Create a CIFS server
POST /protocols/cifs/services
Introduced In: 9.6
Creates a CIFS server. Each SVM can have one CIFS server.
Important notes
-
The CIFS server name might or might not be the same as the SVM name.
-
The CIFS server name can contain up to 15 characters.
-
The CIFS server name does not support the following characters: @ # * ( ) = + [ ] \| ; : " , < > / ?
Required properties
-
svm.uuid
orsvm.name
- Existing SVM in which to create the CIFS server. -
name
- Name of the CIFS server. -
ad_domain.fqdn
- Fully qualified domain name of the Windows Active Directory to which this CIFS server belongs. -
ad_domain.user
- User account with the access to add the CIFS server to the Active Directory. -
ad_domain.password
- Account password used to add this CIFS server to the Active Directory.
Recommended optional properties
-
comment
- Add a text comment of up to 48 characters about the CIFS server. -
netbios.aliases
- Add a comma-delimited list of one or more NetBIOS aliases for the CIFS server. -
netbios.wins_servers
- Add a list of Windows Internet Name Server (WINS) addresses that manage and map the NetBIOS name of the CIFS server to their network IP addresses. The IP addresses must be IPv4 addresses.
Default property values
If not specified in POST, the following default property values are assigned:
-
ad_domain.organizational_unit
- CN=Computers -
enabled
- true -
restrict_anonymous
- no_enumeration -
smb_signing
- false -
smb_encryption
- false -
encrypt_dc_connection
- false -
kdc_encryption
- false -
default_unix_user
- pcuser -
netbios_enabled
- false However, if either "netbios.wins-server" or "netbios.aliases" is set during POST and ifnetbios_enabled
is not specified thennetbios_enabled
is set to true. -
aes_netlogon_enabled
- false -
try_ldap_channel_binding
- true -
ldap_referral_enabled
- false
Related ONTAP commands
-
vserver cifs server create
-
vserver cifs server options modify
-
vserver cifs security modify
-
vserver cifs server add-netbios-aliases
Learn more
Parameters
Name | Type | In | Required | Description |
---|---|---|---|---|
force |
boolean |
query |
False |
If this is set and a machine account with the same name as specified in 'cifs-server name' exists in the Active Directory, existing machine account will be overwritten and reused.
|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When doing a POST, PATCH, or DELETE operation on a single record, the default is 0 seconds. This means that if an asynchronous operation is started, the server immediately returns HTTP code 202 (Accepted) along with a link to the job. If a non-zero value is specified for POST, PATCH, or DELETE operations, ONTAP waits that length of time to see if the job completes so it can return something other than 202.
|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
Request Body
Name | Type | Description |
---|---|---|
_links |
||
ad_domain |
||
comment |
string |
A descriptive text comment for the CIFS server. SMB clients can see the CIFS server comment when browsing servers on the network. If there is a space in the comment, you must enclose the entire string in quotation marks. |
default_unix_user |
string |
Specifies the UNIX user to which any authenticated CIFS user is mapped to, if the normal user mapping rules fails. |
enabled |
boolean |
Specifies if the CIFS service is administratively enabled. |
group_policy_object_enabled |
boolean |
If set to true, group policies will be applied to the SVM. |
metric |
||
name |
string |
The name of the CIFS server. |
netbios |
||
options |
||
security |
||
statistics |
||
svm |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"ad_domain": {
"default_site": "string",
"fqdn": "example.com",
"organizational_unit": "string",
"password": "string",
"user": "string"
},
"comment": "This CIFS Server Belongs to CS Department",
"default_unix_user": "string",
"metric": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"duration": "PT15S",
"iops": {
"read": 200,
"total": 1000,
"write": 100
},
"latency": {
"read": 200,
"total": 1000,
"write": 100
},
"status": "ok",
"throughput": {
"read": 200,
"total": 1000,
"write": 100
},
"timestamp": "2017-01-25 06:20:13 -0500"
},
"name": "CIFS1",
"netbios": {
"aliases": [
"ALIAS_1",
"ALIAS_2",
"ALIAS_3"
],
"wins_servers": [
"10.224.65.20",
"10.224.65.21"
]
},
"options": {
"null_user_windows_name": "string",
"smb_credits": 128,
"widelink_reparse_versions": [
"smb1"
]
},
"security": {
"advertised_kdc_encryptions": [
"string"
],
"lm_compatibility_level": "string",
"restrict_anonymous": "string",
"session_security": "string"
},
"statistics": {
"iops_raw": {
"read": 200,
"total": 1000,
"write": 100
},
"latency_raw": {
"read": 200,
"total": 1000,
"write": 100
},
"status": "ok",
"throughput_raw": {
"read": 200,
"total": 1000,
"write": 100
},
"timestamp": "2017-01-25 06:20:13 -0500"
},
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
}
}
Response
Status: 202, Accepted
Name | Type | Description |
---|---|---|
job |
Example response
{
"job": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"uuid": "string"
}
}
Headers
Name | Description | Type |
---|---|---|
Location |
Useful for tracking the resource location |
string |
Error
Status: Default
ONTAP Error Response Codes
Error Code | Description |
---|---|
4915251 |
STARTTLS and LDAPS cannot be used together. |
Name | Type | Description |
---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}
Definitions
See Definitions
href
Name | Type | Description |
---|---|---|
href |
string |
_links
Name | Type | Description |
---|---|---|
self |
ad_domain
Name | Type | Description |
---|---|---|
default_site |
string |
The default site used by LIFs that do not have a site membership. |
fqdn |
string |
The fully qualified domain name of the Windows Active Directory to which this CIFS server belongs. A CIFS server appears as a member of Windows server object in the Active Directory store. POST and PATCH only. |
organizational_unit |
string |
Specifies the organizational unit within the Active Directory domain to associate with the CIFS server. POST and PATCH only. |
password |
string |
The account password used to add this CIFS server to the Active Directory. This is not audited. |
user |
string |
The user account used to add this CIFS server to the Active Directory. |
iops
The rate of I/O operations observed at the storage object.
