ONTAP Discussions
ONTAP Discussions
Hi,
we have a netappfiler with Ontap 8.1, this filer is configured with cifs setup to autenticate via Active directory (samba 4.1). On the Ad i have an testuser, with this user i could connct the cifs share from my PC client. this works. the permissions on the cifs share are default set from the filer.
My question, how could i set global group permissions from the AD ?
I'm not exactly sure what you are asking...
Can you please elaborate
Hi,
I'd Assume you are refering to configuring CIFS ACLs for Clustered Data ONTAP? If so, all you need to do is create an active directory group and add it to the CIFS share ACL. You can do this via the command line or using powershell. For example:
cluster1::> vserver cifs share access-control create -vserver vserver1 -share test$ -user-or-group TESTLAB\Share-Test -permission change
cluster1::> vserver cifs share access-control show -vserver vserver1 -share test$
Share User/Group Access
Vserver Name Name Permission
-------------- ----------- --------------------------- -----------
vserver1 test$ BUILTIN\Administrators Full_Control
vserver1 test$ TESTLAB\Share-Test Change
2 entries were displayed.
Note you can also automate this using PowerShell if you want to change the default Share ACL permissions from "Everyone" full control to an AD group. There are cmdlets for listing, adding, modifying and removing cifs share ACLs. EG (See "Get-Help <cmdlet_name> -examples" for examples of each)
PS C:\> Import-Module DataONTAP
PS C:\> get-command *nccifsshareacl*
CommandType Name Definition
----------- ---- ----------
Cmdlet Add-NcCifsShareAcl Add-NcCifsShareAcl [-Share] <String> [-UserOrGro...
Cmdlet Get-NcCifsShareAcl Get-NcCifsShareAcl [[-Share] <String[]>] [[-User...
Cmdlet Remove-NcCifsShareAcl Remove-NcCifsShareAcl [-Share] <String> [-UserOr...
Cmdlet Set-NcCifsShareAcl Set-NcCifsShareAcl [-Share] <String> [-UserOrGro...
hope that helps
/matt
thx,
this is the Solution 🙂
Regards