Skip to main content
NetApp Knowledge Base

Are Local Users and Groups Supported for CIFS/SMB in ONTAP?

Views:
213
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

 

Applies to

  • Data ONTAP 8 CIFS/SMB
  • ONTAP 9 CIFS/SMB

Answer

Local users and groups (LUG) is the ability to create user accounts that are local to a Vserver. Authentication and Authorization can be done by using the local users and groups, usually in extreme situations. LUG has been supported since Data ONTAP 8.2 and later.


How to enable LUG in Data ONTAP 8.2+ and ONTAP 9?


Enabling or disabling local users and groups:

Cluster::>set advanced
Cluster::*>vserver cifs options modify -vserver vserver_name -is-local-users-and-groups-enabled true/false


Enabling or disabling local user authentication:
Cluster::*>vserver cifs options modify -vserver vserver_name -is-local-auth-enabled true/false

Additional Information

create local user on SVM and local windows machine:


- Enable cifs option -is-local-users-and-groups-enabled
- create local-user acct, enable
- Create access-control for share in question (will be prompted to create password...this password will be needed when creating the local account on Windows client).
- create local windows (matching user created on SVM) user w/ appropriate permissions to launch the service.

- vserver cifs options modify -vserver <vserver> -is-local-users-and-groups-enabled true
- cifs users-and-groups local-user create -user-name <Local-Windows-User> -is-account-disabled false -vserver <Vserver> -description "App Administrator"
- cifs users-and-groups local-user show -vserver <Vserver>
- vserver cifs share access-control create  -share <Share_Name> -user-or-group <Vserver>\<Local-Windows-User> -vserver <Vserver> -user-group-type windows -permission full_Control
- cifs share show -vserver <Vserver>
- then add local user to Windows machine w/appropriate access to start service.