Skip to main content

This Site will be down for up to 3 hours on December 2, 2023 from 8 PM - 11 PM PST, to deploy an infrastructure update.

NetApp Knowledge Base

Are Local Users and Groups Supported for CIFS/SMB in ONTAP?

  1. Last updated
  2. Save as PDF
Views:
3,712
Visibility:
Public
Votes:
2
Category:
ontap-9
Specialty:
nas
Last Updated:

 

Applies to

  • ONTAP 9
  • CIFS/SMB

Answer

  • Local users and groups (LUG) is the ability to create user accounts that are local to a Vserver.
  • Authentication and Authorization can be done by using the local users and groups, usually in extreme situations.
  • LUG has been supported since Data ONTAP 8.2 and later.
  • How to enable LUG in Data ONTAP 8.2+ and ONTAP 9?
    • MAN: cifs users-and-groups
    • Enabling or disabling local users and groups:
      Cluster::>set advanced
      Cluster::*>vserver cifs options modify -vserver vserver_name -is-local-users-and-groups-enabled true/false
    • Enabling or disabling local user authentication:
      Cluster::*>vserver cifs options modify -vserver vserver_name -is-local-auth-enabled true/false

Additional Information

To create local user on SVM and local windows machine:

  1. - Enable cifs option -is-local-users-and-groups-enabled
    • vserver cifs options modify -vserver <vserver> -is-local-users-and-groups-enabled true
  2. - Create local-user acct, enable
    • cifs users-and-groups local-user create -user-name <Local-Windows-User> -is-account-disabled false -vserver <Vserver> -description "App Administrator"
    • cifs users-and-groups local-user show -vserver <Vserver>
  3. Create access-control for share in question (will be prompted to create password...this password will be needed when creating the local account on Windows client).
    • vserver cifs share access-control create  -share <Share_Name> -user-or-group <CIFS Server netBIOS name>\<Local-Windows-User> -vserver <Vserver> -user-group-type windows -permission full_Control
    • cifs share show -vserver <Vserver>
  4. Create local windows (matching user created on SVM) user w/ appropriate permissions to launch the service.

 

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.
Scan to view the article on your device