NetApp CIFS文件共享创建

怀抱观古今,寝食展戏谑。这篇文章主要讲述NetApp CIFS文件共享创建相关的知识,希望能为你提供帮助。
 

  本文档适用于7-mode操作系统为DATA ONTAP 8.2.7
License准备
CIFS 是需要License的,但奇怪的是没有License,你还是可以创建shares,但是访问不了。 不像NFS等别的功能,没有license,第一步就提示你做不了。
netapptest1& gt; license show -type CIFS
license show: & quot; CIFS& quot; is an unrecognized license type, skipping.
Serial Number: 4079432-74-8
Owner: netapptest1
Package                    Type      Description                    Expiration
----------------- ------- --------------------- --------------------                       
CIFS                          license CIFS License                  -
Data ONTAP 支持以下几种CIFS验证方法:
(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication ( Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer’s local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication
一般来说,如果没有AD的话,采用第三种,否则第一种。运行cifs setup命令,如果CIFS已经在运行,则需要运行cifs terminate停掉当前CIFS服务。不能在线修改CIFS
选择1使用Active Directory domain 认证配置向导;
创建方法
还是运行cifs setup命令。我们需要注意和准备好的是:
1WINS信息,这是可选的;
2)时间服务器,如果时间差超过5分钟,Kerberos认证就可能通不过;
3Windows域及管理员帐户信息;
4) DNS要提前配置好。
 
etapptest1& gt; cifs setup     
This process will enable CIFS access to the filer from a Windows(R) system.
Use & quot; ?& quot; for help at any prompt and Ctrl-C to exit without committing changes.
 
              This filer is currently a member of the Windows-style workgroup
              ‘WORKGROUP‘.
Do you want to continue and change the current filer account information? [n]: y
              Your filer does not have WINS configured and is visible only to
              clients on the same subnet.
Do you want to make the system visible via WINS? [n]: y
              You can enter up to 4 IPv4 WINS server addresses.
IPv4 address(es) of your WINS name server(s) []: 192.168.0.130
Would you like to specify additional WINS name servers? [n]:
              This filer is currently configured as an NTFS-only filer.
Would you like to reconfigure this filer to be a multiprotocol filer? [n]:
              The default name for this CIFS server is ‘NETAPPTEST1‘.
Would you like to change this name? [n]:
              Data ONTAP CIFS services support four styles of user authentication.
              Choose the one from the list below that best suits your situation.
 
(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer‘s local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication
 
Selection (1-4)? [1]: 1
What is the name of the Active Directory domain? [vmware-test.com]: vmware-test.com
              In Active Directory-based domains, it is essential that the filer‘s
              time match the domain‘s internal time so that the Kerberos-based
              authentication system works correctly. If the time difference between
              the filer and the domain controllers is more than 5 minutes,
              authentication will fail. Time services are currently not configured
              on this filer.
Would you like to configure time services? [y]: y
              CIFS Setup will configure basic time services. To continue, you must
              specify one or more time servers. Specify values as a comma or space
              separated list of server names or IPv4 addresses. In Active
              Directory-based domains, you can also specify the fully qualified
              domain name of the domain being joined (for example:
              & quot; VMWARE-TEST.COM& quot; ), and time services will use those domain
              controllers as time servers.
Enter the time server host(s) and/or address(es) [VMWARE-TEST.COM]: 192.168.0.130
Would you like to specify additional time servers? [n]:
1 entry was deleted.
              In order to create an Active Directory machine account for the filer,
              you must supply the name and password of a Windows account with
              sufficient privileges to add computers to the VMWARE-TEST.COM domain.
Enter the name of the Windows user [[email  protected]]: administrator
Password for administrator:
CIFS - Logged in as [email  protected]
              An account that matches the name ‘NETAPPTEST1‘ already exists in
              Active Directory: ‘cn=netapptest1,cn=computers,dc=vmware-test,dc=com‘.
              This is normal if you are re-running CIFS Setup. You may continue by
              using this account or changing the name of this CIFS server.
Do you want to re-use this machine account? [y]: y
CIFS - Starting SMB protocol...
              Currently the user & quot; NETAPPTEST1\administrator& quot; and members of the
              group & quot; VMWARE-TEST\Domain Admins& quot; have permission to administer CIFS
              on this filer. You may specify an additional user or group to be added
              to the filer‘s & quot; BUILTIN\Administrators& quot; group, thus giving them
              administrative privileges as well.
Would you like to specify a user or group that can administer CIFS? [n]:
Welcome to the VMWARE-TEST.COM (VMWARE-TEST) Active Directory(R) domain.
CIFS local server is running.
当前域控制的信息:(这些信息其实通过DNS获得的)
etapptest1& gt; cifs domaininfo
NetBios Domain:                                                VMWARE-TEST
Windows Domain Name:                                      vmware-test.com
Domain Controller Functionality:              Windows 2003
Domain Functionality:                                    Windows 2000
Forest Functionality:                                  Windows 2000
Filer AD Site:                                                  Default-First-Site-Name
 
