Shulou(Shulou.com)06/03 Report--

This document applies to the 7-mode operating system DATA ONTAP 8.2.7. License preparation

CIFS needs License, but the strange thing is that without License, you can still create shares, but you can't access it. Unlike other features such as NFS, without license, the first step is to remind you that you can't do it.

Netapptest1> license show-type CIFS

License show: & quot;CIFS" is an unrecognized license type, skipping.

Serial Number: 4079432-74-8

Owner: netapptest1

Package Type Description Expiration

--

CIFS license CIFS License-

Data ONTAP supports the following CIFS authentication methods:

(1) Active Directory domain authentication (Active Directory domains only)

(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)

(3) Windows Workgroup authentication using the filer's local user accounts

(4) / etc/passwd and/or NIS/LDAP authentication

Generally speaking, if there is no AD, use the third, otherwise the first. Run the cifs setup command, and if CIFS is already running, you need to run cifs terminate to stop the current CIFS service. CIFS cannot be modified online.

Select 1 to use the Active Directory domain Authentication configuration Wizard

Creation method

Still run the cifs setup command. What we need to pay attention to and be prepared for is:

1) WINS information, which is optional

2) time server, if the time difference is more than 5 minutes, the Kerberos authentication may fail.

3) Windows domain and administrator account information

4) DNS should be configured in advance.

Etapptest1 > cifs setup

This process will enable CIFS access to the filer from a Windows (R) system.

Use "?" For help at any prompt and Ctrl-C to exit without committing changes.

This filer is currently a member of the Windows-style workgroup

'WORKGROUP'.

Do you want to continue and change the current filer account information? [n]: y

Your filer does not have WINS configured and is visible only to

Clients on the same subnet.

Do you want to make the system visible via WINS? [n]: y

You can enter up to 4 IPv4 WINS server addresses.

IPv4 address (es) of your WINS name server (s) []: 192.168.0.130

Would you like to specify additional WINS name servers? [n]:

This filer is currently configured as an NTFS-only filer.

Would you like to reconfigure this filer to be a multiprotocol filer? [n]:

The default name for this CIFS server is' NETAPPTEST1'.

Would you like to change this name? [n]:

Data ONTAP CIFS services support four styles of user authentication.

Choose the one from the list below that best suits your situation.

(1) Active Directory domain authentication (Active Directory domains only)

(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)

(3) Windows Workgroup authentication using the filer's local user accounts

(4) / etc/passwd and/or NIS/LDAP authentication

Selection (1-4)? [1]: 1

What is the name of the Active Directory domain? [vmware-test.com]: vmware-test.com

In Active Directory-based domains, it is essential that the filer's

Time match the domain's internal time so that the Kerberos-based

Authentication system works correctly. If the time difference between

The filer and the domain controllers is more than 5 minutes

Authentication will fail. Time services are currently not configured

On this filer.

Would you like to configure time services? [y]: y

CIFS Setup will configure basic time services. To continue, you must

Specify one or more time servers. Specify values as a comma or space

Separated list of server names or IPv4 addresses. In Active

Directory-based domains, you can also specify the fully qualified

Domain name of the domain being joined (for example:

"VMWARE-TEST.COM"), and time services will use those domain

Controllers as time servers.

Enter the time server host (s) and/or address (es) [VMWARE-TEST.COM]: 192.168.0.130

Would you like to specify additional time servers? [n]:

1 entry was deleted.

In order to create an Active Directory machine account for the filer

You must supply the name and password of a Windows account with

Sufficient privileges to add computers to the VMWARE-TEST.COM domain.

Enter the name of the Windows user [Administrator@VMWARE-TEST.COM]: administrator

Password for administrator:

CIFS-Logged in as administrator@VMWARE-TEST.COM.

An account that matches the name 'NETAPPTEST1' already exists in

Active Directory: 'cn=netapptest1,cn=computers,dc=vmware-test,dc=com'.

This is normal if you are re-running CIFS Setup. You may continue by

Using this account or changing the name of this CIFS server.

Do you want to re-use this machine account? [y]: y

CIFS-Starting SMB protocol...

Currently the user "NETAPPTEST1\ administrator" and members of the

Group "VMWARE-TEST\ Domain Admins" have permission to administer CIFS

On this filer. You may specify an additional user or group to be added

To the filer's "BUILTIN\ Administrators" group, thus giving them

Administrative privileges as well.

Would you like to specify a user or group that can administer CIFS? [n]:

Welcome to the VMWARE-TEST.COM (VMWARE-TEST) Active Directory (R) domain.

CIFS local server is running.

Current domain control information: (this information is actually obtained through DNS)

Etapptest1 > cifs domaininfo

NetBIOS Domain: VMWARE-TEST

Windows Domain Name: vmware-test.com

Domain Controller Functionality: Windows 2003

Domain Functionality: Windows 2000

Forest Functionality: Windows 2000

Filer AD Site: Default-First-Site-Name

Current Connected DCs:\\ DOMAIN-SERVER

Total DC addresses found: 1

Preferred Addresses:

None

Favored Addresses:

192.168.0.130 DOMAIN-SERVER PDCOther Addresses:

None

Connected AD LDAP Server:\\ domain-server.vmware-test.com

Preferred Addresses:

None

Favored Addresses:

192.168.0.130

Domain-server.vmware-test.comOther Addresses:

None

Access method

It can be accessed using any user in the domain. Of course, local users created earlier can still access it.

We can see which users are currently accessing CIFS:

Netapptest1 > cifs sessions

Server Registers as' NETAPPTEST1' in Windows domain 'VMWARE-TEST'

Root volume language is not set. Use vol lang.

WINS Server: 192.168.0.130

Selected domain controller\\ DOMAIN-SERVER for authentication

=

PC IP (PC Name) (user) # shares # files

192.168.0.130 (DOMAIN-SERVER) (VMWARE-TEST\ administrator-pcuser)

1 0

192.168.0.200 (DTC1F0FFA71982F) (NETAPPTEST1\ administrator-pcuser)

Create CIFS share

There are 2 ways to create:

1) create through Windows MMC

2) create through the command line or graphical interface

Create a CIFS share through Windows MMC:

Create a CIFS share from the command line

Netapptest1 > cifs shares-add Website / vol/FlexVol01-comment "Website for Wordpress"

Netapptest1 >

Netapptest1 >

Netapptest1 > cifs shares

Name Mount Point Description

-

ETC$ / etc Remote Administration

BUILTIN\ Administrators / Full Control

HOME / vol/vol0/home Default Share

Everyone / Full Control

C $/ Remote Administration

BUILTIN\ Administrators / Full Control

Website / vol/FlexVol01 Website for Wordpress

Everyone / Full Control

Permission setting

The permissions of CIFS are controlled by two layers, share level and File level (created in windows)

The vast majority of customers set share level to everyone/ Full control and control permissions in windows. Because the authorization in AD is more detailed.

Permission control will not be carried out in both level unless the customer has a high security concern. And the permission setting of layer 2 will be cumbersome to manage, because insufficient permissions on either layer will lead to access failure.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.