Unsolved
This post is more than 5 years old
2 Posts
0
1949
Is there a way on the Isilon to limit connections to a particular share?
We have Isilon cluster with lot of shares on. We are on 6.5.5.10 code. We are looking at an option to limit client connections to a particular share. Any thoughts will be helpful.
Thanks in advance.
Peter_Sero
1.2K Posts
1
August 3rd, 2013 05:00
For Windows (SMB/CIFS) shares, the authentication is done per user.
If you don't want one client computer to access a certain share, you
would need to prevent all those users who are permitted to mount this share
from logging in to that client. Those users could still mount the share
from other client computers then.
Subnetting the clients according to different access permissions
wouldn't help here, unless you put some SMB-aware firewall in the middle.
The situation is different for NFS (2+3), where the server "trusts"
each client about its users, hence no per-user authentication is done.
Therefore an NFS export (share) is usually configured with
a restrictive set of allowed clients, or subnet(s) for clients.
-- Peter
christopher_ime
2K Posts
1
August 3rd, 2013 15:00
There are 2 ways to interpret your question:
1) As Peter responded to, limiting by network access. Just as he described similar to NFS exports.
In addition to Peter's feedback, there is available in v6.5 which you are running within OneFS the following syntax when creating/modifying an SMB share to allow/deny specific IP's/subnets to access that share. The isi smb command parameter you will be interested in is "--host-acl". This is described in the command reference guide for your version of OneFS available on support.emc.com. In summary it is a comma separated list and you can use syntax similar to the following:
--host-acl=allow: ,allow: ,deny:ALL
Then when you upgrade to v7.x, you have similar syntax available above (slight variation - refer to the command reference guide); however, you may also consider using Access Zones to limit network access to shares. Something to look forward to.
2) Or maybe do we have it wrong and you asking about limiting the number of connections (just as you have available with typical Windows shares)?
Peter_Sero
1.2K Posts
0
August 4th, 2013 23:00
Christopher, thanks a lot. It's in the "config" version of these two
valid, but distinct commands ;-)
isi smb share modify ...
isi smb config share modify ...
-- Peter
KVP1
2 Posts
0
August 14th, 2013 11:00
Thank you all for the responses. Sorry for the late reply.