Add User or Group to CIFS Share

PURPOSE

DDOS 5.1

• DataDomain enterprise manager (DDEM) does not allow add user or group to a CIFS share.
• Customer shall be encouraged to restrict CIFS share access through Windows client using Microsoft Management Console (MMC).

 DDOS 5.2

• From DDOS 5.2 onwards this feature has been added back to DDEM GUI interface. Customer will be able to add user and group to CIFS share via DDEM.

APPLIES TO

• All Data Domain systems

• DDOS 5.1 and above
• CIFS

Below are two DDMS screenshots when a Data Domain admin adds users or groups to a CIFS share.  In DDOS 5.1, CIFS share ACL feature is removed from GUI (DDMS).   The user/group option in CLI remains valid.

NOTE: When adding users or Groups to a CIFS share do not use the asterisk  (*) as the Data Domain system will not interpret this symbol as a wildcard but attempt to look for a user or group with the name of *.   It is always a best practice to use the user name or the group name for example: " Domain\<username >  Corp\steve  (OR) Domain\<group> corp\IT"

In DDOS 5.1:

Please check for the steps to follow using MMC for adding user and groups to the CIFS share.

From  DDOS 5.2

Customer will be able to add users and groups to a particular CIFS share using DDEM.

Procedure to set CIFS share ACL through Windows client

1.    From a Windows client running Windows operation system, connect to DataDomain system using a local administrator account (sysadmin or other local account when DataDomain system uses non-AD mode) or domain administrator account (when DataDomain system is joined to AD).

2.    Right click on "My Computer" or equivalent icon and select "Manage". This will launch Computer Management Tool.

3.    Client on "Action" and select "Connect to another computer". Then, enter the name or IP-address of the DataDomain system used in step #1.

4.    Navigate to "System Tools" -> "Shared Folders" and  Shares".

5.    Right click on a share, select "Properties" and click on "Share permissions".

6.    Set appropriate permissions and click on "Apply" or "OK" button.

Note: If DataDomain system uses a local administrator account (sysadmin or other local account), the user needs to have the same account and password in Windows client node.  This is because Windows MMC passes current Windows user/password to DataDomain node for authentication.

There is no problem if the windows client and Data Domain system are in the same Active Directory and the user logs into the Windows client using an AD account. Otherwise, the user must map a drive from the DataDomain system using a user with administrative privileges such as local admin account or domain admin account.

Below is a screenshot of MMC at step 5.