CIFS

CIFS
CIFSis intended to provide an open cross-platform mechanism for client systems to requestfile servicesfrom server systems over a network. It is based on the standard Server MessageBlock(SMB) protocol widely in use by personal computers and workstations running a wide varietyof operating systems.
Inthe world of NAS, there are 2 main protocols used: CIFS & NFS. As where NFS is used for serving data to Unix based clients, CIFS is intended to be used for serving data to Windows clients.
Incomputer networking,Server Message Block(SMB), also known asCommon Internet File System(CIFS)operates as an application-layer networkprotocolmainlyused for providing shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network.
SMBworks through a client-server approach, where a client makes specific requests and the server responds accordingly. One section of the SMB protocol specifically deals with access tofilesystems, such that clients may make requests to a fileserver.
Supported Windows clients and domain controllers
Storage systems running Data ONTAP can provide services to a specific set of Windows clients and domain controllers.Supported Windows clients:Windows 7Windows Server 2008 R2Windows Server 2008Windows VistaWindows Server 2003 R2Windows Server 2003Windows XPWindows 2000Windows NTWindows 98Windows 95Supported domain controllers:Windows Server 2008 R2Windows Server 2008Windows Server 2003 R2Windows Server 2003Windows 2000Windows NT
Setting up your system initially
When a valid CIFS license is present, Data ONTAP automatically invokes thecifssetupcommand during the initial setup of your storage system. Thecifssetupcommand prompts you for information such as authentication type, lookup services to be used, and so forth.Changing the storage system domainIf you have already configured your storage system for Windows Domain authentication and you want to move the storage system to a different domain, you need to run thecifssetup command.Steps1.If CIFS is currently running, enter the following command:cifsterminate2.Run thecifssetup command:cifssetupThe following prompt appears:Do you want to delete the existing filer account information? [no]3.To delete your existing account information, enter the following:YesAfter deleting your account information, you are given the opportunity to rename the storage system:The default name of this filer will be 'filer1'.Do you want to modify this name? [no]:
4.To keep the current storage system name, press Enter; otherwise, enteryesand enter a new storage system name.Data ONTAP displays a list of authentication methods:Data ONTAP CIFS services support four styles of user authentication. Choose the one from the list below that best suits your situation. (1) Active Directory domain authentication (Active Directory domains only)(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)(3) Windows Workgroup authentication using the filer's local user accounts(4) /etc/passwdand/or NIS/LDAP authenticationSelection (1-4)? [1]:5. To accept the default method for domain authentication (Active Directory), press Enter. Otherwise, choose a new authentication method6. Respond to the remainder of thecifssetup prompts. To accept a default value, press Enter. Upon exiting, thecifssetup utility starts CIFS7. To confirm your changes, enter the following command:cifsdomaininfo
Cont…..!
Creating a CIFS share from the Data ONTAP command line
You can create a CIFS share from the Data ONTAP command line by using thecifsshares -add command.StepTo create a CIFS share, enter the following command:cifsshares-addsharenamepath[-f][-commentdescription][-maxusersuserlimit][-forcegroupgroupname][-nosymlink_strict_security] [-widelink][-umaskmask][-dir_umaskmask][-file_umaskmask][-nobrowse][-novscan][-novscanread][-no_caching|-auto_document_caching-auto_program_caching][-accessbasedenum]
-fSuppress confirmation dialogs, if any. This option will be deprecated in future releases. A warning will be issued when share-names exceed 8 characters.-commentdescriptiondescriptionof the new share.-maxusersuserlimitmaximum number of simultaneous connections to the new share.userlimitmust be a positive integer. If you do not specify a number, the filer does not impose a limit on the number of connections to the share.-forcegroupgroupnamename of the group to which files to be created in the share belong.-novscando not perform a virus scan when clients open files on this share.-novscanreaddo not perform a virus scan when clients open files on this share for read access.-no_cachingdisallow Windows clients from caching any files on this share.Examplecifsshares -add webpages /vol/vol1/companyinfo-comment "Product Information“ -maxusers100
Cont…..!
Displaying the properties of a share
You can display the properties of a share from the Data ONTAP command line by using thecifsshares command.StepEnter the following command:cifssharessharenamesharenameis the name of a single share. If you omitsharename, the properties of all shares are displayed.ataONTAP displays the share name, the path name of the directory that is shared, the share description, and the share-level ACL.
Changing the properties of a share
You can change the properties of a share from the Data ONTAP command line by using thecifsshares command.cifsshares-changesharename{-commentdescription|-nocomment} {-maxusersuserlimit|-nomaxusers} {-forcegroupgroupname|-noforcegroup} {-nosymlink_strict_security|-symlink_strict_security}{-widelink|-nowidelink}{-umaskmask|-noumask}{-dir_umaskmask|-nodir_umask} {-file_umaskmask|-nofile_umask} {-nobrowse|-browse}{-novscan|-vscan}{-novscanread|-vscanread}{-no_caching|-manual_caching-auto_document_caching|-auto_program_caching} {-accessbasedenum|-noaccessbasedenum}
Deleting a share
You can use thecifssharescommand to delete a share from the Data ONTAP command line.StepEnter the following command:cifsshares -delete [-f]sharename-foption forces all files closed on a share without prompting. This is useful when using the command in scripts.sharenamespecifies the name of the share you want to delete.
Changing a share-level ACL
You can change a share-level ACL from the Data ONTAP command line by using thecifsaccess command.StepEnter the following command:cifsaccessshare[-g]userrightsshareis the name of the share (you can use the * and ? wildcards).useris the name of the user or group (UNIX or Windows).Ifuseris a local group, specify the storage system name as the domain name (for example, toaster\writers).rightsare the access rights. For Windows users, you specify one of these choices of access rights:No Access, Read, Change, Full Control. For UNIX users, you specify one of these choices of access rights: r (read), w (write), x (execute).Use the -g option to specify thatuseris the name of a groupExamplescifsaccess releases ENGINEERING\maryRead
Removing a user or group from a share-level ACL
You can remove a user or group from an ACL using the Data ONTAP command line.StepEnter the following command:cifsaccess -deleteshare[-g]usershareis the name of the share (you can use the * and ? wildcards).useris the name of the user or group (UNIX or Windows).Ifuseris a local group, specify the storage system name as the domain name (for example, toaster\writers).Use the -g option to specify thatuseris the name of a UNIX group (that is, thatuseris not a UNIX user, Windows user, or Windows group).Example:cifsaccess -delete releases ENGINEERING\mary
CIFS Commandscifsdomaininfocifsprefdccifsauditcifsresetdccifsstatcifsrestartcifsterminatecifssessionscifstestdccifslookup