Simulate ONTAP 8: Setup CIFS

This is a really short post. A first step can be the configuration of CIFS. This is done using “cifs setup” command. After you’ve setup CIFS, you can create volumes and qtrees, you can share them with you Windows server etc. It’s a good start into your Data ONTAP 8 journey.

The requirements

All you need is a configured ONTAP 8 simulator instance and a Windows Domain Controller with Active Directory.

The configuration steps

Access your ONTAP 8 simulator with SSH and type “cifs setup”. Then follow the instructions. It’s really easy…

netapp1> cifs setup
This process will enable CIFS access to the filer from a Windows(R) system.
Use "?" for help at any prompt and Ctrl-C to exit without committing changes.

        Your filer does not have WINS configured and is visible only to
        clients on the same subnet.
Do you want to make the system visible via WINS? [n]:
        A filer can be configured for multiprotocol access, or as an NTFS-only
        filer. Since NFS, DAFS, VLD, FCP, and iSCSI are not licensed on this
        filer, we recommend that you configure this filer as an NTFS-only
        filer

(1) NTFS-only filer
(2) Multiprotocol filer

Selection (1-2)? [1]: 2
        CIFS requires local /etc/passwd and /etc/group files and default files
        will be created.  The default passwd file contains entries for 'root',
        'pcuser', and 'nobody'.
        The default name for this CIFS server is 'NETAPP1'.
Would you like to change this name? [n]:
        Data ONTAP CIFS services support four styles of user authentication.
        Choose the one from the list below that best suits your situation.

(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication

Selection (1-4)? [1]: 1
What is the name of the Active Directory domain? [lab.local]:
        In Active Directory-based domains, it is essential that the filer's
        time match the domain's internal time so that the Kerberos-based
        authentication system works correctly. If the time difference between
        the filer and the domain controllers is more than 5 minutes,
        authentication will fail. Time services are currently not configured
        on this filer.
Would you like to configure time services? [y]: y

        CIFS Setup will configure basic time services. To continue, you must
        specify one or more time servers. Specify values as a comma or space
        separated list of server names or IPv4 addresses. In Active
        Directory-based domains, you can also specify the fully qualified
        domain name of the domain being joined (for example: "LAB.LOCAL"), and
        time services will use those domain controllers as time servers.
Enter the time server host(s) and/or address(es) [LAB.LOCAL]:
Would you like to specify additional time servers? [n]:

        In order to create an Active Directory machine account for the filer,
        you must supply the name and password of a Windows account with
        sufficient privileges to add computers to the LAB.LOCAL domain.
Enter the name of the Windows user [Administrator@LAB.LOCAL]:
Password for Administrator@LAB.LOCAL:
CIFS - Logged in as Administrator@LAB.LOCAL.
        The user that you specified has permission to create the filer's
        machine account in several (7) containers. Please choose where you
        would like this account to be created.

(1) CN=computers
(2) OU=Domain Controllers
(3) OU=LAB
(4) OU=Users,OU=LAB
(5) OU=Groups,OU=LAB
(6) OU=Computers,OU=LAB
(7) OU=Admins,OU=LAB
(8) None of the above

Selection (1-8)? [1]: 1
CIFS - Starting SMB protocol...
        It is highly recommended that you create the local administrator
        account (NETAPP1administrator) for this filer. This account allows
        access to CIFS from Windows when domain controllers are not
        accessible.
Do you want to create the NETAPP1administrator account? [y]:
Enter the new password for NETAPP1administrator:
Retype the password:
        Currently the user "NETAPP1administrator" and members of the group
        "LABDomain Admins" have permission to administer CIFS on this filer.
        You may specify an additional user or group to be added to the filer's
        "BUILTINAdministrators" group, thus giving them administrative
        privileges as well.
Would you like to specify a user or group that can administer CIFS? [n]:
Welcome to the LAB.LOCAL (LAB) Active Directory(R) domain.

CIFS local server is running.
netapp1>

There are a couple of default shares after the cifs setup.

netapp1> cifs shares
Name         Mount Point                       Description
---- ----------- -----------
ETC$         /etc                              Remote Administration
                        BUILTINAdministrators / Full Control
HOME         /vol/vol0/home                    Default Share
                        everyone / Full Control
C$           /                                 Remote Administration
                        BUILTINAdministrators / Full Control
netapp1>

Now you should be able to access the shares, as long as the user has sufficient access rights. I used the Domain Administrator account to access the C$ share.

Patrick Terlisten/ vcloudnine.de/ Creative Commons CC0

Patrick Terlisten/ vcloudnine.de/ Creative Commons CC0

Additional knowledge

A nice command line cheat sheet can be found [here](NetApp Commandline Cheatsheet). In addition, the 8.2.1 7-Mode documentation can be found on the support web site of NetApp. I strongly recommend to take a look at this.