Skip to main content

Managing SMB servers

After you set up an SMB/CIFS server, you can perform management tasks. For example, you can configure SMB server options, manage SMB server security settings, configure SMB and SMB signing, configure LDAP session security, manage oplocks, configure IPv6 SMB access, apply GPOs to SMB servers, manage domain controller connections, and manage the SMB server service.

  • Modifying SMB servers
    You can move a SMB server from a workgroup to an Active Directory domain, from a workgroup to another workgroup, or from an Active Directory domain to a workgroup by using the vserver cifs modify command.
  • Using options to customize CIFS servers
    You can use options to customize CIFS servers, for example, to configure the default Linux user. At the advanced privilege level, you can also enable or disable local Windows users and groups and local Windows user authentication, automatic node referrals and remote copy offload, export policies for SMB access, and other options.
  • Managing CIFS server security settings
    You can customize CIFS server security settings to meet your business requirements. You can modify Kerberos security settings, determine whether to require SMB signing for incoming SMB traffic, whether to use LDAP session security, whether to enable AES encryption types for Kerberos communication, whether to require SMB encryption when accessing shares, and whether to require password complexity for local users. You can also set the minimum authentication security level.
  • Configuring SMB Multichannel for performance and redundancy
    Beginning in ONTAP 9.4, you can configure SMB Multichannel to provide multiple connections between ONTAP and clients in a single SMB session. Doing so improves throughput and fault tolerance.
  • Configuring default Windows user to Linux user mappings on the CIFS server
    For Windows (SMB) users that do not map to a specific user in the configured Linux user directory stores (either by using implicit name mapping or by explicitly configuring a Windows to Linux user name mapping), you can configure default Windows user to Linux user mappings on the CIFS server.
  • Displaying information about what types of users are connected over SMB sessions
    You can display information about what type of users are connected over SMB sessions. This can help you ensure that only the appropriate type of user is connecting over SMB sessions on the storage virtual machine (SVM).
  • Command options to limit excessive Windows client resource consumption
    Options to the vserver cifs options modify command enable you to control resource consumption for Windows clients. This can be helpful if any clients are outside normal bounds of resource consumption, for example, if there are unusually high numbers of files open, sessions open, or change notify requests.
  • Improving client performance with traditional and lease oplocks
    Traditional oplocks (opportunistic locks) and lease oplocks enable an SMB client in certain file-sharing scenarios to perform client-side caching of read-ahead, write-behind, and lock information. A client can then read from or write to a file without regularly reminding the server that it needs access to the file in question. This improves performance by reducing network traffic.
  • Applying Group Policy Objects to CIFS servers
    Your CIFS server supports Group Policy Objects (GPOs), a set of rules known as group policy attributes that apply to computers in an Active Directory environment. You can use GPOs to centrally manage settings for all storage virtual machines (SVMs) on the cluster belonging to the same Active Directory domain.
  • Commands for managing CIFS servers computer account passwords
    You need to know the commands for changing, resetting, and disabling passwords, and for configuring automatic update schedules. You can also configure a schedule on the CIFS server to update it automatically.
  • Managing domain controller connections
    You can manage domain controller connections by displaying information about currently discovered LDAP and domain controller servers, resetting and rediscovering LDAP and domain controller servers, managing the preferred domain controller list, enabling encrypted communications with the domain controller, and displaying information about currently configured preferred domain controllers.
  • Using null sessions to access storage in non-Kerberos environments
    Null session access provides permissions for network resources, such as storage system data, and to client-based services running under the local system. A null session occurs when a client process uses the system account to access a network resource. Null session configuration is specific to non-Kerberos authentication.
  • Managing NetBIOS aliases for CIFS servers
    NetBIOS aliases are alternative names for your CIFS server that SMB clients can use when connecting to the CIFS server. Configuring NetBIOS aliases for a CIFS server can be useful when you are consolidating data from other file servers to the CIFS server and want the CIFS server to respond to the original file servers' names.
  • Managing miscellaneous CIFS server tasks
  • Using IPv6 for SMB access and CIFS services
    SMB clients can access files on your storage virtual machine (SVM) over an IPv6 network and can use IPv6 for CIFS service communications.