Network Storage Protocols Discussions

Highlighted

CIFS without Active Directory

Hi,

 

I want to configure CIFS on my Netapp. The Netapp cluster has for DNS the Google's DNS (8.8.8.8) and I haven't an Active Directory. I want my client which are in WORKGROUP can connect to a CIFS share on the cluster. Is an Active Directory required ?

 

Regards.

15 REPLIES 15
Highlighted

Re: CIFS without Active Directory

Do you have 7-Mode or C-Mode (you added both tags)?

Highlighted

Re: CIFS without Active Directory

Hi,

 

Sorry, I have a Cluster mode Data On Tap.

Highlighted

Re: CIFS without Active Directory

As far as I know currently only CIFS servers that a part of Active Directory are supported. Although documentation mentions that "Workgroups are not supported in this release", so it is possible that it will be supported in the future.

Highlighted

Re: CIFS without Active Directory

Ok, I undestand. So the AD's DNS must be declared on the cluster and the client computers must be in the AD's domain. Isn't it ?

 

Thanks.

Highlighted

Re: CIFS without Active Directory

You MUST configure DNS in the SVM and join an ADS for CIFS to properly work. Clients & Servers which access the SVMs shares can be inside or outside of your ADS domain.

Highlighted

Re: CIFS without Active Directory

Hi,

 

In conclusion, my CIFS SVM/Volume must join the Active Directory Server. The Clients ans Server which access to the CIFS share could be outside, in WORKGROUP for example.

 

But what about the post of Aborzenkov : 

 
 
 

 

"As far as I know currently only CIFS servers that a part of Active Directory are supported. Although documentation mentions that "Workgroups are not supported in this release", so it is possible that it will be supported in the future".

 

Thanks a lot for your answer.

 

 

Highlighted

Re: CIFS without Active Directory

The SVM has to be in an AD domain, otherwise you will not get any CIFS functionality.

 

The clients that connect to the NetApp can be either other AD members (domain computers) or standalone computers (i.e. computers running in Workgroup mode). Note that if you try to connect to the SVM on the NetApp cluster from a computer which is NOT part of the same domain, you will have to supply a username and password to connect. This can be either a domain user (using "DOM\User"-style usernames) or a local user created on the SVM (see the vserver cifs users-and-groups local-user create command). This is the same, actually, as with Windows servers and computers without any NetApp involved

 

Also, if you really need CIFS with Workgroup style authentication, it is possible that this might be added to Data OnTap at a later date (all documentation, for example, says it is "not yet available" or "currently not possible")....

 

Regards

-Michael

Highlighted

Re: CIFS without Active Directory

I'd just like to say it's very inconv. to force the use of AD just to enable CIFS. I'm a complete linux shop and use my FAS device for NFS primarily. I figured 'hey why not use it's CIFS support' ... nope.

 

So I'll be using a cheap, unreliable network storage device simply to host CIFS shares meanwhile.

 

++bump as a feature request. Simply let me turn it on and create shares like every other network storage device lets you.

 

Thanks for the sweet NFS support though.

Highlighted

Re: CIFS without Active Directory

If you're a complete NFS shop, what do you need CIFS for? If it's only for 1 share that 2 or 2 users access, you can also use Microsoft's NFS for Windows, for example.

 

That being said, it's been possible for a few months now (since OnTap 9.0) to run an SVM in Workgroup mode without AD. See the man page for the "vserver cifs create -workgroup" command.

 

-Michael

Highlighted

Re: CIFS without Active Directory

Michael,

 

We are _currently_ an "NFS" shop because all I use the NetApp for is NFS storage for xenserver clusters. I have a separate low quality device that's being relied on heavily for CIFS, so I figured why not use the NetApp for CIFS too.

 

I'd like to move to the NetApp, that's all. I am on 9.x so thanks for the tip!

 

So basically, you can configure CIFS with an empty AD value via CLI, but not System Manager (I believe it gives you an error when it's blank).

 

 

-Kyle

Highlighted

Re: CIFS without Active Directory

What about a Workgroup CIFS share?   vserver cifs create -vserver hq-vs0 -cifs-server hq-vs0 -workgroup wg

Highlighted

Re: CIFS without Active Directory

If you are Ontap9.0, you can set it up without AD.

I got it work on my NetApp 8080 with Ontap9.0 version.

 

 

1) Create CIFS server via CLI

Cluster1::>vserver cifs create -vserver <SVM> -cifs-server <SVM> -workgroup <workgroup01>

 

2) set diag

 

3) Enable local users auth

Cluster1::>vserver cifs options modify –vserver <SVM> -is-local-auth-enabled true

Cluster1::>vserver cifs options modify –vserver <SVM> -is-local-users-and-groups-enabled true

 

3) Create your local user that will authenticate

Cluster1::>vserver cifs users-and-groups local-user create –vserver <SVM> -user-name <USER>

 

4) Create a CIFS LIF on the SVM (separate IP but can be in same subnet as NFS)

5) Create a CIFS share on the same volume as the NFS mount

6) Map to the CIFS share using the user from step 3.  \\<LIF-IP-Address>\<CIFS-Share>

 

Highlighted

Re: CIFS without Active Directory

hi

I'd follow the steps and i am able to read from the share but can't modify or create new file\folder

please your help

Scott

Highlighted

Re: CIFS without Active Directory

check your share access control permission under SVMs/shares

 

 

Highlighted

Re: CIFS without Active Directory

You also need to check MTU settings on host and netapp storage .  Need to be matched

Check out the KB!
Knowledge Base
All Community Forums