Are Local Users and Groups Supported for CIFS/SMB in ONTAP?
Applies to
- ONTAP 9
- CIFS/SMB
Answer
- Local users and groups (LUG) is the ability to create user accounts that are local to a Vserver.
- Authentication and Authorization can be done by using the local users and groups, usually in extreme situations.
- LUG has been supported since Data ONTAP 8.2 and later.
- How to enable LUG in Data ONTAP 8.2+ and ONTAP 9?
- MAN: cifs users-and-groups
- Enabling or disabling local users and groups:
Cluster::>set advanced
Cluster::*>vserver cifs options modify -vserver vserver_name -is-local-users-and-groups-enabled true/false - Enabling or disabling local user authentication:
Cluster::*>vserver cifs options modify -vserver vserver_name -is-local-auth-enabled true/false
Additional Information
To create local user on SVM and local windows machine:
- - Enable cifs option -is-local-users-and-groups-enabled
vserver cifs options modify -vserver <vserver> -is-local-users-and-groups-enabled true
- - Create local-user acct, enable
cifs users-and-groups local-user create -user-name <Local-Windows-User> -is-account-disabled false -vserver <Vserver> -description "App Administrator"
cifs users-and-groups local-user show -vserver <Vserver>
- Create access-control for share in question (will be prompted to create password...this password will be needed when creating the local account on Windows client).
vserver cifs share access-control create -share <Share_Name> -user-or-group <CIFS Server netBIOS name>\<Local-Windows-User> -vserver <Vserver> -user-group-type windows -permission full_Control
cifs share show -vserver <Vserver>
- Create local windows (matching user created on SVM) user w/ appropriate permissions to launch the service.