Access control for CIFS shares

Question

I have problem with DD620 running 5.4.2.1 OS with CIFS shares. I created CIFS share through DD GUI, I defined Active Directory authentication with domain admin user, but i cannot allow domain user to connect to that CIFS share. What I have to put i User filed? What is syntax? I put myaccount@mydomain, mydoman\myaccount, myaccount but it didn not worked. When I put * in client field, then everyone can connect to share. I want do define only one domain user that can connect to that CIFS share.

Anonymous User · Accepted Answer

Now you have to modify them from Windows host. Make sure that read/write permission to those users are granted, add them to Admin Group on the machine and check the result, (they should win in most-restrictive policy method to gain access to share). Just check from DD again in case of any issue you can modify it from there.

Else just create a group on Windows machine and add users to that group & grant them access on DD (as a group).

Thanks

Rakesh

Fenglin1 · Answer

Hi Milorad,

Please consider moving this question as-is (no need to recreate) to the proper forum for maximum visibility. Questions written to the users' own "Discussions" space don't get the same amount of attention and questions can go unanswered for a long time.

You can do so by selecting "Move" under ACTIONS along the upper-right. Then search for and select: "DataDomain Support Forum" which would be the most relevant for this question.

milorad.zivanovic · Answer

I had allready did it and everything is OK. But I still cannot define CIFS share access to domain user. What I havet to put in User/Group field? What is the syntax? I put domain\myaccount, myaccount@domain, domain\myaccount but I still cannot access the share. When I put * in Client filed or client name or address, it is OK. Problem is only domain user.

mrakM · Answer

Hi Milorad, It is a little bit tricky with CIFS access. in User/Group field you need to put 'domin\accountname' Additionally you must add access permission on CIFS folder for the same user\group

milorad.zivanovic · Answer

How can I add such permission through GUI or CLI? I have allready put domain\accountname in User\Group field.

milorad.zivanovic · Answer

When I try to do it, there is a message that access is denied.

mrakM · Answer

GUI Type in windows explorer \datadomainip and then select related CIFS share folder righ click---security tab...

mrakM · Answer

1. Add * to the user\groups and remove all other entries, do the same for clients
2. Windows explorer \\datadomainIP\cifsshare_folder\

3. Create new folder "test"
4. Set access permissions on test folder
5. Create new share on datadomain wiht path Data\col1\cifsshare_folder\test

6. Add related users and\or groups to User\Groups field (same that you've used in step 4)

milorad.zivanovic · Answer

I cannot access to share when is * in user\group field. It looks like thet User\group field does not work at all.

Anonymous User · Answer

You have to modify it from Data Domain GUI. I worked a little bit long back (before 6 months). Select the share and search for the option (Look if it's possible from properties) to modify access. There's an option where you can add a group or a single user (You get this at the time of creation of a share, so hope you will find it to modify too). It has to be username@domainname (abc@xyz.com).

Thanks

Rakesh

dynamox · Answer

i use * for both clients and users/groups field ..and control access at the folder level. Works just fine.

Anonymous User · Answer

Yes, you are right. This is just what I was referring too. As of now I don't have access to that system, so can't visualize. Thanks Rakesh

milorad.zivanovic · Answer

I did it and I can connect to share. to share. But I cannot change user permission on share. I get message Access denied. What i need to put in Organizatio unit field inAuthentication configuration?

dynamox · Answer

ssh into your data domain, run this command and post output cifs show config

Data Domain

Access control for CIFS shares

Was this post helpful?