NetApp CIFS Setup (Windows Shares) Using Active Directory Authentication
How to Setup CIFS on a NetApp filer using Active Directory Authentication, before we continue you need the CIFS license installed on your filer, if you are using the NetApp simulator here are a list of NetApp simulator codes.
Install NetApp License Code
license install CODE
This Netapp HowTo is useful for the following
NetApp Setup Windows Share
NetApp CIFS Setup
NetApp CIFS Active Directory Authentication
NetApp Active Directory Authentication
AD Auth NetApp
NetApp CIFS Setup
The following tutorial will walk you though the steps required to setup CIFS (Windows Shares) on your NetApp filer. I have chosen to use Active Directory Authentication as I think this will be most peoples choice when setting up Windows CIFS Shares. It is still possible to follow this guide and chose a different authentication option such as NIS or LDAP.
Step 1: setup cifs - WINS
netapp01> cifs setup
This process will enable CIFS access to the filer from a Windows(R) system.
Use "?"for help at any prompt and Ctrl-C to exit without committing changes.
Your filer does not have WINS configured and is visible only to
clients on the same subnet.
Do you want to make the system visible via WINS? [n]:
I don’t use WINS, you might.
Step 2: cifs setup - Multiprotocol filer or NFS-only
A filer can be configured for multiprotocol access, or as an NTFS-only
filer. Since multiple protocols are currently licensed on this filer,
we recommend that you configure this filer as a multiprotocol filer
(1) Multiprotocol filer
(2) NTFS-only filer
Selection (1-2)? : 1
I select option 1 as I also want the option of using NFS mounts on Linux, if you are a Windows only shop you might consider using just NTFS.
Step 3: cifs setup - set root password
CIFS requires local /etc/passwd and /etc/group files and default files
will be created. The default passwd file contains entries for'root',
'pcuser', and 'nobody'.
Enter the password for the root user :
Retype the password:
Step 4: cifs setup - Set CIFS Server Name
The default name for this CIFS server is 'NETAPP01'.
Would you like to change this name? [n]:
I am happy with the name NETAPP01 for my server name, if you wish you can change this.
Data ONTAP CIFS services support four styles of user authentication.
Choose the one from the list below that best suits your situation.
(1) Active Directory domain authentication (Active Directory domains only)(2) Windows NT 4 domain authentication (Windows NT or Active Directory domains)(3) Windows Workgroup authentication using the filer's local user accounts
(4) /etc/passwd and/or NIS/LDAP authentication
Selection (1-4)? :1
I have chosen Active Directory as this is most likely what you’ll be using if you’re setting up CIFS shares.
If you don’t have the DNS resolver service configured you will need to do so:
Step 6: cifs setup - CIFS must use the DNS resolver service
In order to operate correctly within an Active Directory-based Windows
domain, CIFS must use the DNS resolver service. That service is
currently not configured on the filer. You must either configure DNS
resolver services or choose a different authentication style.
Do you want to configure the filer's DNS resolver service? [y]:What is the filer's DNS domain name? : netapp01.corp.linuxmoz.com
What are the IPv4/IPv6 address(es) of your authoritative DNS name server(s)? [220.127.116.11]:192.168.75.99
Would you like to specify additional DNS name servers? [n]:
What is the name of the Active Directory domain? [netapp01.corp.linuxmoz.com]: corp.linuxmoz.com
Step 7: cifs setup - Network Time Servers NTP
In Active Directory-based domains, it is essential that the filer's time match the domain's internal time so that the Kerberos-based
authentication system works correctly. If the time difference between
the filer and the domain controllers is more than 5 minutes,
authentication will fail. Time services are currently not configured
on this filer.
Would you like to configure time services? [y]:n
I would normally configure this option however I don’t have an NTP server setup yet in my virtual lab.
Step 8: cifs setup - Create Active Directory Machine Account for Filer
In order to create an Active Directory machine account for the filer,
you must supply the name and password of a Windows account with
sufficient privileges to add computers to the CORP.LINUXMOZ.COM
Enter the name of the Windows user [Administrator@CORP.LINUXMOZ.COM]:administrator
Password for administrator:
CIFS - Logged in as administrator@CORP.LINUXMOZ.COM.
The user that you specified has permission to create the filer's
machine account in several (2) containers. Please choose where you
would like this account to be created.
(3) None of the above
Selection (1-3)? :1
Step 9: cifs setup - Set local administrator account
CIFS - Starting SMB protocol...
Sun May 19 19:01:25 GMT [netapp01:passwd.changed:info]: passwd for user 'root' changed.
It is highly recommended that you create the local administrator
account (NETAPP01\administrator)for this filer. This account allows
access to CIFS from Windows when domain controllers are not
Do you want to create the NETAPP01\administrator account? [y]:
Enter the new password for NETAPP01\administrator:
Retype the password:
Step 10: cifs setup - Add additional group to administer CIFS on filer
Currently the user "NETAPP01\administrator" and members of the group
"CORP\Domain Admins" have permission to administer CIFS on this filer.
You may specify an additional user or group to be added to the filer's
"BUILTIN\Administrators" group, thus giving them administrative
privileges as well.
Would you like to specify a user or group that can administer CIFS? [n]:
The “Domain Admin” group is sufficent for me (you might want to change / lock this down further).
Finally you should see:
Step 11: cifs setup - CIFS local server is running.
Welcome to the CORP.LINUXMOZ.COM (CORP) Active Directory(R) domain.
CIFS local server is running.