REST API reference
Create a CIFS server
Suggest changes
PDFs
POST /protocols/cifs/services
Introduced In: 9.6
Creates a CIFS server. Each SVM can have one CIFS server.
Important notes
-
The CIFS server name might or might not be the same as the SVM name.
-
The CIFS server name can contain up to 15 characters.
-
The CIFS server name does not support the following characters: @ # * ( ) = + [ ] \| ; : " , < > / ?
Required properties when creating CIFS server with Windows Active Directory domain
-
svm.uuidorsvm.name- Existing SVM in which to create the CIFS server. -
name- Name of the CIFS server. -
ad_domain.fqdn- Fully qualified domain name of the Windows Active Directory to which this CIFS server belongs. -
ad_domain.user- User account with the access to add the CIFS server to the Active Directory. -
ad_domain.password- Account password used to add this CIFS server to the Active Directory.
Required properties when creating CIFS server in Workgroup mode
-
svm.uuidorsvm.name- Existing SVM in which to create the CIFS server. -
name- Name of the CIFS server. -
workgroup- Name of the workgroup to which this CIFS server belongs.
Required properties when using AKV for authentication (ANF platform)
-
svm.uuidorsvm.name- Existing SVM in which to create the CIFS server. -
name- Name of the CIFS server. -
ad_domain.user- User account with the access to add the CIFS server to the Active Directory. -
ad_domain.fqdn- Fully qualified domain name of the Windows Active Directory to which this CIFS server belongs. -
client_id- Application client ID of the deployed Azure application with appropriate access to an AKV. -
tenant_id- Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV. -
key_vault_uri- URI of the deployed AKV that is used by ONTAP for storing keys. -
authentication_method- Authentication method used by the application to prove its identity to AKV. It can be either "client_secret" or "certificate". -
client_secret- Secret used by the application to prove its identity to AKV. -
client_certificate- Base64 encoded PKCS12 certificate used by the application to prove its identity to AKV.
Recommended optional properties
-
comment- Add a text comment of up to 256 characters about the CIFS server. -
netbios.aliases- Add a comma-delimited list of one or more NetBIOS aliases for the CIFS server. -
netbios.wins_servers- Add a list of Windows Internet Name Server (WINS) addresses that manage and map the NetBIOS name of the CIFS server to their network IP addresses. The IP addresses must be IPv4 addresses.
Default property values
If not specified in POST, the following default property values are assigned:
-
ad_domain.organizational_unit- CN=Computers -
enabled- true -
restrict_anonymous- no_enumeration -
smb_signing- false -
smb_encryption- false -
encrypt_dc_connection- false -
kdc_encryption- false -
default_unix_user- pcuser -
netbios_enabled- false However, if either "netbios.wins-server" or "netbios.aliases" is set during POST and ifnetbios_enabledis not specified thennetbios_enabledis set to true. -
aes_netlogon_enabled- false -
try_ldap_channel_binding- true -
ldap_referral_enabled- false
Related ONTAP commands
-
vserver cifs server create -
vserver cifs server options modify -
vserver cifs security modify -
vserver cifs server add-netbios-aliases
Learn more
Parameters
| Name | Type | In | Required | Description |
|---|---|---|---|---|
force |
boolean |
query |
False |
If this is set and a machine account with the same name as specified in 'cifs-server name' exists in the Active Directory, existing machine account will be overwritten and reused.
|
return_timeout |
integer |
query |
False |
The number of seconds to allow the call to execute before returning. When doing a POST, PATCH, or DELETE operation on a single record, the default is 0 seconds. This means that if an asynchronous operation is started, the server immediately returns HTTP code 202 (Accepted) along with a link to the job. If a non-zero value is specified for POST, PATCH, or DELETE operations, ONTAP waits that length of time to see if the job completes so it can return something other than 202.
|
return_records |
boolean |
query |
False |
The default is false. If set to true, the records are returned.
