2014-12-23 09:08 AM
Under Cluster Mode ONTAP (cDOT), is joining an SVM that will host CIFS shares to Active Directory (AD) a hard set requirement that can NOT be bypassed? When setting up an SVM and new CIFS share through OnCommand Systems Manager, it doesn't appear you can bypass joining the SVM to AD.
We have a 2-node cDOT cluster that primarily provides NFS and FC services, but we occassionally have a one-off/temporary need to provide a CIFS share. The overall environment does not use nor need Active Directory as a primary infrastructure service. We would like to have the shares just authenticate locally against user accounts on the filer/node itself.
Is it still possible to setup a workgroup level CIFS server under cDOT (similar to how "cifs setup" worked under 7-mode)? Even though it looks like you can also manage local accounts on an SVM providing CIFS, it seems like joining to a domain is a requirement. Trying to avoid the AD requirement all together.
Fairly new to cDOT so still trying to figure all of this out.
Solved! SEE THE SOLUTION
2014-12-23 10:24 PM
As of cDOT 8.3 RC1 CIFS workgroups are not supported. See Page 247 of the "File Access Management Guide for CIFS" in the link below:
"Although a local user can authenticate locally, the CIFS server is not operating in
Workgroup mode. Workgroup mode is not supported in this version of Data ONTAP. The CIFS
server must still be part of an Active Directory domain. The CIFS server is operating as a member
server in an Active Directory domain."
I believe this feature is intended to be implemented in a future release of ONTAP.
2014-12-30 04:51 AM - edited 2014-12-30 04:51 AM
Thanks for confirming the Active Directory requirement for CIFS services in the current versions of cDOT.
I'm sure there are similar customer environments like ours that would benefit from having the ability to run in workgroup mode, similar to how previous versions of 7-mode were able to operate. Hopefully this becomes available in a future release.
2015-07-08 02:29 AM
We are basically ONLY working with cifs workgroups on our 7-mode system. This comes as a surprise, why was this feature taken out? Why would a Multiprotocol Vserver need an extra AD or NIS environment when you'd be able to manage it locally with workgroups. I'm puzzled really.