ONTAP Discussions

Cifs share global permission setting via Active Directory



 we have a netappfiler with Ontap 8.1, this filer is configured with cifs setup to autenticate via Active directory (samba 4.1). On the Ad i have an testuser, with this user i could connct the cifs share from my PC client. this works. the permissions on the cifs share are default set from the filer.


My question, how could i set global group permissions from the AD ? 





I'd Assume you are refering to configuring CIFS ACLs for Clustered Data ONTAP? If so, all you need to do is create an active directory group and add it to the CIFS share ACL. You can do this via the command line or using powershell. For example:


cluster1::> vserver cifs share access-control create -vserver vserver1 -share test$ -user-or-group TESTLAB\Share-Test -permission change
cluster1::> vserver cifs share access-control show -vserver vserver1 -share test$
               Share       User/Group                  Access
Vserver        Name        Name                        Permission
-------------- ----------- --------------------------- -----------
vserver1     test$    BUILTIN\Administrators      Full_Control
vserver1     test$    TESTLAB\Share-Test      Change
2 entries were displayed.


Note you can also automate this using PowerShell if you want to change the default Share ACL permissions from "Everyone" full control to an AD group. There are cmdlets for listing, adding, modifying and removing cifs share ACLs. EG (See "Get-Help <cmdlet_name> -examples" for examples of each)


PS C:\> Import-Module DataONTAP

PS C:\> get-command *nccifsshareacl*

CommandType     Name                                                Definition
-----------     ----                                                ----------
Cmdlet          Add-NcCifsShareAcl                                  Add-NcCifsShareAcl [-Share] <String> [-UserOrGro...
Cmdlet          Get-NcCifsShareAcl                                  Get-NcCifsShareAcl [[-Share] <String[]>] [[-User...
Cmdlet          Remove-NcCifsShareAcl                               Remove-NcCifsShareAcl [-Share] <String> [-UserOr...
Cmdlet          Set-NcCifsShareAcl                                  Set-NcCifsShareAcl [-Share] <String> [-UserOrGro...


hope that helps



If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.




this is the Solution  🙂




I'm not exactly sure what you are asking...


Can you please elaborate 

NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.