CIFS Authentication and Permissions Breakdown

morjo619 · ‎2015-08-25

Needs some help uderstanding how the authentication and permission configuration works with a Vserver...I'm a bit confused. So, I have 1 data vserver that allows all protocols (NFS, CIFS, ISCSI, FC) the root vol permission is set to UNIX. I went through the Vserver CIFS setup and added the SVM machine account into my Active Directory domain. I also configured WIN-to-UNIX name mapping --it maps to the AD domain "administrator" account to the "root" account. My confusion comes regarding do I still need to setup LDAP? How does authentication actually happen?

Much appreciated!!

Darkstar · ‎2015-08-31

If you have any volumes with UNIX security style, then usermapping needs to be configured. Also you need to do "vsever cifs create" (do not confuse it with "vserver active-directory create" which is something different!) to create a machine account in AD (it's not enough to just manually add a machine account into your AD domain). You can check the secd.log (you can get it via http://<netapp node IP>/spi ) for any errors regarding usermapping and/or security.

Of course if you have users in LDAP/NIS that you want to map to (instead of, say, just mapping all windows user to one specific UNIX user) then you need to setup LDAP/NIS as name service

But honestly, your partner (the one who sold you the NetApp) should be able to help you with that. Also, it's not often a good idea to use a single SVM for file and block storage at the same time. It's better to separate these into multiple SVMs