How to Setup CIFS in Clustered ONTAP 8.1.3


In the following post we setup CIFS access on Clustered ONTAP 8.1.3P1. We construct a Vserver; CIFS server and all other required configurations; volume and share; then show it working! In the Appendix we completely deconstruct the setup (the process of constructing and then deconstructing is a great way to learn)!

Walkthrough: Construct CIFS on Clustered ONTAP 8.1 with UNIX Security Style

The commands below:

- License the CDOT 8.1.3 cluster for CIFS
- Create a Vserver with options (including UNIX security style root volume)
- Modify the Vserver to allow CIFS only
- Create a management LIF
- Create a data LIF for CIFS
- Unlock the Vserver vsadmin user
- Configure Vserver DNS services
- Create a CIFS server and join it to the AD domain
- Create pcuser UNIX groups and user
- Configure an export policy rule
- Modify CIFS server options
- Create a volume (with NTFS security style)
- Create a share

The following 16 lines construct our CIFS configuration, with a volume and share:


vserver create -vserver vs1 -rootvolume vs1_root -aggregate aggr1 -ns-switch file -nm-switch file -rootvolume-security-style unix -language C.UTF-8

vserver modify -vserver vs1 -allowed-protocols cifs

net int create -vserver vs1 -lif vs1_mgmt -role data -data-protocol none -home-node na81-01 -home-port e0a -address -netmask -firewall-policy mgmt

net int create -vserver vs1 -lif vs1_nafs01 -role data -data-protocol cifs -home-node na81-01 -home-port e0b -address -netmask -firewall-policy data

net routing-groups route create -vserver vs1 -routing-group d192.168.168.0/24 -gateway

security login password -username vsadmin -vserver vs1

security login unlock -username vsadmin -vserver vs1

vserver services dns create -vserver vs1 -domains lab.priv -state enabled -name-servers

vserver cifs create -vserver vs1 -cifs-server nafs01 -domain LAB.PRIV -ou CN=Computers

vserver services unix-group create -vserver vs1 -name pcuser -id 65534

vserver services unix-user create -vserver vs1 -user pcuser -id 65534 -primary-gid 65534 -full-name pcuser

vserver export-policy rule create -vserver vs1 -policyname default -clientmatch -rorule any -rwrule any -ruleindex 1 -protocol any -anon 65534 -superuser none -allow-suid true -allow-dev true

vserver cifs options modify -vserver vs1 -default-unix-user pcuser

volume create -vserver vs1 -volume testshare -aggregate aggr1 -size 5GB -state online -type RW -policy default -space-guarantee none -security-style ntfs -junction-path /testshare

cifs share create -vserver vs1 -share-name testshare -path /testshare -share-properties oplocks,browsable,changenotify

Image: Our NetApp Fileserver (NAFS01) in Active Directory
Image: A DNS Host (A) record (with reverse lookup) created with the CIFS data LIF address
Image: Our test share!
Appendix: Deconstructing what was constructed in Part 1A

The following 8 lines deconstruct what we created with 16 lines before:

vol unmount -vserver vs1 -volume testshare
vol offline -vserver vs1 -volume testshare
vol destroy -vserver vs1 -volume testshare
vol offline -vserver vs1 -volume vs1_root
vol destroy -vserver vs1 -volume vs1_root
vserver cifs delete -vserver vs1
vserver destroy -vserver vs1
system license delete -feature CIFS