Ask The Experts

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Ask The Experts

Ask a Question

cifs access deny after enable export policy on ONTAP 9.4P1

trustnetic
‎2019-10-15 02:58 AM
1,710 Views

Hi, this is my situation.

We want some subnets can access cifs, some other subnets can't.

So we enable export policy for our SVM.

==========================================================

cifs options show -vserver NFS-SVM -fields is-exportpolicy-enabled
vserver is-exportpolicy-enabled
------- -----------------------
NFS-SVM true

=========================================================

 

This is the export policy output.

================================

vserver export-policy rule show -vserver NFS-SVM -policyname cifs-policy -fields ruleindex,protocol,clientmatch,rorule,rwrule,anon,superuser
vserver policyname ruleindex protocol clientmatch rorule rwrule anon superuser
------- ----------- --------- -------------- -------------- ------ ------ ----- ---------
NFS-SVM cifs-policy 1 nfs3,nfs4,cifs 192.168.1.0/24 any any 65534 any
NFS-SVM cifs-policy 2 nfs3,nfs4,cifs 192.168.20.0/24
any any 65534 any
NFS-SVM cifs-policy 3 nfs3,nfs4,cifs 192.168.21.0/24
any any 65534 any
NFS-SVM cifs-policy 4 cifs 192.168.60.0/23
any any 65534 any
NFS-SVM cifs-policy 5 cifs 192.168.80.0/23
any any 65534 any
5 entries were displayed.

====================================

befor enable export policy, user can access cifs from all subnet.

After enable the export policy, user can access cifs only from 1 subnet(192.168.1.0/24), all of the others can't access cifs. It shows "Access is denied".

 

Would you please provide advice? Thank in advance.

0 Kudos
2 REPLIES 2

zamkovoy8
‎2019-10-15 03:19 PM
1,646 Views

what policy is assigned to SVM root volume (/) ? 

0 Kudos

trustnetic
‎2019-10-15 04:47 PM
In response to zamkovoy8
1,632 Views

Thanks  

Checked the SVM root export policy name is nfs-export-policy on System Manager.

============================================================

vserver export-policy rule show -vserver NFS-SVM -policyname nfs-export-policy
Policy Rule Access Client RO
Vserver Name Index Protocol Match Rule
------------ --------------- ------ -------- --------------------- ---------
NFS-SVM nfs-export-policy
1 nfs3 192.168.19.0/24 any
NFS-SVM nfs-export-policy
2 nfs3, 192.168.20.0/24 any
nfs4
NFS-SVM nfs-export-policy
3 nfs3, 192.168.21.0/24 any
nfs4,
cifs
NFS-SVM nfs-export-policy
4 nfs3, 192.168.101.0/24 any
nfs4
NFS-SVM nfs-export-policy
5 nfs3, 192.168.1.0/24 any
nfs4,
cifs
5 entries were displayed.

======================================

 

After enable cifs for ruindex 3 (192.168.21.0/24), now I can access cifs from that network. This is the reason, thanks again!

 

Another question, so the SVM root export policy will include all sub export policies, is it right?

0 Kudos
All Community Forums
Public