Name | Type | Description |
---|---|---|
other |
integer |
Performance metric for other I/O operations. Other I/O operations can be metadata operations, such as directory lookups and so on. |
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
latency
The round trip latency in microseconds observed at the storage object.
Name | Type | Description |
---|---|---|
other |
integer |
Performance metric for other I/O operations. Other I/O operations can be metadata operations, such as directory lookups and so on. |
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
throughput
The rate of throughput bytes per second observed at the storage object.
Name | Type | Description |
---|---|---|
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
metric
Name | Type | Description |
---|---|---|
_links |
||
duration |
string |
The duration over which this sample is calculated. The time durations are represented in the ISO-8601 standard format. Samples can be calculated over the following durations: |
iops |
The rate of I/O operations observed at the storage object. |
|
latency |
The round trip latency in microseconds observed at the storage object. |
|
status |
string |
Any errors associated with the sample. For example, if the aggregation of data over multiple nodes fails then any of the partial errors might be returned, "ok" on success, or "error" on any internal uncategorized failure. Whenever a sample collection is missed but done at a later time, it is back filled to the previous 15 second timestamp and tagged with "backfilled_data". "Inconsistent_ delta_time" is encountered when the time between two collections is not the same for all nodes. Therefore, the aggregated value might be over or under inflated. "Negative_delta" is returned when an expected monotonically increasing value has decreased in value. "Inconsistent_old_data" is returned when one or more nodes do not have the latest data. |
throughput |
The rate of throughput bytes per second observed at the storage object. |
|
timestamp |
string |
The timestamp of the performance data. |
cifs_netbios
Name | Type | Description |
---|---|---|
aliases |
array[string] |
|
enabled |
boolean |
Specifies whether NetBios name service (NBNS) is enabled for the CIFS. If this service is enabled, the CIFS server will start sending the broadcast for name registration. |
wins_servers |
array[string] |
cifs_service_options
Name | Type | Description |
---|---|---|
admin_to_root_mapping |
boolean |
Specifies whether or not Administrator can be mapped to the UNIX user "root". |
advanced_sparse_file |
boolean |
Specifies whether or not the CIFS server supports the advanced sparse file capabilities. This allows CIFS clients to query the allocated ranges of a file and to write zeroes or free data blocks for ranges of a file. |
copy_offload |
boolean |
Specifies whether or not to enable the Copy Offload feature. This feature enables direct data transfers within or between compatible storage devices without transferring the data through the host computer. Note that this will also enable/disable the direct copy feature accordingly. |
export_policy_enabled |
boolean |
Specifies whether or not export policies are enabled for CIFS. |
fake_open |
boolean |
Specifies whether or not fake open support is enabled. This parameter allows you to optimize the open and close requests coming from SMB 2 clients. |
fsctl_trim |
boolean |
Specifies whether or not the trim requests (FSCTL_FILE_LEVEL_TRIM) are supported on the CIFS server. |
junction_reparse |
boolean |
Specifies whether or not the reparse point support is enabled. When enabled the CIFS server exposes junction points to Windows clients as reparse points. This parameter is only active if the client has negotiated use of the SMB 2 or SMB 3 protocol. This parameter is not supported for SVMs with Infinite Volume. |
large_mtu |
boolean |
Specifies whether or not SMB clients can send reads up to 1 MB in size. |
multichannel |
boolean |
Specifies whether or not the CIFS server supports Multichannel. |
null_user_windows_name |
string |
Specifies a Windows User or Group name that should be mapped in case of a NULL user value. |
path_component_cache |
boolean |
Specifies whether or not the path component cache is enabled on the CIFS server. |
referral |
boolean |
Specifies whether or not to refer clients to more optimal LIFs. When enabled, it automatically refers clients to a data LIF local to the node which hosts the root of the requested share. |
shadowcopy |
boolean |
Specifies whether or not to enable the Shadowcopy Feature. This feature enables to take share-based backup copies of data that is in a data-consistent state at a specific point in time where the data is accessed over SMB 3.0 shares. |
shadowcopy_dir_depth |
integer |
Specifies the maximum level of subdirectories on which ONTAP should create shadow copies.
