MODULE 8: CIFS ACCESS CONTROL

EXERCISE

In this exercise, you perform routine CIFS administration procedures on your storage system in a Microsoft
Windows workgroup environment. You create a local user account and manage user access, add a new
share, map a network drive to the new share, verify access to the share, and create a local group.
OBJECTIVES

By the end of this exercise, you should be able to:

Add a new local user account and configure user access
Access a network drive and work with access control
Create a local group

TASK 1: ADD A NEW LOCAL USER ACCOUNT AND CONFIGURE USER ACCESS

In this task, you create a local user account on your storage system. You enter all commands at the storage
system prompt.
STEP ACTION

1.

Verify that you have a PuTTY session with your assigned storage system.

2.

Recall that the storage system is currently in a Windows workgroup. To verify that the storage
system is a server in a Windows workgroup, enter the following command:
system> cifs sessions

Is the storage system in a Windows workgroup? __________________

What is the name of the Windows workgroup? _________________________
3.

Before adding a local user to the storage system, check the current security options to determine
password rules by entering the following command:
system> options security

What is the value for security.passwd.rules.enable? _________

If the security.passwd.rules.enable option is on, then in order to create a local user, you
must create a password using these rules:

It must be at least eight characters long.

It must contain at least two alphabetic characters.
It must contain at least one digit.

If security.passwd.rules.enable.option is off, then the restrictions will not be

enforced when you create a password.
4.

Add a local user (your name) to the storage system in the predefined Guests group by entering
the following command:
system> useradmin user add your_name g Guests

NOTE: User names are-case insensitive.

Write your password here: __________________________________________

E8-1

Accelerated NCDA Boot Camp Data ONTAP 7-Mode: CIFS Access Control

2011 NetApp, Inc. This material is intended only for training. Reproduction is not authorized.

STEP ACTION

5.

Verify that the local user (you) was added to the storage system by entering the following
command:
system> useradmin user list your_name

What are the capabilities of the new local user?

___________________________________________________________________________

6.

Check the allowed capabilities for the local administrator account by entering the following
command:
system> useradmin user list administrator

What are the capabilities of the local administrator?

_____________________________________________________________________________

7.

View the list of all local storage system users by entering the following command:
system> useradmin user list

Which local users are listed? ____________________________________________________

TASK 2: ACCESS A NETWORK DRIVE AND WORK WITH ACCESS CONTROL

In this task, you map a network drive to a share. Recall that in a Windows workgroup, user authentication is
performed locally on the storage system.
STEP ACTION

1.

On your assigned Windows server, map a drive to this storage system share:
\\IP_Address_of_Your_Storage_System\C$.

2.

At the storage system prompt in your PuTTY session, view the CIFS sessions by entering the
following command:
system> cifs sessions

Who has a session with the storage system?_________________________________

You logged in to Windows as Administrator with a password. The Administrator account was
authenticated locally on the storage system with the local Administrator account (note that the
user names match). The local Administrator account has the same password as the Windows
Administrator account.
This is called pass-through user authentication, and it works only if the names and passwords
match on both the storage system and Windows workstation.
The Administrator account has permission to view the hidden C$ share.
3.

E8-2

On the Windows workstation, open Windows Explorer and disconnect all network drives
attached to your storage system.

Accelerated NCDA Boot Camp Data ONTAP 7-Mode: CIFS Access Control

2011 NetApp, Inc. This material is intended only for training. Reproduction is not authorized.

STEP ACTION

4.

On the Windows workstation, go to Start > Log Off administrator.

5.

When asked if you are sure that you want to log off, click Log off.

6.

Use the Remote Desktop connection to log back in to your Windows workstation as
Administrator with the Administrator password.
By logging out and logging in again, you clear the share cache.

7.

Open Windows Explorer, click Tools and select Map network drive.
The Map Network Drive dialog box appears.

8.

In the Drive box, select an unused letter.

9.

In the Folder box, enter the following:

\\IP_Address_of _Your_Storage_System\C$

If you are using different credentials, click Connect.

10.

Click Finish.
The Windows Security dialog box appears.

11.

Enter these values:

User name: Name_of_Your_Storage_System\your_name
Password: password for your_name
Click OK.

12.

Click Finish.
The Connect to dialog box appears.
The user name is Name_of_Your_Storage_System\your_name.

13.

In the Password text box, enter your password.

Click OK.
Are you able to connect to C$ share? _____________________

14.

If you cannot connect to C$, return to step 16 and in the Folder list box, enter the following:
\\IP_Address_of_Your_Storage_System\Home

Then map the network drive to the share again.

Are you able to connect to Home share? ________________
The Guests group has no capabilities. Therefore, you cannot access the C$ share, but you can
access the Home share, because it is available to the Everyone group.

E8-3

Accelerated NCDA Boot Camp Data ONTAP 7-Mode: CIFS Access Control

2011 NetApp, Inc. This material is intended only for training. Reproduction is not authorized.

STEP ACTION

15.

At the storage system prompt, view the CIFS sessions by entering the following command:
system> cifs sessions

From your windows workstation, determine who has a session with the storage system.
____________________________________________________________________________
You now have successfully mapped a network drive to the Home share on the storage system as
a local user (your name) on the storage system that is a member of the Guests group.
You were authenticated locally on the storage system with your name and password.

TASK 3: CREATE A LOCAL GROUP

In this task, you will create a new local group on your storage system.
STEP ACTION

1.

Before creating a new local group on your storage system, view the current groups on the
storage system by entering the following command:
system> useradmin group list

2.

Create a local group on the storage system called friends with the power role (which is
predefined in the Data ONTAP operating system):
system> useradmin group add friends r power

3.

Verify the newly created group:

system> useradmin group list friends

Which capabilities are assigned to the power role for the friends group?
____________________________________________________________________________
___________________________________________________________________________

4.

Map a drive to the share named winshare.

5.

Open Windows Explorer and go to the mapped drive to view the text file that you created in the
previous module.

6.

Right-click the text file and select Properties.

7.

Select the Security tab and under Group or user names, click Edit.

8.

Click Add.

9.

In the Enter the object names to select text box, enter friends. Click OK.

E8-4

Accelerated NCDA Boot Camp Data ONTAP 7-Mode: CIFS Access Control

2011 NetApp, Inc. This material is intended only for training. Reproduction is not authorized.

STEP ACTION

10.

Click the friends group. What permissions are displayed for the group?
____________________________________________________________________________

11.

Click the Everyone group. How do the friends permissions differ from the permissions in the
Everyone group?
___________________________________________________________________________

12.

On the Security tab, click Apply. Then click OK.

13.

Click OK again.

14.

At the storage system prompt, modify the local user (your name) and add the friends group to
the user by entering the following command:
system> useradmin user modify your_name g Guests,friends

15.

At the storage system prompt, verify the groups and capabilities of the newly changed local user
(your name) by entering the following command:
system> useradmin user list your_name

To which groups does the local user (your name) now belong?
____________________________
Have the local user (your name) capabilities changed? If yes, how?
____________________________________________________________________________

END OF EXERCISE

E8-5

Accelerated NCDA Boot Camp Data ONTAP 7-Mode: CIFS Access Control

2011 NetApp, Inc. This material is intended only for training. Reproduction is not authorized.