|
Request Body
| Name | Type | Description |
|---|---|---|
_links |
||
ad_domain |
||
auth-style |
string |
Authentication type. |
authentication_method |
string |
Specifies the authentication method. The available values are:
|
client_certificate |
string |
PKCS12 certificate used by the application to prove its identity to AKV. |
client_id |
string |
Application client ID of the deployed Azure application with appropriate access to an AKV. |
client_secret |
string |
Secret used by the application to prove its identity to AKV. |
comment |
string |
A descriptive text comment for the CIFS server. SMB clients can see the CIFS server comment when browsing servers on the network. If there is a space in the comment, you must enclose the entire string in quotation marks. |
default_unix_user |
string |
Specifies the UNIX user to which any authenticated CIFS user is mapped to, if the normal user mapping rules fails. |
enabled |
boolean |
Specifies if the CIFS service is administratively enabled. |
group_policy_object_enabled |
boolean |
If set to true, group policies will be applied to the SVM. |
key_vault_uri |
string |
URI of the deployed AKV that is used by ONTAP for storing keys.
|
metric |
Performance numbers, such as IOPS latency and throughput, for SVM protocols. |
|
name |
string |
The name of the CIFS server. |
netbios |
||
oauth_host |
string |
Open authorization server host name. |
options |
||
proxy_host |
string |
Proxy host. |
proxy_password |
string |
Proxy password. Password is not audited. |
proxy_port |
integer |
Proxy port. |
proxy_type |
string |
Proxy type. |
proxy_username |
string |
Proxy username. |
security |
||
statistics |
These are raw performance numbers, such as IOPS latency and throughput for SVM protocols. These numbers are aggregated across all nodes in the cluster and increase with the uptime of the cluster. |
|
svm |
SVM, applies only to SVM-scoped objects. |
|
tenant_id |
string |
Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV. |
timeout |
integer |
AKV connection timeout, in seconds. The allowed range is between 0 to 30 seconds. |
verify_host |
boolean |
Verify the identity of the AKV host name. By default, verify_host is set to true. |
workgroup |
string |
The workgroup name. |
Example request
{
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"ad_domain": {
"default_site": "string",
"fqdn": "example.com",
"organizational_unit": "string",
"password": "string",
"user": "string"
},
"auth-style": "domain",
"authentication_method": "string",
"client_certificate": "PEM Cert",
"client_id": "e959d1b5-5a63-4284-9268-851e30e3eceb",
"client_secret": "<id_value>",
"comment": "This CIFS Server Belongs to CS Department",
"default_unix_user": "string",
"key_vault_uri": "https://kmip-akv-keyvault.vault.azure.net/",
"metric": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"duration": "PT15S",
"iops": {
"read": 200,
"total": 1000,
"write": 100
},
"latency": {
"read": 200,
"total": 1000,
"write": 100
},
"status": "ok",
"throughput": {
"read": 200,
"total": 1000,
"write": 100
},
"timestamp": "2017-01-25 06:20:13 -0500"
},
"name": "CIFS1",
"netbios": {
"aliases": [
"ALIAS_1",
"ALIAS_2",
"ALIAS_3"
],
"wins_servers": [
"10.224.65.20",
"10.224.65.21"
]
},
"oauth_host": "login.microsoftonline.com",
"options": {
"null_user_windows_name": "string",
"smb_credits": 128,
"widelink_reparse_versions": [
"smb1"
]
},
"proxy_host": "proxy.eng.com",
"proxy_password": "proxypassword",
"proxy_port": 1234,
"proxy_type": "string",
"proxy_username": "proxyuser",
"security": {
"advertised_kdc_encryptions": [
"string"
],
"lm_compatibility_level": "string",
"restrict_anonymous": "string",
"session_security": "string"
},
"statistics": {
"iops_raw": {
"read": 200,
"total": 1000,
"write": 100
},
"latency_raw": {
"read": 200,
