Skip to main content

Add a user or group to a CIFS audit share

Contributors netapp-madkat

You can add a user or group to a CIFS audit share that is integrated with AD authentication.

What you'll need
  • You have the Passwords.txt file with the root/admin account password (available in the SAID package).

  • You have the Configuration.txt file (available in the SAID package).

About this task

The following procedure is for an audit share integrated with AD authentication.

Note Audit export through CIFS/Samba has been deprecated and will be removed in a future StorageGRID release.
Steps
  1. Log in to the primary Admin Node:

    1. Enter the following command: ssh admin@primary_Admin_Node_IP

    2. Enter the password listed in the Passwords.txt file.

    3. Enter the following command to switch to root: su -

    4. Enter the password listed in the Passwords.txt file.

      When you are logged in as root, the prompt changes from $ to #.

  2. Confirm that all services have a state of Running or Verified. Enter: storagegrid-status

    If all services are not Running or Verified, resolve issues before continuing.

  3. Return to the command line, press Ctrl+C.

  4. Start the CIFS configuration utility: config_cifs.rb

    ---------------------------------------------------------------------
    | Shares                 | Authentication         | Config          |
    ---------------------------------------------------------------------
    | add-audit-share        | set-authentication     | validate-config |
    | enable-disable-share   | set-netbios-name       | help            |
    | add-user-to-share      | join-domain            | exit            |
    | remove-user-from-share | add-password-server    |                 |
    | modify-group           | remove-password-server |                 |
    |                        | add-wins-server        |                 |
    |                        | remove-wins-server     |                 |
    ---------------------------------------------------------------------
  5. Start adding a user or group: add-user-to-share

    A numbered list of audit shares that have been configured is displayed.

  6. When prompted, enter the number for the audit share (audit-export): audit_share_number

    You are asked if you would like to give a user or a group access to this audit share.

  7. When prompted, add a user or group: user or group

  8. When prompted for the user or group name for this AD audit share, enter the name.

    The user or group is added as read-only for the audit share both in the server's operating system and in the CIFS service. The Samba configuration is reloaded to enable the user or group to access the audit client share.

  9. When prompted, press Enter.

    The CIFS configuration utility is displayed.

  10. Repeat these steps for each user or group that has access to the audit share.

  11. Optionally, verify your configuration: validate-config

    The services are checked and displayed. You can safely ignore the following messages:

    • Can't find include file /etc/samba/includes/cifs-interfaces.inc

    • Can't find include file /etc/samba/includes/cifs-filesystem.inc

    • Can't find include file /etc/samba/includes/cifs-custom-config.inc

    • Can't find include file /etc/samba/includes/cifs-shares.inc

      1. When prompted, press Enter to display the audit client configuration.

      2. When prompted, press Enter.

  12. Close the CIFS configuration utility: exit

  13. Determine if you need to enable additional audit shares, as follows:

    • If the StorageGRID deployment is a single site, go to the next step.

    • If the StorageGRID deployment includes Admin Nodes at other sites, enable these audit shares as required:

      1. Remotely log in to a site's Admin Node:

        1. Enter the following command: ssh admin@grid_node_IP

        2. Enter the password listed in the Passwords.txt file.

        3. Enter the following command to switch to root: su -

        4. Enter the password listed in the Passwords.txt file.

      2. Repeat these steps to configure the audit shares for each Admin Node.

      3. Close the remote secure shell login to the remote Admin Node: exit

  14. Log out of the command shell: exit