommend this value
to be 14.) security.passwd.rules.enable must have the
value on or this option is ignored.

security.passwd.rules.minimum

This option controls the minimum number of characters
a password must have. The default value for this
option is 8. security.passwd.rules.enable must have
the value on or this option is ignored.

security.passwd.rules.minimum.alphabetic

This option controls the minimum number of alphabetic
characters a password must have. (IE: A password cannot
be just digits and symbols.) These are capitol and
lowercase letters from a to z. The default value for
this option is 2. security.passwd.rules.enable must
have the value on or this option is ignored.

security.passwd.rules.minimum.digit

This option controls the minimum number of digit characters
a password must have. These are numbers from 0
to 9. The default value for this option is 1. security.passwd.rules.enable
must have the value on or

this option is ignored.

security.passwd.rules.minimum.symbol

This option controls the minimum number of symbol
characters a password must have. These are whitespace
and punctuation characters. The default value for this
option is 0. security.passwd.rules.enable must have
the value on or this option is ignored.

snaplock.autocommit_period

This option can be used to specify a time delay to be
used with the SnapLock auto-commit feature. This feature
automatically converts to WORM status any file on
any SnapLock volume if the file has not changed during
the delay period. The retention date on the committed
file will be determined by the volume’s default retention
period.

To specify a time delay, set this option to a value
consisting of an integer count followed by an indicator
of the time period: `h’ for hours, `d’ for `days,
`m’ for months, or `y’ for years. For example, to
specify an auto-commit delay period of 4 hours, set
this option to `4h’.

To disable the SnapLock auto-commit feature, set this
option to none. This is the default value.

The minimum delay that can be specified is two hours.
Because auto-commits are performed by a scanner, it
could take some time after the delay period ends for
the file to be committed to WORM.

snaplock.compliance.write_verify

This option is used to verify all disk writes to
snaplock compliance volumes. It is used when immediate
verification of the recording process is required. By
default the options is `off’.

Using this option will have a negative impact on volume
performance.

snaplock.log.default_retention

This option can be used to specify a default retention
policy for a secure log file. The default value is 6
months `6m’ and can not be set to less then 6 months.
The option may be specified in m|y.

The default retention is used only when operations
that are being logged do not specify a retention
period. A secure log will be retained for the maximum
retention time necessary to verify secure operations
performed on files in the log.

snaplock.log.maximum_size

This options specifies the maximum size for a secure
log before the file is closed and a new log file is
generated for use by the secure logging infrastructure.
The default value is `10m’ and the possible
values for units are `k’, `m’, `g’ and `t’. If no unit
is specified, given size is assumed to be in bytes.

The minimum size of any log file is 4k and the maximum
size is (4t-1).

snapmirror.access

This option determines which SnapMirror destination
filers may initiate transfers, and over which network
interfaces. When set to “legacy”, SnapMirror uses the
older snapmirror.allow to determine access. The
option value is a string containing an expression
which provides the access filter. An example of the
options command for snapmirror.access is options snapmirror.access
host=toaster,fridge. The default value
is “legacy”. See snapmirror , snapmirror.allow(5)
and protocolaccess(8) for more
details.

snapmirror.checkip.enable

Enables IP address based verification of SnapMirror
destination filers by source filers. Valid values are
on or off. The default value is off. See snapmirror.allow(5)
for more details.

snapmirror.delayed_acks.enable

Enables TCP/IP delayed acknowledgements. Disabling
this can improve performance of SnapMirror network
connections in high latency networks. Valid values
are on or off. The default value is on.

This uses the slow start and congestion avoidance
algorithms as described in RFC 2581. Do note that disabling
this option can be disruptive to other clients
on the same network as the SnapMirror connection.

snapmirror.enable

Enable or disable SnapMirror operations. Valid values
for this option are on or off. The default value for
this option is off. When on (SnapMirror must be
licensed), SnapMirror data transfers and SnapMirror
scheduler are enabled. The command snapmirror on and
snapmirror off has the same effect as this option.
See snapmirror for more details.

snapmirror.log.enable

Determines whether SnapMirror activity is logged to
the SnapMirror log file. The setting does not affect
syslog output from SnapMirror. Valid values for this
option are on or off. The default value for this
option is on. When on, all the SnapMirror activities
will be logged in /etc/log/snapmirror. See snapmirror(5)
for more details.