"total": 1000,
"write": 100
},
"status": "ok",
"throughput_raw": {
"read": 200,
"total": 1000,
"write": 100
},
"timestamp": "2017-01-25 06:20:13 -0500"
},
"svm": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"name": "svm1",
"uuid": "02c9e252-41be-11e9-81d5-00a0986138f7"
},
"tenant_id": "c9f32fcb-4ab7-40fe-af1b-1850d46cfbbe",
"timeout": 25,
"workgroup": "workgrp1"
}Response
Status: 202, Accepted| Name | Type | Description |
|---|---|---|
job |
Example response
{
"job": {
"_links": {
"self": {
"href": "/api/resourcelink"
}
},
"uuid": "string"
}
}Headers
| Name | Description | Type |
|---|---|---|
Location |
Useful for tracking the resource location |
string |
Response
Status: 201, CreatedError
Status: DefaultONTAP Error Response Codes
| Error Code | Description |
|---|---|
3735751 |
Failed to authenticate and retrieve the access token from the Azure OAuth host. |
3735752 |
Failed to extract the private key from the Azure Key Vault certificate. |
3735753 |
Unsupported content_type in the Azure secrets response. |
3735754 |
Failed to parse the JSON response from Azure Key Vault. |
3735755 |
REST API call to Azure failed. |
3735756 |
Invalid client certificate. |
3735757 |
Failed to generate client assertion. |
3735762 |
The provided Azure Key Vault configuration is incorrect. |
3735763 |
The provided Azure Key Vault configuration is incomplete. |
3735764 |
Request to Azure failed. Reason - Azure error code and Azure error message. |
655388 |
STARTTLS and LDAPS cannot be used together. |
655524 |
CIFS server creation failed. |
655538 |
CIFS server creation failed because a server with the same name already exists. |
655562 |
NetBIOS name is longer than 15 characters. |
655563 |
NetBIOS name contains characters that are not allowed. |
655771 |
The number of NetBIOS aliases cannot exceed the maximum supported number of '200'. |
655914 |
Failed to create the Active Directory machine account. |
655923 |
Retrieving credentials from AKV is not supported because the effective cluster version is not ONTAP 9.15.0 or later. |
656464 |
Failed to create the Active Directory machine account. Reason: Invalid Credentials. |
656465 |
Failed to create the Active Directory machine account. Reason: Account with same name already exists. |
656466 |
Failed to create the Active Directory machine account. Reason: Domain Controller is not reachable or does not exist. |
656467 |
Failed to create the Active Directory machine account. Reason: Organizational-Unit not found. |
656473 |
Fields security.kdc_encryption and security.advertised_kdc_encryptions are mutually exclusive. Specify only one of the two. |
| Name | Type | Description |
|---|---|---|
error |
Example error
{
"error": {
"arguments": [
{
"code": "string",
"message": "string"
}
],
"code": "4",
"message": "entry doesn't exist",
"target": "uuid"
}
}Definitions
See Definitions
href
| Name | Type | Description |
|---|---|---|
href |
string |
_links
| Name | Type | Description |
|---|---|---|
self |
ad_domain
| Name | Type | Description |
|---|---|---|
default_site |
string |
The default site used by LIFs that do not have a site membership. |
fqdn |
string |
The fully qualified domain name of the Windows Active Directory to which this CIFS server belongs. A CIFS server appears as a member of Windows server object in the Active Directory store. POST and PATCH only. |
organizational_unit |
string |
Specifies the organizational unit within the Active Directory domain to associate with the CIFS server. POST and PATCH only. |
password |
string |
The account password used to add this CIFS server to the Active Directory. This is not audited. |
user |
string |
The user account used to add this CIFS server to the Active Directory. |
iops
The rate of I/O operations observed at the storage object.
