LinuxMoz

Linux Stuff && Coffee

NetApp CIFS Setup (Windows Shares) Using Active Directory Authentication

How to Setup CIFS on a NetApp filer using Active Directory Authentication, before we continue you need the CIFS license installed on your filer, if you are using the NetApp simulator here are a list of NetApp simulator codes.

Install NetApp License Code
1
license install CODE

This Netapp HowTo is useful for the following

  • NetApp Setup Windows Share
  • NetApp CIFS Setup
  • NetApp CIFS Active Directory Authentication
  • NetApp Active Directory Authentication
  • AD Auth NetApp

NetApp CIFS Setup

The following tutorial will walk you though the steps required to setup CIFS (Windows Shares) on your NetApp filer. I have chosen to use Active Directory Authentication as I think this will be most peoples choice when setting up Windows CIFS Shares. It is still possible to follow this guide and chose a different authentication option such as NIS or LDAP.

Step 1: setup cifs - WINS
1
2
3
4
5
6
7
netapp01> cifs setup
This process will enable CIFS access to the filer from a Windows(R) system.
Use "?" for help at any prompt and Ctrl-C to exit without committing changes.

        Your filer does not have WINS configured and is visible only to
        clients on the same subnet.
Do you want to make the system visible via WINS? [n]:

I don’t use WINS, you might.

Step 2: cifs setup - Multiprotocol filer or NFS-only
1
2
3
4
5
6
7
8
A filer can be configured for multiprotocol access, or as an NTFS-only
        filer. Since multiple protocols are currently licensed on this filer,
        we recommend that you configure this filer as a multiprotocol filer

(1) Multiprotocol filer
(2) NTFS-only filer

Selection (1-2)? [1]: 1

I select option 1 as I also want the option of using NFS mounts on Linux, if you are a Windows only shop you might consider using just NTFS.

Step 3: cifs setup - set root password
1
2
3
4
5
 CIFS requires local /etc/passwd and /etc/group files and default files
        will be created.  The default passwd file contains entries for 'root',
        'pcuser', and 'nobody'.
Enter the password for the root user []:
Retype the password:
Step 4: cifs setup - Set CIFS Server Name
1
2
    The default name for this CIFS server is 'NETAPP01'.
Would you like to change this name? [n]:

I am happy with the name NETAPP01 for my server name, if you wish you can change this.

Step 5: cifs setup - Authentication Type, NIS, LDAP, Active Direoctory
1
2
3
4
5
6
7
8
9
    Data ONTAP CIFS services support four styles of user authentication.
    Choose the one from the list below that best suits your situation.

(1) Active Directory domain authentication (Active Directory domains only)
(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)
(3) Windows Workgroup authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication

Selection (1-4)? [1]:1

I have chosen Active Directory as this is most likely what you’ll be using if you’re setting up CIFS shares.

If you don’t have the DNS resolver service configured you will need to do so:

Step 6: cifs setup - CIFS must use the DNS resolver service
1
2
3
4
5
6
7
8
9
    In order to operate correctly within an Active Directory-based Windows
    domain, CIFS must use the DNS resolver service. That service is
    currently not configured on the filer. You must either configure DNS
    resolver services or choose a different authentication style.
Do you want to configure the filer's DNS resolver service? [y]:
What is the filer's DNS domain name? []: netapp01.corp.linuxmoz.com
What are the IPv4/IPv6 address(es) of your authoritative DNS name server(s)? [8.8.8.8]:192.168.75.99
Would you like to specify additional DNS name servers? [n]:
What is the name of the Active Directory domain? [netapp01.corp.linuxmoz.com]: corp.linuxmoz.com
Step 7: cifs setup - Network Time Servers NTP
1
2
3
4
5
6
7
     In Active Directory-based domains, it is essential that the filer's
        time match the domain's internal time so that the Kerberos-based
        authentication system works correctly. If the time difference between
        the filer and the domain controllers is more than 5 minutes,
        authentication will fail. Time services are currently not configured
        on this filer.
Would you like to configure time services? [y]:n

I would normally configure this option however I don’t have an NTP server setup yet in my virtual lab.

Step 8: cifs setup - Create Active Directory Machine Account for Filer
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
    In order to create an Active Directory machine account for the filer,
    you must supply the name and password of a Windows account with
    sufficient privileges to add computers to the CORP.LINUXMOZ.COM
    domain.
Enter the name of the Windows user [Administrator@CORP.LINUXMOZ.COM]:administrator
Password for administrator:
CIFS - Logged in as administrator@CORP.LINUXMOZ.COM.
    The user that you specified has permission to create the filer's
    machine account in several (2) containers. Please choose where you
    would like this account to be created.

(1) CN=computers
(2) OU=Domain Controllers
(3) None of the above

Selection (1-3)? [1]:1
Step 9: cifs setup - Set local administrator account
1
2
3
4
5
6
7
8
9
CIFS - Starting SMB protocol...
Sun May 19 19:01:25 GMT [netapp01:passwd.changed:info]: passwd for user 'root' changed.
        It is highly recommended that you create the local administrator
        account (NETAPP01\administrator) for this filer. This account allows
        access to CIFS from Windows when domain controllers are not
        accessible.
Do you want to create the NETAPP01\administrator account? [y]:
Enter the new password for NETAPP01\administrator:
Retype the password:
Step 10: cifs setup - Add additional group to administer CIFS on filer
1
2
3
4
5
6
7

Currently the user "NETAPP01\administrator" and members of the group
        "CORP\Domain Admins" have permission to administer CIFS on this filer.
        You may specify an additional user or group to be added to the filer's
        "BUILTIN\Administrators" group, thus giving them administrative
        privileges as well.
Would you like to specify a user or group that can administer CIFS? [n]:

The “Domain Admin” group is sufficent for me (you might want to change / lock this down further).

Finally you should see:

Step 11: cifs setup - CIFS local server is running.
1
2
3
Welcome to the CORP.LINUXMOZ.COM (CORP) Active Directory(R) domain.

CIFS local server is running.

Next follow our HowTo create CIFS shares on NetApp filers article.

You might be interested in my other Netapp Commands / HowTo’s.

Comments