NetApp CIFS文件共享创建 _文件

怀抱观古今，寝食展戏谑。这篇文章主要讲述NetApp CIFS文件共享创建相关的知识，希望能为你提供帮助。

本文档适用于7-mode操作系统为DATA ONTAP 8.2.7。

License准备
CIFS 是需要License的，但奇怪的是没有License，你还是可以创建shares，但是访问不了。不像NFS等别的功能，没有license，第一步就提示你做不了。
netapptest1& gt; license show -type CIFS
license show: & quot; CIFS& quot; is an unrecognized license type, skipping.
Serial Number: 4079432-74-8
Owner: netapptest1
Package Type Description Expiration
----------------- ------- --------------------- --------------------
CIFS license CIFS License -
Data ONTAP 支持以下几种CIFS验证方法：
(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication ( Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer’s local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication
一般来说，如果没有AD的话，采用第三种，否则第一种。运行cifs setup命令，如果CIFS已经在运行，则需要运行cifs terminate停掉当前CIFS服务。不能在线修改CIFS。
选择1使用Active Directory domain 认证配置向导；
创建方法
还是运行cifs setup命令。我们需要注意和准备好的是：
1）WINS信息，这是可选的；
2）时间服务器，如果时间差超过5分钟，Kerberos认证就可能通不过；
3）Windows域及管理员帐户信息；
4) DNS要提前配置好。

etapptest1& gt; cifs setup
This process will enable CIFS access to the filer from a Windows(R) system.
Use & quot; ?& quot; for help at any prompt and Ctrl-C to exit without committing changes.

This filer is currently a member of the Windows-style workgroup
‘WORKGROUP‘.
Do you want to continue and change the current filer account information? [n]: y
Your filer does not have WINS configured and is visible only to
clients on the same subnet.
Do you want to make the system visible via WINS? [n]: y
You can enter up to 4 IPv4 WINS server addresses.
IPv4 address(es) of your WINS name server(s) []: 192.168.0.130
Would you like to specify additional WINS name servers? [n]:
This filer is currently configured as an NTFS-only filer.
Would you like to reconfigure this filer to be a multiprotocol filer? [n]:
The default name for this CIFS server is ‘NETAPPTEST1‘.
Would you like to change this name? [n]:
Data ONTAP CIFS services support four styles of user authentication.
Choose the one from the list below that best suits your situation.

(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer‘s local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication

Selection (1-4)? [1]: 1
What is the name of the Active Directory domain? [vmware-test.com]: vmware-test.com
In Active Directory-based domains, it is essential that the filer‘s
time match the domain‘s internal time so that the Kerberos-based
authentication system works correctly. If the time difference between
the filer and the domain controllers is more than 5 minutes,
authentication will fail. Time services are currently not configured
on this filer.
Would you like to configure time services? [y]: y
CIFS Setup will configure basic time services. To continue, you must
specify one or more time servers. Specify values as a comma or space
separated list of server names or IPv4 addresses. In Active
Directory-based domains, you can also specify the fully qualified
domain name of the domain being joined (for example:
& quot; VMWARE-TEST.COM& quot; ), and time services will use those domain
controllers as time servers.
Enter the time server host(s) and/or address(es) [VMWARE-TEST.COM]: 192.168.0.130
Would you like to specify additional time servers? [n]:
1 entry was deleted.
In order to create an Active Directory machine account for the filer,
you must supply the name and password of a Windows account with
sufficient privileges to add computers to the VMWARE-TEST.COM domain.
Enter the name of the Windows user [[email protected]]: administrator
Password for administrator:
CIFS - Logged in as [email protected]
An account that matches the name ‘NETAPPTEST1‘ already exists in
Active Directory: ‘cn=netapptest1,cn=computers,dc=vmware-test,dc=com‘.
This is normal if you are re-running CIFS Setup. You may continue by
using this account or changing the name of this CIFS server.
Do you want to re-use this machine account? [y]: y
CIFS - Starting SMB protocol...
Currently the user & quot; NETAPPTEST1\administrator& quot; and members of the
group & quot; VMWARE-TEST\Domain Admins& quot; have permission to administer CIFS
on this filer. You may specify an additional user or group to be added
to the filer‘s & quot; BUILTIN\Administrators& quot; group, thus giving them
administrative privileges as well.
Would you like to specify a user or group that can administer CIFS? [n]:
Welcome to the VMWARE-TEST.COM (VMWARE-TEST) Active Directory(R) domain.
CIFS local server is running.
当前域控制的信息：（这些信息其实通过DNS获得的)
etapptest1& gt; cifs domaininfo
NetBios Domain: VMWARE-TEST
Windows Domain Name: vmware-test.com
Domain Controller Functionality: Windows 2003
Domain Functionality: Windows 2000
Forest Functionality: Windows 2000
Filer AD Site: Default-First-Site-Name

Current Connected DCs: \\DOMAIN-SERVER
Total DC addresses found: 1
Preferred Addresses:
None
Favored Addresses:
192.168.0.130 DOMAIN-SERVER PDCOther Addresses:
None
Connected AD LDAP Server: \\domain-server.vmware-test.com
Preferred Addresses:
None
Favored Addresses:
192.168.0.130
domain-server.vmware-test.comOther Addresses:
None
访问方法
可以使用域中的任何一个用户访问。当然之前创建的本地用户仍然可以访问。

文章图片

我们可以查看当前有哪些用户在访问CIFS：
netapptest1& gt; cifs sessions
Server Registers as ‘NETAPPTEST1‘ in Windows domain ‘VMWARE-TEST‘
Root volume language is not set. Use vol lang.
WINS Server: 192.168.0.130
Selected domain controller \\DOMAIN-SERVER for authentication
====================================================
PC IP(PC Name) (user) #shares #files
192.168.0.130(DOMAIN-SERVER) (VMWARE-TEST\administrator - pcuser)
1 0
192.168.0.200(DTC1F0FFA71982F) (NETAPPTEST1\administrator - pcuser)
创建CIFS share
有2种方法可以创建：
1）通过Windows MMC来创建
2）通过命令行或图形界面来创建
通过Windows MMC来创建CIFS share：

文章图片

通过命令行创建CIFS share
netapptest1& gt; cifs shares -add Website /vol/FlexVol01 -comment & quot; Website for Wordpress& quot;
netapptest1& gt;
netapptest1& gt;
netapptest1& gt; cifs shares
Name Mount Point Description
---- ----------- -----------
ETC$ /etc Remote Administration
BUILTIN\Administrators / Full Control
HOME /vol/vol0/home Default Share
everyone / Full Control
C$ / Remote Administration
BUILTIN\Administrators / Full Control
Website /vol/FlexVol01 Website for Wordpress
everyone / Full Control

文章图片

权限设定
CIFS 的权限是由两层控制的， share level 和 File level (就是在windows 中创建的)；
绝大部分的客户都是把share level设置为everyone/ Full control, 而在windows 中进行权限的控制的。因为AD 中的授权是比较细致的。
【NetApp CIFS文件共享创建】除非客户有很高的安全考虑，才会在2个level 中都进行权限的控制的。而且2层的权限设定管理起来会比较繁琐，因为任意一层的权限不足都会导致访问失败。