Skip to main content
NetApp Response to Russia-Ukraine Cyber Threat
In response to the recent rise in cyber threat due to the Russian-Ukraine crisis, NetApp is actively monitoring the global security intelligence and updating our cybersecurity measures. We follow U.S. Federal Government guidance and remain on high alert. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security (CISA) website for new information as it develops and remain on high alert.
NetApp Knowledge Base

Are Local Users and Groups Supported for CIFS/SMB in ONTAP?

Views:
1,121
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

 

Applies to

  • Data ONTAP 8 CIFS/SMB
  • ONTAP 9 CIFS/SMB

Answer

  • Local users and groups (LUG) is the ability to create user accounts that are local to a Vserver.
  • Authentication and Authorization can be done by using the local users and groups, usually in extreme situations.
  • LUG has been supported since Data ONTAP 8.2 and later.
  • How to enable LUG in Data ONTAP 8.2+ and ONTAP 9?
    • MAN: cifs users-and-groups
    • Enabling or disabling local users and groups:
      Cluster::>set advanced
      Cluster::*>vserver cifs options modify -vserver vserver_name -is-local-users-and-groups-enabled true/false
    • Enabling or disabling local user authentication:
      Cluster::*>vserver cifs options modify -vserver vserver_name -is-local-auth-enabled true/false

Additional Information

Create local user on SVM and local windows machine:
- Enable cifs option -is-local-users-and-groups-enabled
- Create local-user acct, enable
- Create access-control for share in question (will be prompted to create password...this password will be needed when creating the local account on Windows client).
- Create local windows (matching user created on SVM) user w/ appropriate permissions to launch the service.

- vserver cifs options modify -vserver <vserver> -is-local-users-and-groups-enabled true
- cifs users-and-groups local-user create -user-name <Local-Windows-User> -is-account-disabled false -vserver <Vserver> -description "App Administrator"
- cifs users-and-groups local-user show -vserver <Vserver>
- vserver cifs share access-control create  -share <Share_Name> -user-or-group <Vserver>\<Local-Windows-User> -vserver <Vserver> -user-group-type windows -permission full_Control
- cifs share show -vserver <Vserver>
- then add local user to Windows machine w/appropriate access to start service.

 

Scan to view the article on your device