Giving permission (AD groupd access) to a Folder inside a cifs share via .Net API (or CLI)

AmjathKhan · ‎2016-05-16

Hello All,

please let me know the procedure to set a particular AD group to have access to a Folder created inside of cifs Shares.

please do the needful.

With Thanks & Regards

Amjath

AmjathKhan · ‎2016-05-16

Hello All,

I need to add a AD group (read/write) access to the folder created inside the cifs shares.

I knew fsecurity will show the details like which are all AD groups have access to particular folder, but I want to write the details into netapp

please do the needful.

Model: FAS8020
NetApp Release 8.2.3P4 7-Mode

With Thanks & Regards

Amjath

raj_shrivastava11 · ‎2016-05-17

Hi Amjath,

Firstly, try to access the CIFS Share on any of your Windows Based Server/Machine. it should be accessed like "\\netappname or IP\Sharename".

Then Right click on a "Folder" on which you want to add the "AD Group"

1. In Sharing Tab --> "Everyone" should be "Full Control"

2. In Security Tab --> you should be able to add the "AD Group" and set the required permission and apply it.

3. Access the folder using that "AD Group" or by members of that AD Group.

Hope this helps

BR

Raj

AmjathKhan · ‎2016-05-17

Hello Raj,

Thanks for the info, yep this is the manual way of doing that, but i want this steps need to be automated using the .net API / using the netapp cli commands.

please help on that.

dont we have any straight command to give permission to the folder with AD groups ??

I read somewhere they are saying, create new fpolicy and then using the fsecurity apply the policy to the folder. but I didnt understand the flow.

something like this

Create a conf file containing the following:

cb56f6f4 1,0,"/vol/vol_name/qtree_name/subdir",0,"D:P(A;CIOI;0x1f01ff;;;Everyone)"

Save it on your filer somewhere (example in manpage is /etc/security.conf).

Run:

fsecurity show /vol/vol_name/qtree_name/subdir

fsecurity apply /etc/security.conf

fsecurity show /vol/vol_name/qtree_name/subdir

With Thanks & Regards

Amjath

Jeff_Yao · ‎2016-05-27

afaik, i dont think there's command on filer can help u do that. u have to do it on client side. maybe windows powershell can do something about it. like "cacls" cmd.

thanks

Jeff

AmjathKhan · ‎2016-05-29

Thanks for the info, will try cacls command as well.

Is fsecurity apply wont help in this case by setting the .config file ??

with Thanks

Amjath

Jeff_Yao · ‎2016-05-30

hi,

"fsecurity apply" should work as well. personally recommand you do it on client side. i recall there's a bug in "fsecurity apply". below TR includes some chapters you can read thru. checking 2.3 and 2.4. it should be helpful.

http://www.netapp.com/us/media/tr-3596.pdf

thanks

Jeff

Giving permission (AD groupd access) to a Folder inside a cifs share via .Net API (or CLI)

NetApp 7Mode, how to add AD group permission to a folder using .net API or NetApp CLI

Re: Giving permission (AD groupd access) to a Folder inside a cifs share via .Net API (or CLI)

Re: Giving permission (AD groupd access) to a Folder inside a cifs share via .Net API (or CLI)

Re: NetApp 7Mode, how to add AD group permission to a folder using .net API or NetApp CLI

Re: NetApp 7Mode, how to add AD group permission to a folder using .net API or NetApp CLI

Re: NetApp 7Mode, how to add AD group permission to a folder using .net API or NetApp CLI