ONTAP Hardware

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Hardware

Ask a Question

IP address restriction on CIFS

SVHO
‎2017-08-12 11:53 AM
9,969 Views

 

Hello,

 

Just recevied the FAS2650 and had the professional installer onsite (what a rush by this guy).  I have a question regards to IP address restriction at the CIFS level.

 

 

For an example, our old NAS unit, we can specify the IP address restriction for the CIFS.  For an example, my cifs called "HR" to only allow a certain IP subnet to access.

 

 

Thanks advance.

 

SVHO

0 Kudos
View By:
1 ACCEPTED SOLUTION

SeanHatfield
NetApp
‎2017-08-23 05:04 PM
In response to SVHO
9,730 Views

Export policy enforcement for CIFS access has been disabled by default since about 8.2.

 

Check yours like this:

set adv
vserver cifs options show -fields -is-exportpolicy-enabled

If it shows false in the output, you need to enable it:

vserver cifs options modify -vserver <vserver name> -is-exportpolicy-enabled true
If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

0 Kudos
4 REPLIES 4

mbeattie
NetApp
‎2017-08-13 08:12 PM
9,922 Views

Hi,

 

You can configure an export policy to restrict client access to the volume (which your CIFS share is created within).

Here are few links that explain the configuration and process:

 

https://library.netapp.com/ecmdocs/ECMP1141094/html/GUID-8B4CEBB7-7054-48FD-A98D-5C10E1F01436.html

https://kb.netapp.com/support/s/article/ka21A0000000Z9uQAE/how-do-export-policies-work-in-clustered-data-ontap?language=en_US

http://docs.netapp.com/ontap-9/index.jsp?topic=%2Fcom.netapp.doc.pow-nfs-cg%2FGUID-EB3438EC-21B1-401F-8190-D509E67D8E90.html

 

Did you want to restrict CIFS access via subnets or IP Addresses or restrict access to the AD computer objects in the NTFS permissions?

 

/Matt

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

SVHO
‎2017-08-14 03:06 PM
In response to mbeattie
9,888 Views

I want to restrict CIFS access via subnets or IP Addresses.  I will take a look at the links you posted.

 

 

 

Thanks,

SVHO

0 Kudos

SVHO
‎2017-08-17 10:42 PM
In response to SVHO
9,804 Views

 

 

A little disappointement on the lack of restricting IP at the CIFS level. So creating a qtree within the same volume work (then link an export policy)?

 

 

Anyways, I went ahead and just tested out a simple export policy at the svm level.

 

 

See attached.

 

Client Specification: 192.168.1.5 (made up) and moved the rule index to "1"..  From a host that is none other than 192.168.1.5, I can still acess it.  Am I missing anything?

 

NetApp Release 9.1P2: Tue Feb 28 18:17:30 UTC 2017

 
Preview file
13 KB
0 Kudos

SeanHatfield
NetApp
‎2017-08-23 05:04 PM
In response to SVHO
9,731 Views

Export policy enforcement for CIFS access has been disabled by default since about 8.2.

 

Check yours like this:

set adv
vserver cifs options show -fields -is-exportpolicy-enabled

If it shows false in the output, you need to enable it:

vserver cifs options modify -vserver <vserver name> -is-exportpolicy-enabled true
If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.
0 Kudos
All Community Forums
Public