Skip to main content

Enable NAS storage for both Windows and Linux using both NFS and SMB

Contributors netapp-mwallis netapp-forry netapp-thomi netapp-dbagwell netapp-ahibbard netapp-aherbin netapp-barbe

Create or modify storage VMs to enable NFS and SMB servers to serve data to Linux and Windows clients.

Enable a new or existing storage VM to serve both NFS and SMB protocols using this procedure.

Workflow summary: 1 Enable NFS 2 Enable SMB  3 Open root vol export policy 4 Configure DNS 5 Configure name services 6 Configure encryption if required 7 Map UNIX and Windows user names if required

Before you begin

Ensure that you have noted the configuration details for any networking, authentication, or security services required in your environment.

Steps
  1. Enable NFS and SMB on a storage VM.

    1. For new storage VMs: click Storage > Storage VMs, click Add, enter a storage VM name, and in the SMB/CIFS, NFS, S3 tab, select Enable SMB/CIFS and Enable NFS.

    2. Enter the following information:

      • Administrator name and password

      • Server name

      • Active directory domain

    3. Confirm the Organizational Unit.

    4. Confirm the DNS values.

    5. Confirm the default language.

    6. Add network interfaces.

    7. Update storage VM administrator account information (optional).

    8. For existing storage VMs: click Storage > Storage VMs, select a storage VM, and then click Settings. Complete the following sub-steps if NFS or SMB is not already enabled.

      • Click Actions icon under NFS.

      • Click Actions icon under SMB.

  2. Open the export policy of the storage VM root volume:

    1. Click Storage > Volumes, select the root volume of the storage VM (which by default is volume-name_root), and then click on the policy that is displayed under Export Policy.

    2. Click Add to add a rule.

      • Client specification = 0.0.0.0/0

      • Access protocols = NFS

      • Access details = NFS Read-Only

  3. Configure DNS for host-name resolution:

    1. Click Storage > Storage VMs, select the storage VM, click Settings, and then click Actions icon under DNS.

    2. When DNS configuration is complete, switch to the DNS server and map the SMB server.

      • Create forward (A - Address record) and reverse (PTR - Pointer record) lookup entries to map the SMB server name to the IP address of the data network interface.

      • If you use NetBIOS aliases, create an alias canonical name (CNAME resource record) lookup entry to map each alias to the IP address of the SMB server's data network interface.

  4. Configure name services as required:

    1. Click Storage > Storage VMs, select the storage VM, click Settings, and then click Actions icon for LDAP or NIS.

    2. Include any changes in the name services switch file: click Edit icon under Name Services Switch.

  5. Configure authentication and encryption if required:

    Configure TLS for NFS clients
    Note NFS over TLS is available in ONTAP 9.15.1 as a public preview. As a preview offering, NFS over TLS is not supported for production workloads in ONTAP 9.15.1.
    Steps
    1. Refer to the requirements for NFS over TLS before you begin.

    2. Click Storage > Storage VMs, select the storage VM, and then click Settings.

    3. In the NFS tile, click NFS over TLS settings.

    4. In the NFS over TLS settings area, select an NFS network interface for which you want to enable TLS.

    5. Click the Menu options icon for that interface.

    6. Click Enable.

    7. In the Network interface TLS configuration dialog, include a certificate for use with TLS by selecting one of the following options:

      • Installed certificate: Choose a previously installed certificate from the drop-down list.

      • New certificate: Choose a common name for the certificate.

      • External CA-signed certificate: Follow the instructions to paste the contents of your certificate and private key into the boxes.

    8. Click Save.

    Configure Kerberos
    Steps
    1. Click Storage > Storage VMs, select the storage VM, and then click Settings.

    2. Click Arrow icon in the Kerberos tile and then click Add.

  6. Map UNIX and Windows user names if required: click Arrow icon under Name Mapping and then click Add.

    You should do this only if your site has Windows and UNIX user accounts that do not map implicitly, which is when the lowercase version of each Windows user name matches the UNIX user name. You can map user names using LDAP, NIS, or local users. If you have two sets of users that do not match, you should configure name mapping.