Dell VNX5600 Configuring and Managing CIFS on VNX VNX1-VNX2
Dell VNX5600 Manual
View all Dell VNX5600 manuals
Add to My Manuals
Save this manual to your list of manuals |
Dell VNX5600 manual content summary:
- Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 1
EMC® VNX® Series Version VNX1, VNX2 Configuring and Managing CIFS on VNX P/N 300-014-332 REV. 04 - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 2
herein are the property of their respective owners. For the most up-to-date regulatory document for your product line, go to EMC Online Support (https://support.emc.com). EMC Corporation Hopkinton, Massachusetts 01748-9103 1-508-435-1000 In North America 1-866-464-7381 www.EMC.com 2 EMC VNX Series - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 3
25 Administrator accounts 27 Guest accounts 27 Other local user accounts 27 Virtual Data Movers 28 Group policy objects 28 GPO support on VNX 29 Support for restricted groups 31 Manage and enforce ACL 31 Delegating joins 32 Home directories 33 Permissions and security 33 Restrictions to - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 4
52 Add a WINS server 52 Start the CIFS service 53 Create a CIFS server for Windows Server the GUI 61 Create a CIFS share on MAC OS manually 62 Chapter 4 Managing 65 Set maximum number of passwords support 69 Enable local user support on a domain CIFS server 69 Enable local user support - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 5
83 Turn oplocks off 83 Configure file change notification 84 Stop the CIFS service 85 Delete a CIFS server 85 Delete a CIFS server in a Windows 94 Display GPO settings 94 Update GPO settings 95 Disable GPO support 96 Disable GPO caching 97 Disable alternate data streams 98 Configure SMB - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 6
file filtering pop-up messages 111 Troubleshooting 115 EMC E-Lab Interoperability Navigator 116 VNX user customized documentation 116 Known problems and limitations 116 Symbolic link limitations 119 Error messages 120 EMC Training and Professional Services 120 GPO conflict resolution 120 - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 7
) at http://Support.EMC.com. Troubleshooting-Go to EMC Online Support at http://Support.EMC.com. After logging in, locate the applicable Support by Product page. Technical support-For technical support and service requests, go to EMC Customer Service on EMC Online Support at http://Support.EMC.com - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 8
Preface Note Do not request a specific support representative unless one has already been assigned to your particular system problem. Your comments Your suggestions will help us continue to improve the accuracy, organization, and overall quality of the user publications. Please send your opinion of - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 9
CHAPTER 1 Introduction EMC VNX has incorporated the Common Internet File System (CIFS) protocol as an open standard for network file service. CIFS is a file access protocol designed for the Internet and is based on the Server Message Block (SMB) protocol that the Microsoft Windows operating system - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 10
: l Active Directory (AD) l Kerberos or NT LAN Manager support l DNS server The DNS server should support dynamic updates. If dynamic DNS (DDNS) is unsupported, you must manually update the DNS server. Configuring VNX Naming Services provides instructions on configuring a Data Mover to use naming - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 11
Naming Services l Configuring VNX User Mapping l EMC VNX Command Line Interface Reference for File l VNX for File man pages l Installing Management Applications on VNX for File l Managing a Multiprotocol Environment on VNX l Managing Volumes and File Systems for VNX Manually l Parameters Guide for - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 12
Introduction 12 EMC VNX Series VNX1, VNX2 Configuring and Managing CIFS on VNX - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 13
through a variety of file access protocols including the Common Internet File Service (CIFS) protocol. CIFS is based on the Microsoft Server Message joins...32 l Home directories 33 l Alternate data stream support 35 l SMB protocol support 36 l Symbolic links...37 l Opportunistic file locking 38 - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 14
CIFS file server, but not those of a Windows application server, such as a print or DNS server. DNS servers VNX supports the following Domain Name System (DNS) features: l DNS Service Resolution - Resolves service names instead of computer names. DNS returns a list of machines that run a specific - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 15
configure both IPv4 and IPv6 addresses for DNS, NIS, and NTP servers. This way, if an IPv6-only situation arises for any reason, then these services will still work. Domain migration VNX CIFS servers act as member servers in Windows domains and provide data storage for domain users. Data stored on - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 16
to a Windows domain on page 55 provide procedural information. In contrast, a stand-alone CIFS server does not have access to a domain and its associated services. The only users that can connect to a stand-alone CIFS server are those that use a local user account created and managed on the stand - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 17
Concepts CIFS servers on the Data Mover, you must specify one or more network interfaces with which to associate the server. You can reassign network interfaces to other CIFS servers on the Data Mover as you create them, or later as required. The default CIFS server behavior is useful if you plan - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 18
to Create a domain account in Active Directory on page 52. Internationalization support must be provided on VNX by enabling Unicode. Note VNX must use As a best practice, enable Unicode as the default option during installation. If you do enable Unicode, enable it before populating the file - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 19