snapvalidator.version

Determines the version of Oracle that will be validated
for by SnapValidator. This setting applies to
all volumes that have the `svo_enable’ option set to
on. For more information on the this options see
vol. Valid values for this option are 9 or 10.
The default value for this option is 9.

snapvault.access

Restricts/allows client and server access to snapvault
from a different filer. The default value is “none”
For valid values, see protocolaccess(8).

snapvault.enable

Enable or disable snapvault operation. Valid values
for this option are on or off. The default value for
this option is off.

snapvault.lockvault_log_volume

Configures the LockVault Log Volume. Valid values for
this option are online SnapLock volume names. See
snapvault for details.

snmp.access

Restricts SNMP access to the filer. For valid values,
see protocolaccess(8).

snmp.enable

Enables the SNMP server on the filer. Valid values
for this option are on or off. The default value for
this option is on.

ssh.access

Restricts ssh access to the filer. For valid values,
see protocolaccess(8).

ssh.enable

Enables or disables the SSH 2.0 protocol on the filer.
Valid values for this option are on or off. The
default value for this option is off.

ssh.idle.timeout

Timeout value for ssh sessions in seconds. The
default value for this option is 600 seconds.

ssh.passwd_auth.enable

Enables or disables the password authentication on the
ssh server. Valid values for this option are on or
off. The default value for this option is on.

ssh.port

Changes the port of the ssh daemon. The default value
for this option is 22.

ssh.pubkey_auth.enable

Enables or disables the public key authentication on
the ssh server. Valid values for this option are on
or off. The default value for this option is on.

ssh1.enable

Enables or disables the SSH 1.x protocol on the filer.
Valid values for this option are on or off. The
default value for this option is off.

ssh2.enable

Enables or disables the SSH 2.0 protocol on the filer.
Valid values for this option are on or off. The
default value for this option is off. This option is
equivalent to the ssh.enable option.

tape.persistent_reservations

Deprecated option. Use option tape.reservations
instead.

tape.reservations

Enables SCSI reservations or persistent reservations
for all tape drives, medium changers, bridges, and
tape libraries (including those with embedded bridges)
attached to the filer via fibre channel, including
those attached through switches. Only the initiator
which holds the reservation may change the position or
state of the device, protecting it from other initiators.
This option determines which type of reservation
is applied when a device open operation requests
a reservation. The device is released when it is
closed.

Standard “classic” SCSI reservation isolates well
under normal conditions, but reservations can be lost
during interface error recovery procedures, allowing
device access by initiators other than the erstwhile
owner. Error recovery mechanisms such as loop reset do
not affect persistent reservations.

This option replaces option tape.persistent_reservations,
which is no longer used. Valid values are off,
scsi, or persistent. The default value is off. This
option has no effect on devices attached to parallel
SCSI adapters, since the adapter already has exclusive
access to the devices.

Tape drives, medium changers, tape libraries, or
bridges do not all implement persistent reservations
correctly. If persistent does not protect a device
properly, then use scsi instead, or turn the option
off.

telnet.access

Restricts telnet access to the filer. For valid values,
see protocolaccess(8). If this value is set,
trusted.hosts is ignored for telnet.

telnet.enable

Enables the Telnet server on the filer. Valid values
for this option are on or off. The default value for
this option is on. If this option is toggled during a
telnet session, then it goes into effect on the next
telnet login.

telnet.distinct.enable

Enables making the telnet and console separate user
environments. If it is off, then telnet and console
share a session. The two sessions view each other’s
inputs/outputs and both acquire the privileges of the
last user to login. If this option is toggled during a
telnet session, then it goes into effect on the next
telnet login. Valid values for this option are on or
off. The default value for this option is off.

telnet.hosts

Deprecated option, use trusted.hosts instead.

tftpd.enable

Enables the tftp (Trivial File Transfer Protocol)
server on the filer. Valid values for this option are
on or off. The default value for this option is off.
When enabled, the filer’s tftp server allows get
requests, but does not allow put requests.

