How to Access the ETC$ Share from a Windows Client using CIFS: Method 2/2 - Workgroup Authentication
This following post
applies to NetApp Data ONTAP 8 running in 7-Mode. The method is ages old, nothing new
here at all, just given the topic a good thorough seeing to.
Starting point
CIFS is not licensed (and hence cifs setup has not been
run.)
Walkthrough
With Workgroup
Authentication, we don’t need to concern ourselves with DNS configuration, time
synchronization. DNS (on a DNS server/hosts file) is simply a nice to have
which we skip here.
1) License CIFS
NTAP> license add
CIFSCODE
(For the 8.1.2 SIM
used here it’s: license add DZDACHD)
2) Run cifs setup
The first line is so
you don’t have to change your root password once and then back again (here CIFS
setup prompts for a new password for the root user.) We set history back to the
default 6 after CIFS setup.
NTAP> options
security.passwd.rules.history 0
NTAP> cifs setup
This process will
enable CIFS access to the filer from a Windows(R) system.
Use "?"
for help at any prompt and Ctrl-C to exit without committing changes.
Your filer does
not have WINS configured and is visible only to clients on the same subnet.
Do you want to
make the system visible via WINS?: N
A filer can be
configured for multiprotocol access, or as an NTFS-only filer. Since NFS, DAFS,
VLD, FCP, and iSCSI are not licensed on this filer, we recommend that you configure
this filer as an NTFS-only filer
(1) NTFS-only
filer
(2) Multiprotocol
filer
Selection (1-2)?:
2
CIFS requires local
/etc/passwd and /etc/group files and default files will be created. The default passwd file contains entries for
'root', ‘pcuser', and 'nobody'.
Enter the
password for the root user: XXXX
Retype the
password: XXXX
The default name
for this CIFS server is 'NTAP'.
Would you like to
change this name?: N
Data ONTAP CIFS
services support four styles of user authentication. Choose the one from the
list below that best suits your situation.
(1) Active
Directory domain authentication (Active Directory domains only)
(2) Windows NT 4
domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer's
local user accounts
(4) /etc/passwd
and/or NIS/LDAP authentication
Selection (1-4)?:
3
What is the name
of the Workgroup?: WORKGROUP
CIFS - Starting
SMB protocol...
It is recommended
that you create the local administrator account (NTAP\administrator) for this
filer.
Do you want to
create the NTAP\administrator account?: Y
Enter the new
password for NTAP\administrator: XXXX
Retype the
password: XXXX
Welcome to the
WORKGROUP Windows(R) workgroup
CIFS local server
is running.
NTAP>
NTAP> options
security.passwd.rules.history 6
3) Verify default
CIFS shares exist and test access by mapping a drive with filer the local
administrator account
NTAP> cifs shares
Name Mount Point Description
---- ----------- -----------
ETC$ /etc Remote
Administration
BUILTIN\Administrators / Full
Control
HOME /vol/vol0/home Default Share
everyone / Full Control
C$ / Remote
Administration
BUILTIN\Administrators
/ Full Control
From the Windows client:
net use
net use Z: \\10.0.20.11\ETC$
/USER:administrator
net use /delete Z:
Note: Where
10.0.20.11 is the IP address of the filer.
4) Grant a
specific filer local account access
To give say a filer local storageadmin access to /etc:
NTAP> useradmin group
add storageadmins
NTAP> useradmin user
add storageadmin -g storageadmins
NTAP> cifs access
ETC$ storageadmins “Full Control”
NTAP> cifs shares
Name Mount Point Description
---- ----------- -----------
ETC$ /etc Remote
Administration
BUILTIN\Administrators
/ Full Control
NTAP\storageadmins /
Full Control
HOME /vol/vol0/home Default Share
everyone / Full Control
C$ / Remote
Administration
BUILTIN\Administrators / Full Control
From the Windows client:
net use
net use Z: \\10.0.20.11\ETC$
/USER:storageadmin
net use /delete Z:
Image: Mapped drive
to \\FILER_IP\ETC$
Comments
Post a Comment