the compnames. Quotas CIFS implementation of VNX supports disk quotas. Quotas can be configured by using alias registers the alternative name in Windows Internet Naming Service (WINS), not in domain name system (DNS avoid every user needing to manually change the mapping to Accounting_and_Finance, - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 20
a history of the new and old passwords of each CIFS server. When a Windows client attempts to open a new session with a Data Mover, the service ticket sent by the client is decrypted using the decryption key generated from the CIFS server computer account password. If the decryption fails, another - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 21
Guide for controller enforces LDAP message signing. Note Although Windows supports encryption of LDAP messages through other systems, such as path Key Value name Format Value HKLM\System\CurrentControlSet\Services\NTDS Parameter LdapServerIntegrity REG_DWORD 2 (Require signing); other values - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 22
level. LDAP signing is not required to bind with the domain controller. If the Data Mover requests data signing, the domain controller supports it. LDAP signing is negotiated between the Data Mover and the domain controller unless the Transport Layer Security/ Secure Socket Layer (TLS - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 23
message encryption User authentication methods Before configuring the CIFS service, you must define the user authentication method for authentication method and the dialect parameter that define the protocol level that VNX supports is set for each Data Mover and applies to every interface on the - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 24
each Windows user. Requirements: Requirements: l Requires a UNIX-style UID and GID for l Plain-text password support must each Windows user. be enabled on clients. l Plain-text password support must be enabled on clients. When to use: l Most useful for configurations requiring a high degree - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 25
Concepts service (CIFS) on VNX, you must select a method of mapping Windows SIDs to UIDs and GIDs. Configuring VNX User Mapping provides additional information. Local user and group accounts Enabling local user support creates local user accounts in the local groups database on the CIFS server. When - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 26
user account l Rename a user account l Change user password from the Login window l Reset a user password from any native Windows management interface Supported username and password formats Usernames and passwords must use these formats: l Usernames can be up to 256 Unicode characters in length - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 27
Concepts Table 7 Local user account features (continued) Feature Supported Unsupported l Logon script name l Home directories Dialin Information Terminal Services profile: l Terminal server profile path l Terminal server home directory Unsupported All unsupported Administrator accounts The - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 28
compname will be created must be attached to the VDM. For instructions, refer to either the "Create a network interface for a sync in File Auto Recovery with SRDF/S. Both documents are found on EMC Online Support. Group policy objects The Group Policy settings are stored in group policy objects - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 29
Mover, there is only one GPO cache per Data Mover. When you start the CIFS service on a Data Mover, VNX reads the settings stored in the GPO cache, and then 120. Table 8 on page 29 summarizes the GPO settings that VNX supports. Table 8 GPO settings Setting Default Values Kerberos Max Clock Skew ( - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 30
) Refresh interval offset (minutes) Default Values Disabled Disabled Disabled Administrators; Backup Operator Administrators; Backup Operator "All supported local groups" Administrators Administrators Enabled Disabled Administrators Privilege disabled Privilege disabled 500 KB Disabled 10 days - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 31
Display GPO settings on page 94 provides procedural information. Support for restricted groups Restricted groups are GPO security settings a member. Note Restricted groups are automatically applied after the CIFS service is started. Manage and enforce ACL Windows administrators use the Microsoft - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 32
Concepts Figure 3 Adding users and groups Delegating joins In a delegate join, the active directory (AD) account creation is separated from the join action. Consequently, a user other than the one who created the computer account for a CIFS server in the AD can join the CIFS server to the domain. - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 33
If a client system (such as Citrix Metaframe or Windows Terminal Server) supports more than one Windows user concurrently and caches file access information, the management snap-in for MMC. Installing Management Applications on VNX for File provides information on installing the snap-in. The snap-in - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 34
user (unless root ownership is specifically desired). EMC recommends that you do not share or export the parent folder in 0x2 mode unless you manually adjust ACLs on home directories to exclude all users but those that should have access. 34 EMC VNX Series VNX1, VNX2 Configuring and Managing - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 35
registry and edit the Flags value. You do not need restart the CIFS service for the registry change to take effect. Restrictions to using the home directory on page 125 provides additional information. Alternate data stream support With the release of Windows NT, Microsoft introduced the Windows - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 36
