ONTAP Discussions

How to find stale cifs sessions in Netapp

PnaveenKumar
15,138 Views

There is a requirement in my organization. I have to find the stale CIFS sessions and list them across the globe. Is there any command or process to find them?

1 ACCEPTED SOLUTION

donny_lang
14,877 Views

You can do it with a couple lines of PowerShell (RegEx with the assist) which could easily be put into a script that loops through a list of all of your controllers. 

 

Let's assume that you want to find sessions with an IdleTime value of greater than one day: 

 

Connect-NcController <controller hostname or IP> 
Get-NcCifsSession | ? {$_.IdleTime -Match '([1-9]+)d[\w\s]*'} | Select-Object WindowsUser,Address,IdleTime

It'll return output that looks like this:

 

WindowsUser           Address        IdleTime
-----------           -------        --------
Domain\user1         10.0.0.42       28d 1h 50m 47s
Domain\user2         10.0.0.218      26d 20h 34m 51s
Domain\user3         10.0.0.219      1d 9h 15m 6s

Here's an explanation of what the RegEx pattern does, for reference:

 

regex.png

 

Donny

View solution in original post

14 REPLIES 14

ManpreetS
14,902 Views

From storage end, you can run below command to list all the cifs sessions:

::> cifs session show

You can use question mark followed by this command which will list out many filters which can be used. 

Use "-instance" followed by complete command to get more details about cifs sessions.

https://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.dot-cm-cmpr-930%2Fvserver__cifs__session__show.html 

 

From windows client, you can use below command to list out cifs sessions:

>net use

 

Stale cifs sessions can be found out by listing cifs sessions on storage end and comparing them with sessions running on client. If sessions are available on client but not listing out in storage then those sessions are stale and will not be accessible.

 

Let me know if this answers your query.

PnaveenKumar
14,872 Views

Hi @ManpreetS 

 

I know how to check CIFS sessions on NetApp, but here is the actual requirement, we are trying to write a script to find the stale sessions in all the NetApp Arrays. If you know how to proceed further. Please guide me through the process.

donny_lang
14,878 Views

You can do it with a couple lines of PowerShell (RegEx with the assist) which could easily be put into a script that loops through a list of all of your controllers. 

 

Let's assume that you want to find sessions with an IdleTime value of greater than one day: 

 

Connect-NcController <controller hostname or IP> 
Get-NcCifsSession | ? {$_.IdleTime -Match '([1-9]+)d[\w\s]*'} | Select-Object WindowsUser,Address,IdleTime

It'll return output that looks like this:

 

WindowsUser           Address        IdleTime
-----------           -------        --------
Domain\user1         10.0.0.42       28d 1h 50m 47s
Domain\user2         10.0.0.218      26d 20h 34m 51s
Domain\user3         10.0.0.219      1d 9h 15m 6s

Here's an explanation of what the RegEx pattern does, for reference:

 

regex.png

 

Donny

PnaveenKumar
14,749 Views

Hi @donny_lang 

 

When I tried to run the script provided by you, I got the below error. 

cifs_script_issue.JPG

 

 

donny_lang
14,742 Views

Looks like you weren't able to successfully connect to your controller. Can you run "system services web show" from the ONTAP CLI and paste the output here? 

PnaveenKumar
14,738 Views

Hi @donny_lang 

 

Please find the output here. Looks like HTTP and HTTPS are turned on.

 

smaolab.JPG

donny_lang
14,731 Views

Do you possibly have a firewall policy blocking the traffic? I'm assuming that you're connecting to your cluster management LIF in your screenshot - can you run "system services firewall policy show" and "net int show -role cluster-mgmt -fields firewall-policy" to make sure that your connection is allowed? 

 

Can you try manually specifying an HTTPS connection by adding the "-HTTPS" parameter in your "Connect-NcController" command?

What version of ONTAP are you running? 

PnaveenKumar
14,682 Views

Hi @donny_lang 

 

I will test this script in LAB and see if it works as there will be no restrictions in LAB.

 

Thanks, Donny. I will get back to you soon.

Tas
14,668 Views

You can also get it via CLI.

 

vserver cifs session show -node xxx -fields idle-time

 

You can then grep it for what you are looking for.  Not as elegant as PS, but it gives you output.

 

Tas
14,397 Views

Sorry;  a better method to show you sessions idle for > than number of days would be:

 

vserver cifs session show -idle-time \>=1d

 

This would list all sessions idle over 1 day, the user, and the machine IP utilizing it.

PnaveenKumar
14,342 Views

hi @Tas

 

It was not successful. Please find the output below

 

cluster1::> vserver cifs session show -idle-time \>=1m

Error: "\>=1m" is an invalid value for field "-idle-time <elapsed>"

Tas
14,336 Views

Yes.  Sorry, but don't use the '\' if you are running directly in a session.

 

You only need to use it if you are scripting it, so you can escape the > (redirect symbol).

TasP

PnaveenKumar
14,328 Views

Hi @Tas 

 

I have tried with both, but no use.

 

Script:

 

import paramiko

#Below line will initiate an object for ssh connectivity.

p = paramiko.SSHClient()

#Below line will open a the credential file in read mode where we have credential fo the devices.

cred = open("cred.csv","r")

#Now below is the for loop which will iterate over each line of the file and get the credential, login to the device and execute a command. Then the output of the command for each device will be saved in a text file.

for i in cred.readlines():
line=i.strip()
ls =line.split(",")
print(ls)
p.set_missing_host_key_policy(paramiko.AutoAddPolicy())
p.connect("%s"%ls[0],port =22, username = "%s"%ls[1], password="%s"%ls[2])
stdin, stdout, stderr = p.exec_command("vserver cifs session show -idle-time \>=1d")
opt = stdout.readlines()
opt ="".join(opt)
print(opt)
temp=open("%s.txt"%ls[0],"w")
temp.write(opt)
temp.close()
cred.close()

 

I have tried above script with \ and with out \, but i got error like below.

 

cifs.JPG

Tas
14,276 Views

I would suggest you try it directly in an ssh session;  then you will know whether it will work or not.  I would also make you idle time >=1d to start testing.

BTW, you are running ONTAP (Clustered Ontap and not 7-mode?)

Public