tftpd.logging

Enables console logging of accesses for files via
tftp. Valid values for this option are on or off.
The default value for this option is off.

tftpd.rootdir

Specifies the tftpd rootdir. All relative accesses to
files via tftp are considered relative to this directory.
All absolute accesses via tftp can only access a
file if it lies in the filesystem tree rooted at this
directory. A valid value for this option is the fully
qualified pathname to a valid, existing directory on
any volume on the filer. The default value of this
option is /etc/tftpboot.

timed.enable

If on and a remote protocol (“ntp” or “rdate”) is
specified the time daemon (timed) synchronizes to an
external source. If off, time is synchronized to the
internal Real-Time Clock chip, just as it would with
the protocol set to “rtc.” Valid values for this
option are on or off. The default value for this
option is on.

Cluster considerations: Regardless of the setting of
this option, we always attempt to keep the time on the
two nodes synchronized. One node plays the role of
“time master” and the other node plays the role of
“time slave.” The determination of time master and
time slave is automatic and can not be controlled by
the administrator. The time slave always attempts to
synchronize with the time master using the sntp protocol
over the cluster interconnect. If that attempt
fails, this option determines whether the time slave
will then try to synchronize with a time source or
sources specified by timed.proto and timed.servers.

timed.log

Specifies whether time changes initiated by timed
should be logged to the console.

Cluster considerations: Specifies whether time changes
initiated by the time slave should be logged to the
console.

timed.max_skew

Specifies the maximum amount of skew between the time
reported by the time server and the filer’s time that
we will allow when synchronizing the time. If the
difference in the time reported by the server and the
filer’s time is greater than this value, the filer
will not synchronize to the time reported by the time
server. The maximum skew is specified in seconds
(suffix s), minutes (suffix m), or hours (suffix h).
Defaults to “30m”.

Cluster considerations: Specifies the maximum amount
of skew between the time reported by the time master
and the time slave’s time.

timed.proto

Specifies the protocol used to synchronize time.
Valid values for this option are rdate, sntp or rtc.
rdate specifies the rdate (RFC 868) protocol. sntp
specifies the Simple Network Time Protocol (RFC 2030).
rtc specifies the internal Real-Time Clock chip. The
default value for this option is rtc.

Note that ntp is the displayed value for the sntp setting,
and can also be used as a valid alias for sntp
in this option.

Cluster considerations: The time slave always uses the
sntp protocol when synchronizing to the time master.

timed.sched

Specifies the timed synchronization schedule. There
are several pre-defined schedules:

hourly

synchronize every hour (the default)

multihourly

synchronize every 6 hours

daily

synchronize every day at midnight.

Custom schedules may also be specified by giving the
number of minutes or hours between time synchronization.
Minutes are specified by digits followed by an
“m”; hours are specified by digits followed by an “h”.
For example, options timed.sched 2h will cause time to
be synchronized every two hours.

To avoid overburdening the time server, the filer randomly
selects the exact time of the synchronization
within a window specified by timed.window.

After timed.sched is set, timed.window is capped at
ten percent of timed.sched.

Cluster considerations: specifies the time synchronization
schedule for the time slave.

timed.servers

Specifies up to five time servers used by the time
daemon. Time servers are contacted in the order specified;
if a server can’t be contacted, the time daemon
tries the next one in the list. The default value for
this option is the null string.

Cluster considerations: the time slave always attempts
to synchronize with the time master. If that attempt
fails and timed.proto is rdate or sntp, this option
specifies the time servers used by the time slave.

timed.window

Specifies a window around the synchronization time set
by timed.sched. The actual synchronization time is
randomly chosen from within this window. timed.window
is specified in seconds (suffix s) or minutes (suffix
m). The value may be 0, but it may not exceed ten percent
of timed.sched. timed.window defaults to “0s”.

