ONTAP Discussions

Cifs share global permission setting via Active Directory

RibaldCorello
6,202 Views

Hi,

 we have a netappfiler with Ontap 8.1, this filer is configured with cifs setup to autenticate via Active directory (samba 4.1). On the Ad i have an testuser, with this user i could connct the cifs share from my PC client. this works. the permissions on the cifs share are default set from the filer.

 

My question, how could i set global group permissions from the AD ? 

3 REPLIES 3

JGPSHNTAP
6,187 Views

I'm not exactly sure what you are asking...

 

Can you please elaborate 

mbeattie
6,146 Views

Hi,

 

I'd Assume you are refering to configuring CIFS ACLs for Clustered Data ONTAP? If so, all you need to do is create an active directory group and add it to the CIFS share ACL. You can do this via the command line or using powershell. For example:

 

cluster1::> vserver cifs share access-control create -vserver vserver1 -share test$ -user-or-group TESTLAB\Share-Test -permission change
cluster1::> vserver cifs share access-control show -vserver vserver1 -share test$
               Share       User/Group                  Access
Vserver        Name        Name                        Permission
-------------- ----------- --------------------------- -----------
vserver1     test$    BUILTIN\Administrators      Full_Control
vserver1     test$    TESTLAB\Share-Test      Change
2 entries were displayed.

 

Note you can also automate this using PowerShell if you want to change the default Share ACL permissions from "Everyone" full control to an AD group. There are cmdlets for listing, adding, modifying and removing cifs share ACLs. EG (See "Get-Help <cmdlet_name> -examples" for examples of each)

 

PS C:\> Import-Module DataONTAP

PS C:\> get-command *nccifsshareacl*

CommandType     Name                                                Definition
-----------     ----                                                ----------
Cmdlet          Add-NcCifsShareAcl                                  Add-NcCifsShareAcl [-Share] <String> [-UserOrGro...
Cmdlet          Get-NcCifsShareAcl                                  Get-NcCifsShareAcl [[-Share] <String[]>] [[-User...
Cmdlet          Remove-NcCifsShareAcl                               Remove-NcCifsShareAcl [-Share] <String> [-UserOr...
Cmdlet          Set-NcCifsShareAcl                                  Set-NcCifsShareAcl [-Share] <String> [-UserOrGro...

 

hope that helps

 

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

RibaldCorello
6,131 Views

thx,

 

this is the Solution  🙂

 

Regards

Public