Skip to main content

Manage local ONTAP SMB user accounts

Contributors netapp-aherbin
PDFs

You can enable a local user account to allow access to SVM data over SMB, or disable the account to prevent access. You can also modify the account to update the user’s full name, description, or enabled status. If needed, you can rename the account for administrative reasons, such as a compromised username. You can also view the local groups a user belongs to, which helps determine file and folder access and troubleshoot access issues.

If you want to…​ Enter the command…​

Change the local user's password

vserver cifs users-and-groups local-user set-password -vserver <SVM_name> -user-name <user_name>

Enable or disable the local user account

vserver cifs users-and-groups local-user modify -vserver <SVM_name> -user-name <user_name> -is-account-disabled {true|false}

Display detailed account information for a user

vserver cifs users-and-groups local-user show -instance -vserver <SVM_name> -user-name <user_name>

Display local user membership information for a specified local user

vserver cifs users-and-groups local-user show-membership -user-name <user_name>

Display local user membership information for the local group of which this local user is a member

vserver cifs users-and-groups local-user show-membership -membership group_name

Display user membership information for local users that are associated with a specified storage virtual machine (SVM)

vserver cifs users-and-groups local-user show-membership -vserver <SVM_name>

Display detailed information for all local users on a specified SVM

vserver cifs users-and-groups local-user show-membership -instance -vserver <SVM_name>

Display information about all users on the storage virtual machine (SVM)

vserver cifs users-and-groups local-user show -vserver <SVM_name>

Modify the local user's description

vserver cifs users-and-groups local-user modify -vserver <SVM_name> -user-name <user_name> -description text

If the description contains a space, then it must be enclosed within double quotation marks.

Modify the local user's full name

vserver cifs users-and-groups local-user modify -vserver <SVM_name> -user-name <user_name> -full-name text

If the full name contains a space, then it must be enclosed within double quotation marks.

Rename the local user account

vserver cifs users-and-groups local-user rename -vserver <SVM_name> -user-name <user_name> -new-user-name <new_user_name>

When renaming a local user, the new user name must remain associated with the same CIFS server as the old user name.
Example

The following example renames the local user “CIFS_SERVER\sue” to “CIFS_SERVER\sue_new” on storage virtual machine (SVM, formerly known as Vserver) vs1:

cluster1::> vserver cifs users-and-groups local-user rename -user-name CIFS_SERVER\sue -new-user-name CIFS_SERVER\sue_new -vserver vs1
Example

The following example displays information about all local users on SVM vs1:

cluster1::> vserver cifs users-and-groups local-user show -vserver vs1
Vserver  User Name                   Full Name     Description
-------- --------------------------- ------------- -------------
vs1      CIFS_SERVER\Administrator   James Smith   Built-in administrator account
vs1      CIFS_SERVER\sue             Sue   Jones
Example

The following example sets the password for the local user “CIFS_SERVER\sue” associated with storage virtual machine (SVM, formerly known as Vserver) vs1:

cluster1::> vserver cifs users-and-groups local-user set-password -user-name CIFS_SERVER\sue -vserver vs1

Enter the new password:
Confirm the new password:
Example

The following example displays the membership information for all local users on SVM vs1; user “CIFS_SERVER\Administrator” is a member of the “BUILTIN\Administrators” group, and “CIFS_SERVER\sue” is a member of “CIFS_SERVER\g1” group:

cluster1::> vserver cifs users-and-groups local-user show-membership -vserver vs1
Vserver    User Name                    Membership
---------- ---------------------------- ------------------------
vs1        CIFS_SERVER\Administrator    BUILTIN\Administrators
           CIFS_SERVER\sue              CIFS_SERVER\g1
Related information

Delete local ONTAP SMB user accounts

You can delete local user accounts from your storage virtual machine (SVM) if they are no longer needed for local SMB authentication to the CIFS server or for determining access rights to data contained on your SVM.

About this task

Keep the following in mind when deleting local users:

  • The file system is not altered.

    Windows Security Descriptors on files and directories that refer to this user are not adjusted.

  • All references to local users are removed from the membership and privileges databases.

  • Standard, well-known users such as Administrator cannot be deleted.

Steps

  1. Determine the name of the local user account that you want to delete:

    vserver cifs users-and-groups local-user show -vserver <SVM_name>

  2. Delete the local user:

    vserver cifs users-and-groups local-user delete -vserver <SVM_name> -user-name <user_name>

  3. Verify that the user account is deleted:

    vserver cifs users-and-groups local-user show -vserver <SVM_name>

The following example deletes the local user “CIFS_SERVER\sue” associated with SVM vs1:

cluster1::> vserver cifs users-and-groups local-user show -vserver vs1
Vserver  User Name                   Full Name      Description
-------- --------------------------- -------------- -------------
vs1      CIFS_SERVER\Administrator   James Smith    Built-in administrator account
vs1      CIFS_SERVER\sue             Sue   Jones


cluster1::> vserver cifs users-and-groups local-user delete -vserver vs1 -user-name CIFS_SERVER\sue

cluster1::> vserver cifs users-and-groups local-user show -vserver vs1
Vserver      User Name                   Full Name      Description
-------- --------------------------- -------------- -------------
vs1      CIFS_SERVER\Administrator   James Smith    Built-in administrator account