. Disable alternate datastreams on page 98 provides procedural information. SMB protocol support Server message block (SMB) is the underlying protocol used by the CIFS protocol to request file, print, and communications services from a server over a network through TCP ports. The protocol level is - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 37
allows you to specify the SMB2 capabilities supported by the CIFS servers of the complete Data clients connect to the Data Mover. The Parameters Guide for VNX for File provides additional information on objects (GPO) settings n With file migration service Configure SMB signing on page 98 provides - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 38
links that you can create on a system are: l The target of the link can be a file or a directory. Both are supported. The creation of a link on a non-existing target is also supported. l Absolute symbolic links are links that point to the absolute path of the file or folder, for example, C:\windows - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 39
are handling critical data and cannot afford any data loss, leave oplocks on. VNX supports level II, exclusive, and batch oplocks in the following ways: l Level II or local OS). The Win32 API, and thus the CIFS protocol, supports the ability to specify the root of the directory tree that requires - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 40
event logging mechanism to log their own events. VNX currently supports three such event logs that is security, system, and event viewer or in the following registry entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog \Logname\Retention Each time an archive is created, it is - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 41
STRING Note If a retention policy is not set, then the archived files are not deleted. In this case, delete or move these files manually before the file system becomes full. Specify the retention policy for when archive files can be removed is based on the total size occupied by - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 42
files are not deleted. In this case, delete or move these files manually before the file system becomes full. GMT date of the last archive of and is valid only if auto archive has been enabled. SMB 3.0 protocol support Windows Server 2012 introduces the new version 3.0 of the SMB protocol. With - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 43
same context as before the failover. Default VNX File Server CIFS Timeout To support VNX File Server Active/Passive CA, the File server uses a CIFS configured from 0-180 seconds, depending on customer requirements. Parameters Guide for VNX for File provides more information on how to modify - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 44
\Administrative Templates\Network\Lanman Server\ Setting: "Hash Version support for BranchCache" l Value: 1=support BranchCache V1 only l Value: 2=support BranchCache V2 only l Value: 3=supports BranchCache V1 and V2 Remote Volume Snapshot Service for SMB 3.0 In order to enable remote backup of - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 45
longer accessible by default from SMB1 and SMB2 clients (which do not support the SMB encryption). Encryption Settings The messages encryption for each share is in Table 12 on page 45, are: Key: HKLM\CurrentControlSet\Services\LanmanServer: Table 12 VNX OE for File registry values Value Type - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 46
. Table 13 Preliminary CIFS setup Action Enable internationalization support Create network interface Configure NTP server to synchronize date export file system for CIFS access Configure quotas Procedure Enable internationalization support on page 18 Network interfaces and CIFS servers on page 16 - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 47
Data Mover basis, use this command syntax: # server_cifs -smbhash -service enable Where: = name of the Data Mover 2. To enable hash support on each CIFS Share to be used for supporting Branch Cache clients, use this command syntax: # server_export -name - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 48
take precedence over manual registry entries. VDMs values outlined above. 4. To stop and restart the VNX File CIFS service to enable the SMBHash feature (the feature is not running until this Branch Cache operation. Microsoft BranchCache deployment guide provides more information about this. 6. - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 49
2008 R2 server. Note Parameters Guide for VNX for File provides more information about the parameters that are supported by this feature. EMC VNX name on which this user is logged in. Service Service events monitor the start or stop of the service as well as any configuration parameters changes. - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 50
SMB Hash Files. It can help in some circumstances to troubleshoot general BranchCache issues. Performance of SMB hash generation l The SMB2 impact the CPU usage. Impact of SMB hash generation The SMB hash generation service takes place at high level and does not impact other components. This - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 51
domain 52 l Create a domain account in Active Directory 52 l Add a WINS server 52 l Start the CIFS service 53 l Create a CIFS server for Windows Server environments 53 l Join a CIFS server to a Windows domain 55 by using the GUI 61 l Create a CIFS share on MAC OS manually 62 Configuring 51 - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 52
CIFS server is automatically joined to Windows domain in an NT environment. Add a WINS server Note The system processes a list of Windows Internet Naming Service (WINS) servers in the order in which you add them in the wins= option, with the first one being the preferred WINS server. For example - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 53
is 96 threads; however, if there is over 1 GB of memory, the default number of threads is 256). Example: To start the CIFS service on server_2, type: $ server_setup server_2 -Protocol cifs -option start Output: server_2 : done Create a CIFS server for Windows Server environments After starting the - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 54