| Name | Type | Description |
|---|---|---|
other |
integer |
Performance metric for other I/O operations. Other I/O operations can be metadata operations, such as directory lookups and so on. |
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
latency
The round trip latency in microseconds observed at the storage object.
| Name | Type | Description |
|---|---|---|
other |
integer |
Performance metric for other I/O operations. Other I/O operations can be metadata operations, such as directory lookups and so on. |
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
throughput
The rate of throughput bytes per second observed at the storage object.
| Name | Type | Description |
|---|---|---|
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
metric
Performance numbers, such as IOPS latency and throughput, for SVM protocols.
| Name | Type | Description |
|---|---|---|
_links |
||
duration |
string |
The duration over which this sample is calculated. The time durations are represented in the ISO-8601 standard format. Samples can be calculated over the following durations: |
iops |
The rate of I/O operations observed at the storage object. |
|
latency |
The round trip latency in microseconds observed at the storage object. |
|
status |
string |
Any errors associated with the sample. For example, if the aggregation of data over multiple nodes fails then any of the partial errors might be returned, "ok" on success, or "error" on any internal uncategorized failure. Whenever a sample collection is missed but done at a later time, it is back filled to the previous 15 second timestamp and tagged with "backfilled_data". "Inconsistent_ delta_time" is encountered when the time between two collections is not the same for all nodes. Therefore, the aggregated value might be over or under inflated. "Negative_delta" is returned when an expected monotonically increasing value has decreased in value. "Inconsistent_old_data" is returned when one or more nodes do not have the latest data. |
throughput |
The rate of throughput bytes per second observed at the storage object. |
|
timestamp |
string |
The timestamp of the performance data. |
cifs_netbios
| Name | Type | Description |
|---|---|---|
aliases |
array[string] |
|
enabled |
boolean |
Specifies whether NetBios name service (NBNS) is enabled for the CIFS. If this service is enabled, the CIFS server will start sending the broadcast for name registration. |
wins_servers |
array[string] |
cifs_service_options
| Name | Type | Description |
|---|---|---|
admin_to_root_mapping |
boolean |
Specifies whether or not Administrator can be mapped to the UNIX user "root". |
advanced_sparse_file |
boolean |
Specifies whether or not the CIFS server supports the advanced sparse file capabilities. This allows CIFS clients to query the allocated ranges of a file and to write zeroes or free data blocks for ranges of a file. |
backup_symlink_enabled |
boolean |
Specifies whether or not to preserve UNIX symlinks during backup through SMB. |
copy_offload |
boolean |
Specifies whether or not to enable the Copy Offload feature. This feature enables direct data transfers within or between compatible storage devices without transferring the data through the host computer. Note that this will also enable/disable the direct copy feature accordingly. |
export_policy_enabled |
boolean |
Specifies whether or not export policies are enabled for CIFS. |
fake_open |
boolean |
Specifies whether or not fake open support is enabled. This parameter allows you to optimize the open and close requests coming from SMB 2 clients. |
fsctl_trim |
boolean |
Specifies whether or not the trim requests (FSCTL_FILE_LEVEL_TRIM) are supported on the CIFS server. |
junction_reparse |
boolean |
Specifies whether or not the reparse point support is enabled. When enabled the CIFS server exposes junction points to Windows clients as reparse points. This parameter is only active if the client has negotiated use of the SMB 2 or SMB 3 protocol. This parameter is not supported for SVMs with Infinite Volume. |
large_mtu |
boolean |
Specifies whether or not SMB clients can send reads up to 1 MB in size. |
multichannel |
boolean |
Specifies whether or not the CIFS server supports Multichannel. |
null_user_windows_name |
string |
Specifies a Windows User or Group name that should be mapped in case of a NULL user value. |
path_component_cache |
boolean |
Specifies whether or not the path component cache is enabled on the CIFS server. |
referral |
boolean |
Specifies whether or not to refer clients to more optimal LIFs. When enabled, it automatically refers clients to a data LIF local to the node which hosts the root of the requested share. |
shadowcopy |
boolean |
Specifies whether or not to enable the Shadowcopy Feature. This feature enables to take share-based backup copies of data that is in a data-consistent state at a specific point in time where the data is accessed over SMB 3.0 shares. |
shadowcopy_dir_depth |
integer |
Specifies the maximum level of subdirectories on which ONTAP should create shadow copies.
