Introduction
In the following post we setup CIFS access on Clustered
ONTAP 8.1.3P1. We construct a Vserver; CIFS server and all other required configurations;
volume and share; then show it working! In the Appendix we completely
deconstruct the setup (the process of constructing and then deconstructing is a
great way to learn)!
Walkthrough:
Construct CIFS on Clustered ONTAP 8.1 with UNIX Security Style
The commands below:
- License the CDOT 8.1.3 cluster for CIFS
- Create a Vserver with options (including UNIX security
style root volume)
- Modify the Vserver to allow CIFS only
- Create a management LIF
- Create a data LIF for CIFS
- Unlock the Vserver vsadmin user
- Configure Vserver DNS services
- Create a CIFS server and join it to the AD domain
- Create pcuser UNIX groups and user
- Configure an export policy rule
- Modify CIFS server options
- Create a volume (with NTFS security style)
- Create a share
The following 16 lines construct our CIFS configuration,
with a volume and share:
license add FAXQGXMWZWYQSD #CIFS
vserver create -vserver vs1 -rootvolume vs1_root -aggregate aggr1 -ns-switch file -nm-switch file
-rootvolume-security-style unix -language C.UTF-8
vserver modify -vserver vs1 -allowed-protocols cifs
net int create -vserver vs1 -lif vs1_mgmt -role data -data-protocol none
-home-node na81-01 -home-port e0a -address 192.168.168.20 -netmask 255.255.255.0 -firewall-policy mgmt
net int create -vserver vs1 -lif vs1_nafs01 -role data -data-protocol cifs
-home-node na81-01 -home-port e0b -address 192.168.168.21 -netmask 255.255.255.0 -firewall-policy data
net routing-groups route create
-vserver vs1 -routing-group d192.168.168.0/24 -gateway 192.168.168.2
security login password
-username vsadmin -vserver vs1
security login unlock -username
vsadmin -vserver vs1
vserver services dns create
-vserver vs1 -domains lab.priv -state enabled -name-servers 192.168.168.10
vserver cifs create -vserver vs1 -cifs-server nafs01 -domain LAB.PRIV -ou CN=Computers
vserver services unix-group
create -vserver vs1 -name pcuser -id 65534
vserver services unix-user
create -vserver vs1 -user pcuser -id 65534 -primary-gid 65534 -full-name pcuser
vserver export-policy rule
create -vserver vs1 -policyname default -clientmatch 0.0.0.0/0 -rorule any -rwrule any -ruleindex
1 -protocol any -anon 65534 -superuser none -allow-suid true -allow-dev true
vserver cifs options modify
-vserver vs1 -default-unix-user pcuser
volume create -vserver vs1 -volume testshare -aggregate aggr1 -size 5GB -state online -type RW -policy
default -space-guarantee none -security-style ntfs -junction-path /testshare
cifs share create -vserver vs1 -share-name testshare -path /testshare -share-properties
oplocks,browsable,changenotify
Image: Our NetApp
Fileserver (NAFS01) in Active Directory
Image: A DNS Host (A)
record (with reverse lookup) created with the CIFS data LIF address
Image: Our
test share!
Appendix:
Deconstructing what was constructed in Part 1A
The following 8 lines deconstruct what we created with 16
lines before:
vol unmount -vserver vs1 -volume testshare
vol offline -vserver vs1 -volume testshare
vol destroy -vserver vs1 -volume testshare
vol offline -vserver vs1 -volume vs1_root
vol destroy -vserver vs1 -volume vs1_root
vserver cifs delete -vserver vs1
vserver destroy -vserver vs1
system license delete -feature CIFS
Comments
Post a Comment