Cluster considerations: Specifies a window around the
synchronization time set by timed.sched for the time
slave.

trusted.hosts

Specifies up to 5 clients that will be allowed telnet,
rsh, and administrative HTTP (i.e. FilerView) access
to the server. The host names should be entered as a
comma-separated list with no spaces in between. Enter
a “*” to allow access to all clients; this is the
default. Enter a “-” to disable access to the server.
NOTE: this option used to be called telnet.hosts, and
in fact that is still an alias for this option. This
value is ignored for telnet if telnet.access is set,
and is ignored for administrative HTTP if
httpd.admin.access is set. See protocolaccess(8)
for more details.

vol.copy.throttle

Specifies the default speed of all volume copy operations.
The speed can be a number in the range from 1
to 10, with 10 being the highest speed and the
default. When a vol copy operation is started, its
throttle is set to this value. See vol for more
details on the vol copy command.

wafl.default_nt_user

Specifies the NT user account to use when a UNIX user
accesses a file with NT security (has an ACL), and
that UNIX user would not otherwise be mapped. If this
option is set to the null string, such accesses will
be denied. The default value for this option is the
null string.

wafl.default_security_style

Specifies the default security style assigned to a new
volume. All qtrees created on the volume get this as
their security style. Legal values for this option
are `unix’, `ntfs’, or `mixed’. The default value for
this option is `unix’, unless the filer is an NTFSonly
filer, in which case the default is `ntfs’.

wafl.default_unix_user

Specifies the UNIX user account to use when an authenticated
NT user did not match an entry in the
usermap.cfg file. If this option is set to the null
string, NT users which are not matched in the
usermap.cfg file will not be allowed to log in. The
default value for this option is `pcuser’.

wafl.group_cp

Specifies the WAFL behavior for coordinating consistency
points between groups of volumes in an appliance.
If the WAFL Group-CP feature is active then
WAFL will coordinate updates across multiple traditional
volumes and aggregates during a WAFL consistency
point. If WAFL Group-CP is not active then consistency
points are not coordinated across traditional
volumes and aggregates during recovery. The allowed
values for this option are `on’, `off’ or `default’.
If the value is set to `default’ then the option is
set based on the MetroCluster license for the appliance;
if MetroCluster is licensed then the default is
on, otherwise the default is off.

wafl.nt_admin_priv_map_to_root

When on (the default), an NT administrator is mapped
to UNIX root.

wafl.root_only_chown

When enabled, only the root user can change the owner
of a file. When disabled, non-root users can change
the owner of files that they own. When a non-root
user changes the owner of a file they own, both the
set-UID and set-GID bits of that file are cleared for
security reasons. A non-root user is not allowed to
give away a file if it would make the recipient overrun
its user quota. wafl.root_only_chown is enabled
by default.

wafl.wcc_minutes_valid

Specifies the number of minutes a WAFL credential
cache entry is valid. The value can range from 1
through 20160. The default is 20.

webdav.enable

Enables WebDAV access to the filer. Valid values for
this option are on or off.

Default: off

Effective: Immediately

Persistence: Remains in effect across system reboots

Multiple options can be set at once in an options command.
For example:

   options nfs.tcp.enable on nfs.v2.df_2gb_lim on raid.timeout 48

sets nfs.tcp.enable to on, sets nfs.v2.df_2gb_lim to on,

and sets raid.timeout to 48.

EXAMPLES

options cifs.trace_login on

Turns on the logging for all CIFS login related
activities.

options cifs

Prints all the options that start with cifs .

CLUSTER CONSIDERATIONS

In general, each filer in a cluster has its own options
that are independent of the options of its partner. After
a takeover, the live filer uses its own option settings or
its partner’s option settings, depending on whether the
live filer operates in partner mode.

However, a few options must have the same setting for both
filers in a cluster for takeover to work properly. If you
change the setting for one of these options on one filer,
the filer displays a message reminding you to make the
same change on the other filer. In takeover mode, the same
option values are used for both filers.

The following list of options must have the same value on
both filers in a cluster:

snmp.enable

  telnet.enable
  trusted.hosts
  wafl.group_cp

It is recommended that the following list of options have

the same value on both filers in a cluster:

timed.enable

  timed.log
  timed.max_skew
  timed.proto
  timed.sched
  timed.servers
  timed.window

During takeover, certain partner option values are overridden

by those of the live filer. Whether the live filer
is operating in partner mode or not, the live filer’s
value will be used when an option must be consulted.