|
smb_credits |
integer |
Specifies the maximum number of outstanding requests on a CIFS connection. |
widelink_reparse_versions |
array[string] |
Specifies the CIFS protocol versions for which the widelink is reported as reparse point. |
cifs_service_security
Name | Type | Description | ||
---|---|---|---|---|
advertised_kdc_encryptions |
array[string] |
|||
aes_netlogon_enabled |
boolean |
Specifies whether or not an AES session key is enabled for the Netlogon channel. |
||
encrypt_dc_connection |
boolean |
Specifies whether encryption is required for domain controller connections. |
||
kdc_encryption |
boolean |
|
||
ldap_referral_enabled |
boolean |
Specifies whether or not LDAP referral chasing is enabled for AD LDAP connections. |
||
lm_compatibility_level |
string |
It is CIFS server minimum security level, also known as the LMCompatibilityLevel. The minimum security level is the minimum level of the security tokens that the CIFS server accepts from SMB clients. The available values are:
|
||
restrict_anonymous |
string |
Specifies what level of access an anonymous user is granted. An anonymous user (also known as a "null user") can list or enumerate certain types of system information from Windows hosts on the network, including user names and details, account policies, and share names. Access for the anonymous user can be controlled by specifying one of three access restriction settings. The available values are:
|
||
session_security |
string |
Specifies client session security for AD LDAP connections. The available values are:
|
||
smb_encryption |
boolean |
Specifies whether encryption is required for incoming CIFS traffic. |
||
smb_signing |
boolean |
Specifies whether signing is required for incoming CIFS traffic. SMB signing helps to ensure that network traffic between the CIFS server and the client is not compromised. |
||
try_ldap_channel_binding |
boolean |
Specifies whether or not channel binding is attempted in the case of TLS/LDAPS. |
||
use_ldaps |
boolean |
Specifies whether or not to use use LDAPS for secure Active Directory LDAP connections by using the TLS/SSL protocols. |
||
use_start_tls |
boolean |
Specifies whether or not to use SSL/TLS for allowing secure LDAP communication with Active Directory LDAP servers. |
iops_raw
The number of I/O operations observed at the storage object. This should be used along with delta time to calculate the rate of I/O operations per unit of time.
Name | Type | Description |
---|---|---|
other |
integer |
Performance metric for other I/O operations. Other I/O operations can be metadata operations, such as directory lookups and so on. |
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
latency_raw
The raw latency in microseconds observed at the storage object. This should be divided by the raw IOPS value to calculate the average latency per I/O operation.
Name | Type | Description |
---|---|---|
other |
integer |
Performance metric for other I/O operations. Other I/O operations can be metadata operations, such as directory lookups and so on. |
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
throughput_raw
Throughput bytes observed at the storage object. This should be used along with delta time to calculate the rate of throughput bytes per unit of time.
Name | Type | Description |
---|---|---|
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
statistics
Name | Type | Description |
---|---|---|
iops_raw |
The number of I/O operations observed at the storage object. This should be used along with delta time to calculate the rate of I/O operations per unit of time. |
|
latency_raw |
The raw latency in microseconds observed at the storage object. This should be divided by the raw IOPS value to calculate the average latency per I/O operation. |
|
status |
string |
Any errors associated with the sample. For example, if the aggregation of data over multiple nodes fails then any of the partial errors might be returned, "ok" on success, or "error" on any internal uncategorized failure. Whenever a sample collection is missed but done at a later time, it is back filled to the previous 15 second timestamp and tagged with "backfilled_data". "Inconsistent_delta_time" is encountered when the time between two collections is not the same for all nodes. Therefore, the aggregated value might be over or under inflated. "Negative_delta" is returned when an expected monotonically increasing value has decreased in value. "Inconsistent_old_data" is returned when one or more nodes do not have the latest data. |
throughput_raw |
Throughput bytes observed at the storage object. This should be used along with delta time to calculate the rate of throughput bytes per unit of time. |
|
timestamp |
string |
The timestamp of the performance data. |
svm
Name | Type | Description |
---|---|---|
_links |
||
name |
string |
The name of the SVM. |
uuid |
string |
The unique identifier of the SVM. |
cifs_service
Name | Type | Description |
---|---|---|
_links |
||
ad_domain |
||
comment |
string |
A descriptive text comment for the CIFS server. SMB clients can see the CIFS server comment when browsing servers on the network. If there is a space in the comment, you must enclose the entire string in quotation marks. |
default_unix_user |
string |
Specifies the UNIX user to which any authenticated CIFS user is mapped to, if the normal user mapping rules fails. |
enabled |
boolean |
Specifies if the CIFS service is administratively enabled. |
group_policy_object_enabled |
boolean |
If set to true, group policies will be applied to the SVM. |
metric |
||
name |
string |
The name of the CIFS server. |
netbios |
||
options |
||
security |
||
statistics |
||
svm |
job_link
Name | Type | Description |
---|---|---|
_links |
||
uuid |
string |
The UUID of the asynchronous job that is triggered by a POST, PATCH, or DELETE operation. |
error_arguments
Name | Type | Description |
---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
error
Name | Type | Description |
---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |