Network and Storage Protocols

cDOT CIFS - Is Active Directory Always Required?

rwalters11
15,044 Views

Under Cluster Mode ONTAP (cDOT), is joining an SVM that will host CIFS shares to Active Directory (AD) a hard set requirement that can NOT be bypassed?  When setting up an SVM and new CIFS share through OnCommand Systems Manager, it doesn't appear you can bypass joining the SVM to AD.

 

We have a 2-node cDOT cluster that primarily provides NFS and FC services, but we occassionally have a one-off/temporary need to provide a CIFS share.  The overall environment does not use nor need Active Directory as a primary infrastructure service.  We would like to have the shares just authenticate locally against user accounts on the filer/node itself.

 

Is it still possible to setup a workgroup level CIFS server under cDOT (similar to how "cifs setup" worked under 7-mode)?  Even though it looks like you can also manage local accounts on an SVM providing CIFS, it seems like joining to a domain is a requirement.  Trying to avoid the AD requirement all together.

 

Fairly new to cDOT so still trying to figure all of this out.

1 ACCEPTED SOLUTION

mbeattie
15,030 Views

Hi,

 

As of cDOT 8.3 RC1 CIFS workgroups are not supported. See Page 247 of the "File Access Management Guide for CIFS" in the link below:

 

https://library.netapp.com/ecm/ecm_download_file/ECMP1610207

 

"Although a local user can authenticate locally, the CIFS server is not operating in
Workgroup mode. Workgroup mode is not supported in this version of Data ONTAP. The CIFS
server must still be part of an Active Directory domain. The CIFS server is operating as a member
server in an Active Directory domain."

 

I believe this feature is intended to be implemented in a future release of ONTAP.

 

/matt

 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

7 REPLIES 7

mbeattie
15,031 Views

Hi,

 

As of cDOT 8.3 RC1 CIFS workgroups are not supported. See Page 247 of the "File Access Management Guide for CIFS" in the link below:

 

https://library.netapp.com/ecm/ecm_download_file/ECMP1610207

 

"Although a local user can authenticate locally, the CIFS server is not operating in
Workgroup mode. Workgroup mode is not supported in this version of Data ONTAP. The CIFS
server must still be part of an Active Directory domain. The CIFS server is operating as a member
server in an Active Directory domain."

 

I believe this feature is intended to be implemented in a future release of ONTAP.

 

/matt

 

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

zlukenic
15,012 Views

it will be very cool

rwalters11
14,971 Views

Matt,

Thanks for confirming the Active Directory requirement for CIFS services in the current versions of cDOT.

I'm sure there are similar customer environments like ours that would benefit from having the ability to run in workgroup mode, similar to how previous versions of 7-mode were able to operate.  Hopefully this becomes available in a future release.

axsys
13,803 Views

We are basically ONLY working with cifs workgroups on our 7-mode system. This comes as a surprise, why was this feature taken out? Why would a Multiprotocol Vserver need an extra AD or NIS environment when you'd be able to manage it locally with workgroups. I'm puzzled really.

maskajan09
11,309 Views

any change in this matter? It seems to me that the last version 8.3.2RC1 still needs AD for CIFS and there is no way to run it w/o AD, right?

 

-Jan

David_Asl
10,259 Views

I also would like to know if this is available now.

aborzenkov
10,255 Views

I also would like to know if this is available now.

Workgroup mode is available starting with ONTAP 9.0RC1 which is available for download.

Public