|
smb_credits |
integer |
Specifies the maximum number of outstanding requests on a CIFS connection. |
widelink_reparse_versions |
array[string] |
Specifies the CIFS protocol versions for which the widelink is reported as reparse point. |
cifs_service_security
| Name | Type | Description | ||
|---|---|---|---|---|
advertised_kdc_encryptions |
array[string] |
|||
aes_netlogon_enabled |
boolean |
Specifies whether or not an AES session key is enabled for the Netlogon channel. |
||
encrypt_dc_connection |
boolean |
Specifies whether encryption is required for domain controller connections. |
||
kdc_encryption |
boolean |
|
||
ldap_referral_enabled |
boolean |
Specifies whether or not LDAP referral chasing is enabled for AD LDAP connections. |
||
lm_compatibility_level |
string |
It is CIFS server minimum security level, also known as the LMCompatibilityLevel. The minimum security level is the minimum level of the security tokens that the CIFS server accepts from SMB clients. The available values are:
|
||
restrict_anonymous |
string |
Specifies what level of access an anonymous user is granted. An anonymous user (also known as a "null user") can list or enumerate certain types of system information from Windows hosts on the network, including user names and details, account policies, and share names. Access for the anonymous user can be controlled by specifying one of three access restriction settings. The available values are:
|
||
session_security |
string |
Specifies client session security for AD LDAP connections. The available values are:
|
||
smb_encryption |
boolean |
Specifies whether encryption is required for incoming CIFS traffic. |
||
smb_signing |
boolean |
Specifies whether signing is required for incoming CIFS traffic. SMB signing helps to ensure that network traffic between the CIFS server and the client is not compromised. |
||
try_ldap_channel_binding |
boolean |
Specifies whether or not channel binding is attempted in the case of TLS/LDAPS. |
||
use_ldaps |
boolean |
Specifies whether or not to use use LDAPS for secure Active Directory LDAP connections by using the TLS/SSL protocols. |
||
use_start_tls |
boolean |
Specifies whether or not to use SSL/TLS for allowing secure LDAP communication with Active Directory LDAP servers. |
iops_raw
The number of I/O operations observed at the storage object. This should be used along with delta time to calculate the rate of I/O operations per unit of time.
| Name | Type | Description |
|---|---|---|
other |
integer |
Performance metric for other I/O operations. Other I/O operations can be metadata operations, such as directory lookups and so on. |
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
latency_raw
The raw latency in microseconds observed at the storage object. This should be divided by the raw IOPS value to calculate the average latency per I/O operation.
| Name | Type | Description |
|---|---|---|
other |
integer |
Performance metric for other I/O operations. Other I/O operations can be metadata operations, such as directory lookups and so on. |
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
throughput_raw
Throughput bytes observed at the storage object. This should be used along with delta time to calculate the rate of throughput bytes per unit of time.
| Name | Type | Description |
|---|---|---|
read |
integer |
Performance metric for read I/O operations. |
total |
integer |
Performance metric aggregated over all types of I/O operations. |
write |
integer |
Peformance metric for write I/O operations. |
statistics
These are raw performance numbers, such as IOPS latency and throughput for SVM protocols. These numbers are aggregated across all nodes in the cluster and increase with the uptime of the cluster.
