Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

KVP1

2 Posts

1949

August 2nd, 2013 08:00

Is there a way on the Isilon to limit connections to a particular share?

We have Isilon cluster with lot of shares on. We are on 6.5.5.10 code. We are looking at an option to limit client connections to a particular share. Any thoughts will be helpful.

Thanks in advance.

Peter_Sero

1.2K Posts

August 3rd, 2013 05:00

For Windows (SMB/CIFS) shares, the authentication is done per user.

If you don't want one client computer to access a certain share, you

would need to prevent all those users who are permitted to mount this share

from logging in to that client. Those users could still mount the share

from other client computers then.

Subnetting the clients according to different access permissions

wouldn't help here, unless you put some SMB-aware firewall in the middle.

The situation is different for NFS (2+3), where the server "trusts"

each client about its users, hence no per-user authentication is done.

Therefore an NFS export (share) is usually configured with

a restrictive set of allowed clients, or subnet(s) for clients.

-- Peter

christopher_ime

2K Posts

August 3rd, 2013 15:00

There are 2 ways to interpret your question:

1) As Peter responded to, limiting by network access.  Just as he described similar to NFS exports.

In addition to Peter's feedback, there is available in v6.5 which you are running within OneFS the following syntax when creating/modifying an SMB share to allow/deny specific IP's/subnets to access that share.  The isi smb command parameter you will be interested in is "--host-acl".  This is described in the command reference guide for your version of OneFS available on support.emc.com.  In summary it is a comma separated list and you can use syntax similar to the following:

--host-acl=allow: ,allow: ,deny:ALL

Then when you upgrade to v7.x, you have similar syntax available above (slight variation - refer to the command reference guide); however, you may also consider using Access Zones to limit network access to shares.  Something to look forward to.

2) Or maybe do we have it wrong and you asking about limiting the number of connections (just as you have available with typical Windows shares)?

Peter_Sero

1.2K Posts

August 4th, 2013 23:00

Christopher, thanks a lot. It's in the "config" version of these two

valid, but distinct commands ;-)

isi smb share modify ...

isi smb config share modify ...

-- Peter

KVP1

2 Posts

August 14th, 2013 11:00

Thank you all for the responses. Sorry for the late reply.

View More

View All

No Events found!

Top