Unsolved
This post is more than 5 years old
9 Posts
0
5071
how to grant access to CIFS shares for computer accounts (not user) ?
I have a CIFS share on my VNX5500 (7.1.72-1) which I want to be accessible not only for domain user accounts but also for domain computer accounts. This works for single computer accounts but not for a group of computer accounts.
Has anyone an idea how to achieve that?
The desired domain computers group is granted
modify, read/execute, read, write on file system
modify, read on share
With this settings it only works if a single domian computer account is specified but not the group which is it is part of.
Thank you for any hints and ideas...
christopher_ime
2K Posts
0
October 30th, 2013 23:00
Please consider moving this question as-is (no need to recreate) to the proper forum for maximum visibility. Questions written to the users' own "Discussions" space don't get the same amount of attention and can go unanswered for a long time.
You can do so by selecting "Move" under ACTIONS along the upper-right. Then search for and select: "VNX Support Forum".
VNX Support Forum
dynamox
1 Rookie
1 Rookie
•
20.4K Posts
0
October 31st, 2013 07:00
use Windows MMC to connect to the CIFS server, go to shares where you can a list of all shares on that specific CIFS servers. From this point you can add/remove active directory groups/users just like you would on a regular windows server.
lulli1
9 Posts
0
October 31st, 2013 08:00
That's right, I know. And this works fine for granting access to a CIFS share for a copmuter account but not for a group of computers. I want several computers to have access to the share.
Rainer_EMC
8.6K Posts
0
November 2nd, 2013 03:00
CIFS access control works on users/groups and not computers
dynamox
1 Rookie
1 Rookie
•
20.4K Posts
0
August 10th, 2017 09:00
create an AD group, add computer account to that group and then grant that group permissions.
avinash_b_patil
3 Posts
0
August 10th, 2017 09:00
How do we assign a computer account to the CIFS share ?
avinash_b_patil
3 Posts
0
August 10th, 2017 10:00
Thank you dynamox, whether adding a secmap entry in DM for the machine account would also work ?
dynamox
1 Rookie
1 Rookie
•
20.4K Posts
0
August 10th, 2017 11:00
why ? keep it simple and use AD to manage permissions/access
avinash_b_patil
3 Posts
0
August 11th, 2017 05:00
Thanks Rainer. users application (IIS server actually) which authenticate through NTLM, gets error when tries to connect to the share. error message - STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT.
Rainer_EMC
8.6K Posts
0
August 11th, 2017 05:00
what are you exactly trying to do ?
I dont think it even makes sense to add a secmap entry for machine accounts.
When exactly do you use machine accounts for CIFS file operations on the VNX ?
dynamox
1 Rookie
1 Rookie
•
20.4K Posts
0
August 11th, 2017 06:00
if IIS is configured to use storage on a CIFS shares, it does use IIS computer account to authenticate.
Rainer_EMC
8.6K Posts
0
August 11th, 2017 06:00
I bet that this is NOT using the machine account but rather a local user on the Windows client
local users cannot be used on remote CIFS connections - same as on Windows
you need to configure your application to run as a domain user
or map the CIFS share using domain user or local VNX CIFS server user before starting IIS
Or use ISCSI which avoids this altogether