Current Connected DCs:                                  \\DOMAIN-SERVER
Total DC addresses found:                            1
Preferred Addresses:
                                                                              None
Favored Addresses:
                                                                              192.168.0.130    DOMAIN-SERVER      PDCOther Addresses:
                                                                              None
Connected AD LDAP Server:                            \\domain-server.vmware-test.com
Preferred Addresses:
                                                                              None
Favored Addresses:
                                                                              192.168.0.130   
                                                                                domain-server.vmware-test.comOther Addresses:
                                                                              None
访问方法
可以使用域中的任何一个用户访问。当然之前创建的本地用户仍然可以访问。
NetApp CIFS文件共享创建

文章图片

我们可以查看当前有哪些用户在访问CIFS
netapptest1& gt; cifs sessions
Server Registers as ‘NETAPPTEST1‘ in Windows domain ‘VMWARE-TEST‘
Root volume language is not set. Use vol lang.
WINS Server: 192.168.0.130
Selected domain controller \\DOMAIN-SERVER for authentication
====================================================
PC IP(PC Name) (user)                    #shares    #files
192.168.0.130(DOMAIN-SERVER) (VMWARE-TEST\administrator - pcuser)
                                                                          1              0
192.168.0.200(DTC1F0FFA71982F) (NETAPPTEST1\administrator - pcuser)
创建CIFS share
2种方法可以创建:
1)通过Windows MMC来创建
2)通过命令行或图形界面来创建
通过Windows MMC来创建CIFS share
NetApp CIFS文件共享创建

文章图片

通过命令行创建CIFS share
netapptest1& gt; cifs shares -add Website /vol/FlexVol01 -comment & quot; Website for Wordpress& quot;
netapptest1& gt;
netapptest1& gt;
netapptest1& gt; cifs shares
Name                Mount Point                                            Description
----                -----------                                            -----------
ETC$                /etc                                                        Remote Administration
                                              BUILTIN\Administrators / Full Control
HOME                /vol/vol0/home                                      Default Share
                                              everyone / Full Control
C$                    /                                                                Remote Administration
                                              BUILTIN\Administrators / Full Control
Website          /vol/FlexVol01                                      Website for Wordpress
                                              everyone / Full Control
NetApp CIFS文件共享创建

文章图片

权限设定
CIFS 的权限是由两层控制的, share level File level (就是在windows 中创建的)
绝大部分的客户都是把share level设置为everyone/ Full control, 而在windows 中进行权限的控制的。 因为AD 中的授权是比较细致的。
【NetApp CIFS文件共享创建】除非客户有很高的安全考虑, 才会在2level 中都进行权限的控制的。  而且2层的权限设定管理起来会比较繁琐, 因为任意一层的权限不足都会导致访问失败。

    推荐阅读