Community maintenance is complete. Thank you for your patience!

ONTAP Discussions

Cifs share global permission setting via Active Directory

RibaldCorello

Hi,

 we have a netappfiler with Ontap 8.1, this filer is configured with cifs setup to autenticate via Active directory (samba 4.1). On the Ad i have an testuser, with this user i could connct the cifs share from my PC client. this works. the permissions on the cifs share are default set from the filer.

 

My question, how could i set global group permissions from the AD ? 

3 REPLIES 3

mbeattie

Hi,

 

I'd Assume you are refering to configuring CIFS ACLs for Clustered Data ONTAP? If so, all you need to do is create an active directory group and add it to the CIFS share ACL. You can do this via the command line or using powershell. For example:

 

cluster1::> vserver cifs share access-control create -vserver vserver1 -share test$ -user-or-group TESTLAB\Share-Test -permission change
cluster1::> vserver cifs share access-control show -vserver vserver1 -share test$
               Share       User/Group                  Access
Vserver        Name        Name                        Permission
-------------- ----------- --------------------------- -----------
vserver1     test$    BUILTIN\Administrators      Full_Control
vserver1     test$    TESTLAB\Share-Test      Change
2 entries were displayed.

 

Note you can also automate this using PowerShell if you want to change the default Share ACL permissions from "Everyone" full control to an AD group. There are cmdlets for listing, adding, modifying and removing cifs share ACLs. EG (See "Get-Help <cmdlet_name> -examples" for examples of each)

 

PS C:\> Import-Module DataONTAP

PS C:\> get-command *nccifsshareacl*

CommandType     Name                                                Definition
-----------     ----                                                ----------
Cmdlet          Add-NcCifsShareAcl                                  Add-NcCifsShareAcl [-Share] <String> [-UserOrGro...
Cmdlet          Get-NcCifsShareAcl                                  Get-NcCifsShareAcl [[-Share] <String[]>] [[-User...
Cmdlet          Remove-NcCifsShareAcl                               Remove-NcCifsShareAcl [-Share] <String> [-UserOr...
Cmdlet          Set-NcCifsShareAcl                                  Set-NcCifsShareAcl [-Share] <String> [-UserOrGro...

 

hope that helps

 

/matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

RibaldCorello

thx,

 

this is the Solution  🙂

 

Regards

JGPSHNTAP

I'm not exactly sure what you are asking...

 

Can you please elaborate 

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public