2017-08-12 11:53 AM
Just recevied the FAS2650 and had the professional installer onsite (what a rush by this guy). I have a question regards to IP address restriction at the CIFS level.
For an example, our old NAS unit, we can specify the IP address restriction for the CIFS. For an example, my cifs called "HR" to only allow a certain IP subnet to access.
2017-08-13 08:12 PM
You can configure an export policy to restrict client access to the volume (which your CIFS share is created within).
Here are few links that explain the configuration and process:
Did you want to restrict CIFS access via subnets or IP Addresses or restrict access to the AD computer objects in the NTFS permissions?
2017-08-17 10:42 PM - edited 2017-08-18 12:45 AM
A little disappointement on the lack of restricting IP at the CIFS level. So creating a qtree within the same volume work (then link an export policy)?
Anyways, I went ahead and just tested out a simple export policy at the svm level.
Client Specification: 192.168.1.5 (made up) and moved the rule index to "1".. From a host that is none other than 192.168.1.5, I can still acess it. Am I missing anything?
NetApp Release 9.1P2: Tue Feb 28 18:17:30 UTC 2017
2017-08-23 05:04 PM
Export policy enforcement for CIFS access has been disabled by default since about 8.2.
Check yours like this:
set adv vserver cifs options show -fields -is-exportpolicy-enabled
If it shows false in the output, you need to enable it:
vserver cifs options modify -vserver <vserver name> -is-exportpolicy-enabled true