Saturday, 29 March 2014

How to Configure and Access CIFS Server on NETAPP Filler



NetApp Support File and Block at the same time dislike EMC which depends upon the hardware and have to buy block and file separately or you can go for unified in EMC Storage. well in this writeup I am going to share Cifs setup configuration via CLI. you will be required to have a user which have administrative access in you Active Directory, Active directory's primary and secondary Ip addresses and Time Server Ip Addresses for Time Sync. and yeah you must have CIFS license, NetApps allow you to create CIFS and share them once the CIFS license is purchased. Nothing is free, except maybe samba :D
First Login as root from putty or any other software like this.

FILLER1>
FILLER1>
FILLER1> cifs setup
This process will enable CIFS access to the filer from a Windows(R) system.
Use "?" for help at any prompt and Ctrl-C to exit without committing changes.

        Your filer does not have WINS configured and is visible only to
        clients on the same subnet.
Do you want to make the system visible via WINS? [n]:
n
        A filer can be configured for multiprotocol access, or as an NTFS-only
        filer. Since multiple protocols are currently licensed on this filer,
        we recommend that you configure this filer as a multiprotocol filer

(1) Multiprotocol filer
(2) NTFS-only filer

Selection (1-2)? [1]:
1
        CIFS requires local /etc/passwd and /etc/group files and default files
        will be created.  The default passwd file contains entries for 'root',
        'pcuser', and 'nobody'.
Enter the password for the root user []:
root
Password validation failed. Password has been used sometime in the last 6 changes
Enter the password for the root user []:
rootPassword
Retype the password: rootPassword
        The default name for this CIFS server is 'FILLER1'.Would you like to change this name? [n]:
        Data ONTAP CIFS services support four styles of user authentication.
        Choose the one from the list below that best suits your situation.

(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication



Selection (1-4)? [1]: 1
        In order to operate correctly within an Active Directory-based Windows
        domain, CIFS must use the DNS resolver service. That service is
        currently not configured on the filer. You must either configure DNS
        resolver services or choose a different authentication style.
Do you want to configure the filer's DNS resolver service? [y]
:y
What is the filer's DNS domain name? []: <DNS_DOMAIN_NAME_HERE>What are the IPv4/IPv6 address(es) of your authoritative DNS name server(s)? []: <FIRST_DNS_IP_HERE>Would you like to specify additional DNS name servers? [n]: y -->If you have one domain select
'N' here

What are the IPv4/IPv6 address(es) of your authoritative DNS name server(s)? []: <2nd_DNS_IP>Would you like to specify additional DNS name servers? [n]:
What is the name of the Active Directory domain? [ActiveDirectoryDomainName]:
        In Active Directory-based domains, it is essential that the filer's
        time match the domain's internal time so that the Kerberos-based
        authentication system works correctly. If the time difference between
        the filer and the domain controllers is more than 5 minutes,
        authentication will fail. Time services are currently not configured
        on this filer.

Would you like to configure time services? [y]:y
        CIFS Setup will configure basic time services. To continue, you must
        specify one or more time servers. Specify values as a comma or space
        separated list of server names or IPv4 addresses. In Active
        Directory-based domains, you can also specify the fully qualified
        domain name of the domain being joined (for example: "Domain"), and
        time services will use those domain controllers as time servers.
Enter the time server host(s) and/or address(es) [DomainName]:
<TimeSyncServerIp>Would you like to specify additional time servers? [n]: n
Wed Jul 17 20:00:00 GMT [FILLER1:kern.uptime.filer:info]:   8:00pm up 25 mins, 0 NFS ops, 0
CIFS ops, 0 HTTP ops, 0 FCP ops, 0 iSCSI ops
Wed Jul 17 20:00:06 GMT [FILLER1:sp.network.link.down:warning]: Service Processor (SP) network port link down due to cable or network errors.
Would you like to specify additional time servers? [n]:
        In order to create an Active Directory machine account for the filer,
        you must supply the name and password of a Windows account with
        sufficient privileges to add computers to the <DOMAIN_NAME>
domain.
Enter the name of the Windows user [Administrator@DOMAIN]: AD_PRIVS_USER
Password for AD_PRIVS_USER: ****

CIFS - Logged in as AD_PRIVS_USER@DomainName
An account that matches the name 'AD_PRIVS_USER' already exists in Active
Directory: 'cn=itsotuc2,cn=computers,dc=itso,dc=tucson'. This is
normal if you are re-running CIFS Setup. You may continue by using
this account or changing the name of this CIFS server.
Do you want to re-use this machine account? [y]:
y

CIFS - Starting SMB protocol...
Currently the user "DomainName\administrator" and members of the group
"DomainName\Domain Admins" have permission to administer CIFS on this filer.
You may specify an additional user or group to be added to the filer's
"BUILTIN\Administrators" group, thus giving them administrative
privleges as well.
Would you like to specify a user or group that can administer CIFS? [n]:
n
Welcome to the DomainName (DomainName) Active Directory(R) domain.
CIFS local server is running.

FILLER1>
FILLER1>cifs domaininfo  <-- This command will show you the configuration.

Below mentioned statements  will create Volume, Qtree and their securities and cifs share with Snap and vol options;

vol create vol_name aggr0 120G
qtree create /vol/vol_nameqtree_01
qtree security /vol/vol_name mixed
qtree security /vol/vol_name/qtree_01 mixed
cifs shares -add images$ /vol/vol_name/qtree_01
vol options vol_name nosnap on
snap reserve vol_name
snap sched vol_name 0
vol options vol_name nvfail on
vol options vol_name minra on

est your CIFS share using the UNC path 
Use a path such as:  \\IP-address-of-your-filer\vol_name

Thats it!!!