The following list of options are overwritten by the live
filer’s values during takeover:

 

  auditlog.enable
  auditlog.max_file_size
  autologout.telnet.enable
  autologout.telnet.timeout
  dns.domainname
  dns.enable
  httpd.log.format
  httpd.timeout
  httpd.timewait.enable
  ip.match_any_ifaddr
  ip.path_mtu_discovery.enable
  nfs.per_client_stats.enable
  nfs.v2.df_2gb_lim
  nfs.v3.enable
  nis.domainname
  nis.enable
  nis.group_update.enable
  nis.group_update_schedule
  nis.servers
  nis.slave.enable
  pcnfsd.enable
  raid.disk.copy.auto.enable
  raid.media_scrub.enable
  raid.reconstruct.perf_impact
  raid.reconstruct.wafliron.enable
  raid.resync.perf_impact
  raid.rpm.ata.enable
  raid.rpm.fcal.enable
  raid.timeout
  raid.verify.perf_impact
  rmc.setup
  vol.copy.throttle
  wafl.root_only_chown
  wafl.wcc_minutes_valid

After takeover, the options command can be used in partner

mode to modify an option setting for the failed filer.
However, the change is lost after the giveback operation.

VFILER CONSIDERATIONS

Each vfiler has its own set of options. Vfilers, however,
recognize only a subset of the options recognized by a
filer. The list of options recognized by a vfiler are:

cifs.audit.enable

  cifs.audit.file_access_events.enable
  cifs.audit.logon_events.enable
  cifs.audit.logsize
  cifs.audit.saveas
  cifs.bypass_traverse_checking
  cifs.comment
  cifs.guest_account
  cifs.home_dir_namestyle
  cifs.homedirs_public_for_admin
  cifs.idle_timeout
  cifs.max_mpx
  cifs.netbios_aliases
  cifs.netbios_over_tcp.enable
  cifs.nfs_root_ignore_acl
  cifs.oplocks.enable
  cifs.oplocks.opendelta
  cifs.perm_check_ro_del_ok
  cifs.perm_check_use_gid
  cifs.preserve_unix_security
  cifs.restrict_anonymous.enable
  cifs.save_case
  cifs.scopeid
  cifs.search_domains
  cifs.show_snapshot
  cifs.shutdown_msg_level
  cifs.sidcache.enable
  cifs.sidcache.lifetime
  cifs.snapshot_file_folding.enable
  cifs.symlinks.cycleguard
  cifs.symlinks.enable
  cifs.trace_login
  cifs.universal_nested_groups.enable
  dns.domainname
  dns.enable
  ndmpd.access
  ndmpd.authtype
  ndmpd.connectlog.enabled
  ndmpd.enable
  ndmpd.ignore_ctime.enabled
  ndmpd.password_length
  nfs.mount_rootonly
  nfs.per_client_stats.enable
  nfs.require_valid_mapped_uid
  nfs.tcp.enable
  nfs.udp.xfersize
  nfs.v2.df_2gb_lim
  nfs.v3.enable
  nfs.webnfs.enable
  nfs.webnfs.rootdir
  nfs.webnfs.rootdir.set
  nis.domainname
  nis.enable
  nis.group_update.enable
  nis.group_update_schedule
  nis.servers
  nis.slave.enable
  pcnfsd.enable
  pcnfsd.umask
  rsh.access
  rsh.enable
  security.passwd.rules.enable
  snapmirror.enable
  snapmirror.checkip.enable
  snapmirror.access
  snapvault.access
  snapvault.enable
  wafl.default_nt_user
  wafl.default_unix_user
  wafl.nt_admin_priv_map_to_root
  wafl.wcc_max_entries
  wafl.wcc_minutes_valid

These options only affect the operation of the concerned

vfiler. When run in the context of a vfiler, (e.g. via
the vfiler run command), the options command only prints
the options recognized by a vfiler, and can only change
these options.

SEE ALSO

disk, nfsstat, partner, snap, passwd, secureadmin, useradmin,
vfiler, vol, autosupport, auditlog,
pcnfsd, protocolaccess.

BUGS

A perfect appliance would need no options (other than,
perhaps, a darkness adjustment knob). However, user Nigel
Tuffnell reports he likes the raid.reconstruct_speed knob
that goes from 1 to 10, but he requests a future enhancement
to “go to 11 because it’s one better, isn’t it?”

Home Page