Data Domain - Confirming and changing Client Access List on a Restorer

Summary: cifs access lists

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

 

Confirming and changing Client Access List on a Restorer

SUMMARY

  • How to confirm and change Client Information in an Access List on a DDR

APPLIES TO

  • All Data Domain Restorers

  • All DDOS Releases

Cause

cifs access lists

Resolution

INSTRUCTION

  • Client access to the DDR can be managed through the Common Internet File System (CIFS) access list or the Network File System (NFS) access list depending on the protocol used.
  • To be able to modify the access lists, you must log in to the Restorer with a user account that has admin level authority (versus user  level authority).
  • Currently, management of the Access Lists must be done from the command-line interface (CLI).
CIFS Access
A CIFS client can map to shares on a restorer.
  • ddvar is the share for administrative tasks, such as looking at a log file, or upgrading the DDOS.
  • backup is the share used by a Windows client for data storage and retrieval.
  • On current DDOS versions, you can create a customized share using the CLI.
Enable Clients
To allow access for CIFS clients to a Data Domain System, use the cifs enable operation. 
#cifs enable
Disable Clients
To disable all CIFS clients from accessing the Data Domain System, use the cifs disable operation. 
#cifs disable
View Clients
To view the access list use: 
#cifs share show

Add Clients to the access list
Each Windows client that will read and write to a Data Domain System must be added as a backup client.
We recommend adding the IP address, fully qualified domain name and short name of the client.  
cifs share modify <share> { max-connections <max connections> | clients <clients> | browsing <enabled|disabled> | writeable <enabled|disabled>| users <users> | comment <comment>} <"client-list">
The client list is a comma-separated list of clients that are allowed to access the share. Other than the comma delimiter, there should not be any white space (blank, tab) characters. The list must be enclosed in double quotes.

Some valid client lists are: 
"host1,host2"
"host1,10.24.160.116"
Some invalid client lists are: 
"host1  "
"host1 ,host2"
"host1, 10.24.160.116"
"host1 10.24.160.116"
Example: 
#cifs share modify /backup clients "srvr24.yourdomain.com,srvr24,10.24.160.116"
To delete a client, you can use the cifs share modify, and change the client list as you want it.
NOTE: When using the users option, do not use the asterisk (*) as the Data Domain system will not interpret this symbol as a wildcard but attempt to look for a user with the name of *.


NFS access
The nfs command manages NFS clients and displays NFS statistics and status.
A Data Domain System exports the directories /ddvar and /backup. /ddvar contains Data Domain System log files and core files.
/backup is the target for data from your NFS Clients. Add backup servers as clients to /backup.
Verify NFS is enabled 
nfs status
If nfs is not enabled, run: 
nfs enable

Adding NFS clients to the access list
To add NFS clients, use the nfs add operation. Add clients for administrative access to /ddvar. Add clients for Read/Write operations to /backup. A client added to a subdirectory under /backup has access only to that subdirectory. 
nfs add {/ddvar | /backup[/subdir]} client-list [(nfs-options)]
The client-list can contain class-C IP addresses, IP addresses with either netmasks or length, hostnames, or an asterisk (*) followed by a domain name, such as *.yourcompany.com.
The nfs-options list can have a comma, a space, or both between entries. 
The default NFS options for an NFS client are: rw, no_root_squash, no_all_squash, and secure. 

The list accepts the following options:
ro Read only permission.
rw Read and write permissions.
root_squash Map requests from uid/gid 0 to the anonymous uid/gid.
no_root_squash Turn off root squashing.
all_squash Map all user requests to the anonymous uid/gid.
no_all_squash Turn off the mapping of all user requests to the anonymous uid/gid
secure Requires that requests originate on an Internet port that is less than IPPORT_RESERVED (1024).
insecure Turn off the secure option
anonuid=id Set an explicit user-ID for the anonymous account. The id is an integer bounded from -65635 to 65635.
anongid=id Set an explicit group-ID for the anonymous account. The id is an integer bounded from -65635 to 65635.
For example, to add an NFS client with an IP address of 192.168.1.02 and read/write access to /backup: with the secure option: 
# nfs add /backup 192.168.1.02 (rw,secure)
Netmasks, as in the following examples, are supported: 
# nfs add /backup 192.168.1.02/24 (rw,secure)
# nfs add /backup 192.168.1.02/255.255.255.0 (rw,secure)
Remove Clients
To remove NFS clients that can access the Data Domain System, use the nfs del export client-list operation. A client can be removed from access to /ddvar and still have access to /backup. The client-list can contain IP addresses, hostnames, and an asterisk (*) and can be comma-separated, space separated, or both. 
nfs del {/ddvar | /backup[/subdir]} client-list
For example, to remove an NFS client with an IP address of 192.168.1.02 from /ddvar access: 
# nfs del /ddvar 192.168.1.02
To display the list of nfs clients enter 
# nfs show clients

Additional Information

 

 

     

    Affected Products

    Data Domain

    Products

    Data Domain
    Article Properties
    Article Number: 000043663
    Article Type: Solution
    Last Modified: 08 Jul 2024
    Version:  3
    Find answers to your questions from other Dell users
    Support Services
    Check if your device is covered by Support Services.