Ask The Experts

Highlighted

cifs access deny after enable export policy on ONTAP 9.4P1

Hi, this is my situation.

We want some subnets can access cifs, some other subnets can't.

So we enable export policy for our SVM.

==========================================================

cifs options show -vserver NFS-SVM -fields is-exportpolicy-enabled
vserver is-exportpolicy-enabled
------- -----------------------
NFS-SVM true

=========================================================

 

This is the export policy output.

================================

vserver export-policy rule show -vserver NFS-SVM -policyname cifs-policy -fields ruleindex,protocol,clientmatch,rorule,rwrule,anon,superuser
vserver policyname ruleindex protocol clientmatch rorule rwrule anon superuser
------- ----------- --------- -------------- -------------- ------ ------ ----- ---------
NFS-SVM cifs-policy 1 nfs3,nfs4,cifs 192.168.1.0/24 any any 65534 any
NFS-SVM cifs-policy 2 nfs3,nfs4,cifs 192.168.20.0/24
any any 65534 any
NFS-SVM cifs-policy 3 nfs3,nfs4,cifs 192.168.21.0/24
any any 65534 any
NFS-SVM cifs-policy 4 cifs 192.168.60.0/23
any any 65534 any
NFS-SVM cifs-policy 5 cifs 192.168.80.0/23
any any 65534 any
5 entries were displayed.

====================================

befor enable export policy, user can access cifs from all subnet.

After enable the export policy, user can access cifs only from 1 subnet(192.168.1.0/24), all of the others can't access cifs. It shows "Access is denied".

 

Would you please provide advice? Thank in advance.

2 REPLIES 2
Highlighted

Re: cifs access deny after enable export policy on ONTAP 9.4P1

what policy is assigned to SVM root volume (/) ? 

Re: cifs access deny after enable export policy on ONTAP 9.4P1

Thanks  

Checked the SVM root export policy name is nfs-export-policy on System Manager.

============================================================

vserver export-policy rule show -vserver NFS-SVM -policyname nfs-export-policy
Policy Rule Access Client RO
Vserver Name Index Protocol Match Rule
------------ --------------- ------ -------- --------------------- ---------
NFS-SVM nfs-export-policy
1 nfs3 192.168.19.0/24 any
NFS-SVM nfs-export-policy
2 nfs3, 192.168.20.0/24 any
nfs4
NFS-SVM nfs-export-policy
3 nfs3, 192.168.21.0/24 any
nfs4,
cifs
NFS-SVM nfs-export-policy
4 nfs3, 192.168.101.0/24 any
nfs4
NFS-SVM nfs-export-policy
5 nfs3, 192.168.1.0/24 any
nfs4,
cifs
5 entries were displayed.

======================================

 

After enable cifs for ruindex 3 (192.168.21.0/24), now I can access cifs from that network. This is the reason, thanks again!

 

Another question, so the SVM root export policy will include all sub export policies, is it right?

Cloud Volumes ONTAP
Review Banner
All Community Forums
Public