Subscribe

CDOT: display cifs sessions by share

Hello everybody,

 

maybe one of you people can help me.

 

Previously in 7-mode we could use "cifs sessions *" to display any open session, this list contained information about which share was open.

In CDOT "vserver cifs sessions show" does not contain this information, even when run with "-instance". Instead the information about which share (or volume, would be okay, too!) a the sessions are opened to is only available in the "vserver cifs sessions file show" command. Unfortunately there I cannot get information about client IP.

 

I've discovered this issue because I was looking for a method to see which client IPs are connected to a certain share (or volume, would be okay, too!).

 

How can I do this from CLI?

 

 

 

This is not working:

  1. "vserver cifs session show -instance" -  It displays client IP, but no information about which share the session is connected too.
  2. "vserver cifs session file show -fields hosting-volume,share" - This on the other hand displays volume and share, but not the client IP.

Yes, both commands present me with the connection ID from which I could cross-reference to the client IP - excuse my french - wtf?! Why is this not possible through a regular command - or am I just overlooking something?

 

Please help, my Windows admins would be forever grateful to you and your heirs,

 

KG

 

Re: CDOT: display cifs sessions by share

Hi @KONSTANTIN_GEBERT

 

Please use the below command to get the informations

 

Cluster1 :: >vserver cifs session show -fields shares ,windows-user ,idle-time ,session-id ,address , protocol-version ,user-type

Re: CDOT: display cifs sessions by share

Hi @KONSTANTIN_GEBERT

 

The output will be like below.

 

EDCNETAPPCL01::> vserver cifs session show -fields shares ,windows-user ,idle-time ,session-id ,address , protocol-version ,user-type
node vserver session-id connection-id address windows-user shares idle-time protocol-version user-type
---------- ------------ ---------- ------------- ----------- ------------------ ------ ------------ ---------------- -----------
EDCFILER01 svm-edc-cifs 1 1198384950 172.19.5.35 PEANUTS\Rajiv.Gali 1 4d 2h 8m 46s SMB2_1 domain-user
EDCFILER01 svm-edc-cifs 1 1198423369 10.10.32.81 PEANUTS\matthew.ranweiler 1 3d 4h 52m 27s SMB2_1 domain-user
EDCFILER01 svm-edc-cifs 1 1198486001 10.18.32.235 PEANUTS\Brian.O'Neill 1 13s SMB3 domain-user
EDCFILER02 svm-edc-cifs 1 1004748684 10.10.32.119 PEANUTS\radm_rruark 1 20d 3h 50m 28s SMB3 domain-user
EDCFILER02 svm-edc-cifs 1 1004750007 10.10.32.25 NTPDC\mstefanov 2 27m 45s SMB3 domain-user
5 entries were displayed.

 

Re: CDOT: display cifs sessions by share

Hi,

 

thanks for the reply! As far as I can see there is absolutely no ONTAP internal way to get combined info from "vserver cifs session" and "vserver cifs session file". I had already tried to use "-fields" to get more from the two possible commands.

 

clusterA::> vserver cifs session show -fields shares,windows-user,idle-time,session-id,address,protocol-version,user-type, 
    node                   vserver                session-id
    connection-id          lif-address            address
    auth-mechanism         windows-user           unix-user
    shares                 files                  other
    connected-time         idle-time              protocol-version
    continuously-available is-session-signed      user-type
    netbios-name           smb-encryption-status  

Fields that caught my attention but didn't do the trick:

"shares" -> if used, it will only display the "number of open shares", not the share name.

"files" -> if used, it will only display the "number of open files", not hte file name or path.

 

clusterA::> vserver cifs session file show -fields 
    node                   vserver                file-id
    connection-id          session-id             file-type
    open-mode              hosting-aggregate      hosting-volume
    share                  path                   share-mode
    range-locks            continuously-available reconnected

Here the field "share" is exactly what I need: it displays the name of the share that a certain session is connected to. Unfortunately in this show command I have no option to include anything about the sessions origin like IP address or user name ...

 

 

For now I'm working with this external workaround:

  1. on FILER: get list of cifs sessions with "vserver cifs session show"
  2. on unix: filter above output to get all unique "connection-id" numbers
  3. on FILER: use "connetion-id" list to get the open shares/files for each of the connections, this can be achieved by using "vserver cifs session file show"
  4. on unix: filter this output so I get only info on the shares in question and only unique IP addresses

 

The downsides are:

  • It's a lengthy process as for every connection id it has to open a dedicated ssh connection to the filer
  • this is only practical if ssh key authentication is configured
  • if a session has NO open files I cannot find out which share the session is connected to

 

Well, so far so bad.

 

 

BR

 

Konstantin

Re: CDOT: display cifs sessions by share

bump! this still looks to be a bug and I am struggling to get this to work. However, I am a few versions behind I believe at 8.2x....

 

 

Re: CDOT: display cifs sessions by share

Hello,

I have the same request and have not found a nice and easy way to display cifs sessions by share on CDot 8.3.
The workaround I use so far is:

1. to go for a full list of opened files on the cluster for a specific share:
vserver cifs  session file show -node * -vserver mysvm -share myshare -fields session-id,path

2. From the previous command output list and count the unique connection Ids

It is time consumming as the "vserver cifs session file show" can take long depending on the number of files opened on a share.

Any better way ?

VG