Skip to main content
A newer release of this product is available.

Create a CIFS server

Contributors
PDFs

POST /protocols/cifs/services

Creates a CIFS server. Each SVM can have one CIFS server.

Important notes

  • The CIFS server name might or might not be the same as the SVM name.

  • The CIFS server name can contain up to 15 characters.

  • The CIFS server name does not support the following characters: @ # * ( ) = + [ ] \| ; : " , < > / ?

Required properties

  • svm.uuid or svm.name - Existing SVM in which to create the CIFS server.

  • name - Name of the CIFS server.

  • ad_domain.fqdn - Fully qualified domain name of the Windows Active Directory to which this CIFS server belongs.

  • ad_domain.user - User account with the access to add the CIFS server to the Active Directory.

  • ad_domain.password - Account password used to add this CIFS server to the Active Directory.

  • comment - Add a text comment of up to 48 characters about the CIFS server.

  • netbios.aliases - Add a comma-delimited list of one or more NetBIOS aliases for the CIFS server.

  • netbios.wins_servers - Add a list of Windows Internet Name Server (WINS) addresses that manage and map the NetBIOS name of the CIFS server to their network IP addresses. The IP addresses must be IPv4 addresses.

Default property values

If not specified in POST, the following default property values are assigned:

  • ad_domain.organizational_unit - CN=Computers

  • enabled - true

  • restrict_anonymous - no_enumeration

  • smb_signing - false

  • smb_encryption - false

  • kdc_encryption - false

  • default_unix_user - pcuser

  • netbios_enabled - false However, if either "netbios.wins-server" or "netbios.aliases" is set during POST and if netbios_enabled is not specified then netbios_enabled is set to true.

  • vserver cifs server create

  • vserver cifs server options modify

  • vserver cifs security modify

  • vserver cifs server add-netbios-aliases

Learn more

Request Body

Name Type Description

_links

_links

ad_domain

ad_domain

comment

string

A descriptive text comment for the CIFS server. SMB clients can see the CIFS server comment when browsing servers on the network. If there is a space in the comment, you must enclose the entire string in quotation marks.

default_unix_user

string

Specifies the UNIX user to which any authenticated CIFS user is mapped to, if the normal user mapping rules fails.

enabled

boolean

Specifies if the CIFS service is administratively enabled.

name

string

The name of the CIFS server.

netbios

cifs_netbios

security

cifs_service_security

svm

svm

SVM, applies only to SVM-scoped objects.
Example request 
{
  "_links": {
    "self": {
      "href": "/api/resourcelink"
    }
  },
  "ad_domain": {
    "fqdn": "example.com"
  },
  "comment": "This CIFS Server Belongs to CS Department",
  "name": "CIFS1",
  "netbios": {
    "aliases": [
      "ALIAS_1",
      "ALIAS_2",
      "ALIAS_3"
    ],
    "wins_servers": [
      "10.224.65.20",
      "10.224.65.21"
    ]
  },
  "security": {
    "restrict_anonymous": "no_restriction"
  },
  "svm": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "name": "svm1",
    "uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
  }
}

Response

Status: 202, Accepted
Name Type Description

job

job_link
Example response 
{
  "job": {
    "_links": {
      "self": {
        "href": "/api/resourcelink"
      }
    },
    "uuid": "string"
  }
}

Error

Status: Default, Error
Name Type Description

error

error
Example error 
{
  "error": {
    "arguments": {
      "code": "string",
      "message": "string"
    },
    "code": "4",
    "message": "entry doesn't exist",
    "target": "uuid"
  }
}

Definitions

See Definitions

href

Name Type Description

href

string

_links

Name Type Description

self

href

ad_domain

Name Type Description

fqdn

string

The fully qualified domain name of the Windows Active Directory to which this CIFS server belongs. A CIFS server appears as a member of Windows server object in the Active Directory store. POST and PATCH only.

organizational_unit

string

Specifies the organizational unit within the Active Directory domain to associate with the CIFS server. POST and PATCH only.

password

string

The account password used to add this CIFS server to the Active Directory. This is not audited.

user

string

The user account used to add this CIFS server to the Active Directory. POST and DELETE only.

cifs_netbios

Name Type Description

aliases

array[string]

enabled

boolean

Specifies whether NetBios name service (NBNS) is enabled for the CIFS. If this service is enabled, the CIFS server will start sending the broadcast for name registration.

wins_servers

array[string]

cifs_service_security

Name Type Description

kdc_encryption

boolean

Specifies whether AES-128 and AES-256 encryption is enabled for all Kerberos-based communication with the Active Directory KDC. To take advantage of the strongest security with Kerberos-based communication, AES-256 and AES-128 encryption can be enabled on the CIFS server. Kerberos-related communication for CIFS is used during CIFS server creation on the SVM, as well as during the SMB session setup phase. The CIFS server supports the following encryption types for Kerberos communication:

  • RC4-HMAC

  • DES

  • AES When the CIFS server is created, the domain controller creates a computer machine account in Active Directory. After a newly created machine account authenticates, the KDC and the CIFS server negotiates encryption types. At this time, the KDC becomes aware of the encryption capabilities of the particular machine account and uses those capabilities in subsequent communication with the CIFS server. In addition to negotiating encryption types during CIFS server creation, the encryption types are renegotiated when a machine account password is reset.

restrict_anonymous

string

Specifies what level of access an anonymous user is granted. An anonymous user (also known as a "null user") can list or enumerate certain types of system information from Windows hosts on the network, including user names and details, account policies, and share names. Access for the anonymous user can be controlled by specifying one of three access restriction settings. The available values are:

  • no_restriction - No access restriction for an anonymous user.

  • no_enumeration - Enumeration is restricted for an anonymous user.

  • no_access - All access is restricted for an anonymous user.

smb_encryption

boolean

Specifies whether encryption is required for incoming CIFS traffic.

smb_signing

boolean

Specifies whether signing is required for incoming CIFS traffic. SMB signing helps to ensure that network traffic between the CIFS server and the client is not compromised.

svm

SVM, applies only to SVM-scoped objects.

Name Type Description

_links

_links

name

string

The name of the SVM.

uuid

string

The unique identifier of the SVM.

cifs_service

Name Type Description

_links

_links

ad_domain

ad_domain

comment

string

A descriptive text comment for the CIFS server. SMB clients can see the CIFS server comment when browsing servers on the network. If there is a space in the comment, you must enclose the entire string in quotation marks.

default_unix_user

string

Specifies the UNIX user to which any authenticated CIFS user is mapped to, if the normal user mapping rules fails.

enabled

boolean

Specifies if the CIFS service is administratively enabled.

name

string

The name of the CIFS server.

netbios

cifs_netbios

security

cifs_service_security

svm

svm

SVM, applies only to SVM-scoped objects.
Name Type Description

_links

_links

uuid

string

The UUID of the asynchronous job that is triggered by a POST, PATCH, or DELETE operation.

error_arguments

Name Type Description

code

string

Argument code

message

string

Message argument

error

Name Type Description

arguments

array[error_arguments]

Message arguments

code

string

Error code

message

string

Error message

target

string

The target parameter that caused the error.