Enable or disable local ONTAP SMB users and groups functionality
Suggest changes
PDFs
Before you can use local users and groups for access control of NTFS security-style data, local user and group functionality must be enabled. Additionally, if you want to use local users for SMB authentication, the local user authentication functionality must be enabled.
Local users and groups functionality and local user authentication are enabled by default. If they are not enabled, you must enable them before you can configure and use local users and groups. You can disable local users and groups functionality at any time.
In addition to explicitly disabling local user and group functionality, ONTAP disables local user and group functionality if any node in the cluster is reverted to an ONTAP release that does not support the functionality. Local user and group functionality is not enabled until all nodes in the cluster are running a version of ONTAP that supports it.
Enable or disable local users and groups on ONTAP SMB servers
You can enable or disable local users and groups for SMB access on storage virtual machines (SVMs). Local users and groups functionality is enabled by default.
You can use local users and groups when configuring SMB share and NTFS file permissions and can optionally use local users for authentication when creating an SMB connection. To use local users for authentication, you must also enable the local users and groups authentication option.
-
Set the privilege level to advanced:
set -privilege advanced -
Enable or disable local users and groups:
-
Enable local users and groups:
vserver cifs options modify -vserver <SVM_name> -is-local-users-and-groups-enabled true -
Disable local users and groups:
vserver cifs options modify -vserver <SVM_name> -is-local-users-and-groups-enabled false
-
-
Return to the admin privilege level:
set -privilege admin
The following example enables local users and groups functionality on SVM vs1:
cluster1::> set -privilege advanced Warning: These advanced commands are potentially dangerous; use them only when directed to do so by technical support personnel. Do you wish to continue? (y or n): y cluster1::*> vserver cifs options modify -vserver vs1 -is-local-users-and-groups-enabled true cluster1::*> set -privilege admin
-
Manage local user accounts == Enable or disable local user authentication on ONTAP SMB servers
You can enable or disable local user authentication for SMB access on storage virtual machines (SVMs). The default is to allow local user authentication, which is useful when the SVM cannot contact a domain controller or if you choose not to use domain-level access controls.
Local users and groups functionality must be enabled on the CIFS server.
You can enable or disable local user authentication at any time. If you want to use local users for authentication when creating an SMB connection, you must also enable the CIFS server's local users and groups option.
-
Set the privilege level to advanced:
set -privilege advanced -
Enable or disable local user authentication:
-
Enable local user authentication:
vserver cifs options modify -vserver <SVM_name> -is-local-auth-enabled true -
Disable local user authentication:
vserver cifs options modify -vserver <SVM_name> -is-local-auth-enabled false
-
-
Return to the admin privilege level:
set -privilege admin
The following example enables local user authentication on SVM vs1:
cluster1::>set -privilege advanced Warning: These advanced commands are potentially dangerous; use them only when directed to do so by technical support personnel. Do you wish to continue? (y or n): y cluster1::*> vserver cifs options modify -vserver vs1 -is-local-auth-enabled true cluster1::*> set -privilege admin