| Name | Type | Description |
|---|---|---|
iops_raw |
The number of I/O operations observed at the storage object. This should be used along with delta time to calculate the rate of I/O operations per unit of time. |
|
latency_raw |
The raw latency in microseconds observed at the storage object. This should be divided by the raw IOPS value to calculate the average latency per I/O operation. |
|
status |
string |
Any errors associated with the sample. For example, if the aggregation of data over multiple nodes fails then any of the partial errors might be returned, "ok" on success, or "error" on any internal uncategorized failure. Whenever a sample collection is missed but done at a later time, it is back filled to the previous 15 second timestamp and tagged with "backfilled_data". "Inconsistent_delta_time" is encountered when the time between two collections is not the same for all nodes. Therefore, the aggregated value might be over or under inflated. "Negative_delta" is returned when an expected monotonically increasing value has decreased in value. "Inconsistent_old_data" is returned when one or more nodes do not have the latest data. |
throughput_raw |
Throughput bytes observed at the storage object. This should be used along with delta time to calculate the rate of throughput bytes per unit of time. |
|
timestamp |
string |
The timestamp of the performance data. |
svm
SVM, applies only to SVM-scoped objects.
| Name | Type | Description |
|---|---|---|
_links |
||
name |
string |
The name of the SVM. This field cannot be specified in a PATCH method. |
uuid |
string |
The unique identifier of the SVM. This field cannot be specified in a PATCH method. |
cifs_service
| Name | Type | Description |
|---|---|---|
_links |
||
ad_domain |
||
auth-style |
string |
Authentication type. |
authentication_method |
string |
Specifies the authentication method. The available values are:
|
client_certificate |
string |
PKCS12 certificate used by the application to prove its identity to AKV. |
client_id |
string |
Application client ID of the deployed Azure application with appropriate access to an AKV. |
client_secret |
string |
Secret used by the application to prove its identity to AKV. |
comment |
string |
A descriptive text comment for the CIFS server. SMB clients can see the CIFS server comment when browsing servers on the network. If there is a space in the comment, you must enclose the entire string in quotation marks. |
default_unix_user |
string |
Specifies the UNIX user to which any authenticated CIFS user is mapped to, if the normal user mapping rules fails. |
enabled |
boolean |
Specifies if the CIFS service is administratively enabled. |
group_policy_object_enabled |
boolean |
If set to true, group policies will be applied to the SVM. |
key_vault_uri |
string |
URI of the deployed AKV that is used by ONTAP for storing keys.
|
metric |
Performance numbers, such as IOPS latency and throughput, for SVM protocols. |
|
name |
string |
The name of the CIFS server. |
netbios |
||
oauth_host |
string |
Open authorization server host name. |
options |
||
proxy_host |
string |
Proxy host. |
proxy_password |
string |
Proxy password. Password is not audited. |
proxy_port |
integer |
Proxy port. |
proxy_type |
string |
Proxy type. |
proxy_username |
string |
Proxy username. |
security |
||
statistics |
These are raw performance numbers, such as IOPS latency and throughput for SVM protocols. These numbers are aggregated across all nodes in the cluster and increase with the uptime of the cluster. |
|
svm |
SVM, applies only to SVM-scoped objects. |
|
tenant_id |
string |
Directory (tenant) ID of the deployed Azure application with appropriate access to an AKV. |
timeout |
integer |
AKV connection timeout, in seconds. The allowed range is between 0 to 30 seconds. |
verify_host |
boolean |
Verify the identity of the AKV host name. By default, verify_host is set to true. |
workgroup |
string |
The workgroup name. |
job_link
| Name | Type | Description |
|---|---|---|
_links |
||
uuid |
string |
The UUID of the asynchronous job that is triggered by a POST, PATCH, or DELETE operation. |
error_arguments
| Name | Type | Description |
|---|---|---|
code |
string |
Argument code |
message |
string |
Message argument |
returned_error
| Name | Type | Description |
|---|---|---|
arguments |
array[error_arguments] |
Message arguments |
code |
string |
Error code |
message |
string |
Error message |
target |
string |
The target parameter that caused the error. |