Subscribe

CIFS Authentication and Permissions Breakdown

[ Edited ]

Needs some help uderstanding how the authentication and permission configuration works with a Vserver...I'm a bit confused. So, I have 1 data vserver that allows all protocols (NFS, CIFS, ISCSI, FC) the root vol permission is set to UNIX. I went through the Vserver CIFS setup and added the SVM machine account into my Active Directory domain. I also configured WIN-to-UNIX name mapping --it maps to the AD domain "administrator" account to the "root" account. My confusion comes regarding do I still need to setup LDAP? How does authentication actually happen?

 

Much appreciated!!

Re: CIFS Authentication and Permissions Breakdown

If you have any volumes with UNIX security style, then usermapping needs to be configured. Also you need to do "vsever cifs create" (do not confuse it with "vserver active-directory create" which is something different!) to create a machine account in AD (it's not enough to just manually add a machine account into your AD domain). You can check the secd.log (you can get it via http://<netapp node IP>/spi ) for any errors regarding usermapping and/or security.

Of course if you have users in LDAP/NIS that you want to map to (instead of, say, just mapping all windows user to one specific UNIX user) then you need to setup LDAP/NIS as name service

 

But honestly, your partner (the one who sold you the NetApp) should be able to help you with that. Also, it's not often a good idea to use a single SVM for file and block storage at the same time. It's better to separate these into multiple SVMs