Subscribe
AmjathKhan

Giving permission (AD groupd access) to a Folder inside a cifs share via .Net API (or CLI)

‎2016-05-16 12:27 AM

Hello All,

 

please let me know the procedure to set a particular AD group to have access to a Folder created inside of cifs Shares.

 

please do the needful.

 

With Thanks & Regards

Amjath

Reply
0 Kudos
AmjathKhan

NetApp 7Mode, how to add AD group permission to a folder using .net API or NetApp CLI

‎2016-05-16 08:07 PM

Hello All,

 

I need to add a AD group (read/write) access to the folder created inside the cifs shares.

 

I knew fsecurity will show the details like which are all AD groups have access to particular folder, but I want to write the details into netapp

 

please do the needful.

 

Model: FAS8020
NetApp Release 8.2.3P4 7-Mode

 

With Thanks & Regards

Amjath

Reply
0 Kudos
raj_shrivastava11

Re: Giving permission (AD groupd access) to a Folder inside a cifs share via .Net API (or CLI)

‎2016-05-17 12:23 AM

Hi Amjath,

 

Firstly, try to access the CIFS Share on any of your Windows Based Server/Machine. it should be accessed like "\\netappname or IP\Sharename".

 

Then Right click on a "Folder" on which you want to add the "AD Group"

 

1. In Sharing Tab --> "Everyone" should be "Full Control"

 

2. In Security Tab --> you should be able to add the "AD Group" and set the required permission and apply it.

 

3. Access the folder using that "AD Group" or by members of that AD Group.

 

Hope this helps

 

BR

Raj

 

 

Reply
0 Kudos
AmjathKhan

Re: Giving permission (AD groupd access) to a Folder inside a cifs share via .Net API (or CLI)

‎2016-05-17 12:40 AM

Hello Raj,

 

Thanks for the info, yep this is the manual way of doing that, but i want this steps need to be automated using the .net API / using the netapp cli commands.

 

please help on that.

 

dont we have any straight command to give permission to the folder with AD groups ??

I read somewhere they are saying, create new fpolicy and then using the fsecurity apply the policy to the folder. but I didnt understand the flow.

 

something like this

Create a conf file containing the following:

cb56f6f4 1,0,"/vol/vol_name/qtree_name/subdir",0,"D:P(A;CIOI;0x1f01ff;;;Everyone)"

 

Save it on your filer somewhere (example in manpage is /etc/security.conf).

Run:

fsecurity show /vol/vol_name/qtree_name/subdir

fsecurity apply /etc/security.conf

fsecurity show /vol/vol_name/qtree_name/subdir

 

With Thanks  & Regards

Amjath

Reply
0 Kudos
Jeff_Yao
NetApp

Re: NetApp 7Mode, how to add AD group permission to a folder using .net API or NetApp CLI

[ Edited ]

‎2016-05-27 04:26 AM - edited ‎2016-05-27 04:28 AM

afaik, i dont think there's command on filer can help u do that. u have to do it on client side. maybe windows powershell can do something about it. like "cacls" cmd.

thanks 

Jeff

Cannot find the answer you need?  No need to open a support case - just CHAT and we’ll handle it for you.
Reply
0 Kudos
AmjathKhan

Re: NetApp 7Mode, how to add AD group permission to a folder using .net API or NetApp CLI

‎2016-05-29 08:14 PM

Thanks for the info, will try cacls command as well.

 

Is fsecurity apply wont help in this case by setting the .config file  ?? 

 

with Thanks 

Amjath

Reply
0 Kudos
Jeff_Yao
NetApp

Re: NetApp 7Mode, how to add AD group permission to a folder using .net API or NetApp CLI

‎2016-05-30 12:57 AM

hi, 

 

"fsecurity apply" should work as well. personally recommand you do it on client side. i recall there's a bug in "fsecurity apply". below TR includes some chapters you can read thru. checking 2.3 and 2.4. it should be helpful. 

http://www.netapp.com/us/media/tr-3596.pdf

thanks

Jeff

Cannot find the answer you need?  No need to open a support case - just CHAT and we’ll handle it for you.
Reply
0 Kudos