FAS and V-Series Storage Systems Discussions
Just recevied the FAS2650 and had the professional installer onsite (what a rush by this guy). I have a question regards to IP address restriction at the CIFS level.
For an example, our old NAS unit, we can specify the IP address restriction for the CIFS. For an example, my cifs called "HR" to only allow a certain IP subnet to access.
See The Solution
You can configure an export policy to restrict client access to the volume (which your CIFS share is created within).
Here are few links that explain the configuration and process:
Did you want to restrict CIFS access via subnets or IP Addresses or restrict access to the AD computer objects in the NTFS permissions?
I want to restrict CIFS access via subnets or IP Addresses. I will take a look at the links you posted.
A little disappointement on the lack of restricting IP at the CIFS level. So creating a qtree within the same volume work (then link an export policy)?
Anyways, I went ahead and just tested out a simple export policy at the svm level.
Client Specification: 192.168.1.5 (made up) and moved the rule index to "1".. From a host that is none other than 192.168.1.5, I can still acess it. Am I missing anything?
NetApp Release 9.1P2: Tue Feb 28 18:17:30 UTC 2017
Export policy enforcement for CIFS access has been disabled by default since about 8.2.
Check yours like this:
vserver cifs options show -fields -is-exportpolicy-enabled
If it shows false in the output, you need to enable it:
vserver cifs options modify -vserver <vserver name> -is-exportpolicy-enabled true
View solution in original post