Subscribe
Accepted Solution

cDOT CIFS - Is Active Directory Always Required?

Under Cluster Mode ONTAP (cDOT), is joining an SVM that will host CIFS shares to Active Directory (AD) a hard set requirement that can NOT be bypassed?  When setting up an SVM and new CIFS share through OnCommand Systems Manager, it doesn't appear you can bypass joining the SVM to AD.

 

We have a 2-node cDOT cluster that primarily provides NFS and FC services, but we occassionally have a one-off/temporary need to provide a CIFS share.  The overall environment does not use nor need Active Directory as a primary infrastructure service.  We would like to have the shares just authenticate locally against user accounts on the filer/node itself.

 

Is it still possible to setup a workgroup level CIFS server under cDOT (similar to how "cifs setup" worked under 7-mode)?  Even though it looks like you can also manage local accounts on an SVM providing CIFS, it seems like joining to a domain is a requirement.  Trying to avoid the AD requirement all together.

 

Fairly new to cDOT so still trying to figure all of this out.

Re: cDOT CIFS - Is Active Directory Always Required?

Hi,

 

As of cDOT 8.3 RC1 CIFS workgroups are not supported. See Page 247 of the "File Access Management Guide for CIFS" in the link below:

 

https://library.netapp.com/ecm/ecm_download_file/ECMP1610207

 

"Although a local user can authenticate locally, the CIFS server is not operating in
Workgroup mode. Workgroup mode is not supported in this version of Data ONTAP. The CIFS
server must still be part of an Active Directory domain. The CIFS server is operating as a member
server in an Active Directory domain."

 

I believe this feature is intended to be implemented in a future release of ONTAP.

 

/matt

 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: cDOT CIFS - Is Active Directory Always Required?

it will be very cool

Re: cDOT CIFS - Is Active Directory Always Required?

[ Edited ]

Matt,

Thanks for confirming the Active Directory requirement for CIFS services in the current versions of cDOT.

I'm sure there are similar customer environments like ours that would benefit from having the ability to run in workgroup mode, similar to how previous versions of 7-mode were able to operate.  Hopefully this becomes available in a future release.

Re: cDOT CIFS - Is Active Directory Always Required?

We are basically ONLY working with cifs workgroups on our 7-mode system. This comes as a surprise, why was this feature taken out? Why would a Multiprotocol Vserver need an extra AD or NIS environment when you'd be able to manage it locally with workgroups. I'm puzzled really.

Re: cDOT CIFS - Is Active Directory Always Required?

any change in this matter? It seems to me that the last version 8.3.2RC1 still needs AD for CIFS and there is no way to run it w/o AD, right?

 

-Jan

Re: cDOT CIFS - Is Active Directory Always Required?

I also would like to know if this is available now.

Re: cDOT CIFS - Is Active Directory Always Required?


I also would like to know if this is available now.

Workgroup mode is available starting with ONTAP 9.0RC1 which is available for download.