. You can only have one default CIFS server per Data Mover. Note Link local interfaces cannot be added to a CIFS server as they are not supported on VNX. = different DNS suffix for the interface for DNS updates. By default, the DNS suffix is derived from the domain. This DNS option - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 55
Configuring Join a CIFS server to a Windows domain A CIFS server has to be joined to the Windows domain in a Windows Server environment. Note If a CIFS server is removed from the Windows domain by using an unjoin command, you need to run the join command again to rejoin the CIFS server to the - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 56
domain controller by using the domain administrator credentials. 2. Verify that the support tools are installed. 3. Select Start > Run. 4. Type ldp.exe and click options such as locking behavior and access control policy are not manually typed, the options are active but not displayed in the list - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 57
the Windows NT Server Manager for Domains to create shares and set access control lists (ACLs) on shares. For domain CIFS servers with local users support, you can mix local and domain users and groups in ACLs. Note If you create a share with Windows management tools, you cannot use any of - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 58
Configuring Procedure 1. To create a local share by exporting the pathname of the share, use this command syntax: $ server_export -Protocol cifs -name [-option ] Where: = name of the physical Data Mover or VDM. = name of the CIFS - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 59
permanent entries. Any temporary changes to the export table are not displayed. CIFS shares on page 17 and International character support on page 18 provide conceptual information. Procedure 1. To verify a share, use this command syntax: $ server_export -list -name [-option - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 60
IP interface for the CIFS server. Example: To create the stand-alone CIFS server dm32-ana0 on server_2 and provide local user support, type: $ server_cifs server_2 -add standalone=dm112cge0,workgroup=NASDOCS,interface=cge0,local_users 60 EMC VNX Series VNX1, VNX2 Configuring and Managing CIFS on - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 61
=2 Note l If you are using Internet Information Service (IIS) 6.0, the username and password must be on the CIFS server with local user support enabled. When you change the password, admin password. Join MAC to the Windows domain 1. Install the Administration tools disk (applicable to MAC OS Client - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 62
be made by the local MAC client administrator. 8. In Services, double-click on Active Directory to join a domain. 9. desktop. 2. Click the Eject icon to unmount the share. Create a CIFS share on MAC OS manually Before you begin l Click Finder and select Go > Utilities > Terminal. l Login with the - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 63
Note Verify if the smbfs option is displayed. Configuring Create a CIFS share on MAC OS manually 63 - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 64
Configuring 64 EMC VNX Series VNX1, VNX2 Configuring and Managing CIFS on VNX - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 65
CIFS configuration and its dependencies 68 l Manage CIFS servers with local users support 69 l Delete a stand-alone server 72 l Rename a NetBIOS name 73 Delegate join authority 82 l Manage file systems 83 l Stop the CIFS service 85 l Delete a CIFS server 85 l Delete CIFS shares 87 l Manage - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 66
of passwords to retain in Kerberos authentication Note Parameter and facility names are case-sensitive. If you experience password reset while troubleshooting problems with authentications, reset the CIFS server password by using the server_cifs command. The Data Mover retains a history of the new - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 67
server_2 -facility ldap -modify SecurityLayer -value 4 Output: server_2 : done Note l Parameter and facility names are case-sensitive. l Restart the CIFS service after executing the above command. Check the current CIFS configuration Note The server_cifs command currently does not display the link - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 68
Managing Enabled interfaces: (All interfaces are enabled) Disabled interfaces: (No interface disabled) If CIFS service is not started: server_2 : Cifs NOT started Security mode = NT Max protocol = NT1 I18N mode = ASCII Home Directory Shares DISABLED Usermapper auto broadcast enabled Usermapper[0] = - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 69
CIFS server within a workgroup environment on page 71 l Enable the guest account on a stand-alone server on page 72 Enable local user support on a domain CIFS server Check CIFS configuration dependencies on page 68 and Change password for local Administrator account on page 70 provide procedural - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 70
change the temporary password from a Windows system before you can administer the local users or groups on the CIFS server with local user support enabled. When you change the password, the password can contain Unicode characters. l The local_users option causes the server_cifs command to prompt for - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 71
or IP address of the CIFS server. c. In the Old Password field, type the original Administrator account password you typed when you enabled local users support. d. In the New Password and Confirm New Password fields, type the new password for the local Administrator account. Access and manage a CIFS - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 72
to the new Guest account. Delete a stand-alone server Note If you delete a CIFS server with local user support and then create a new one with the same name and local user support, the new server retains the original local administrative password. Hence you cannot set a new password for the new CIFS - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 73
Managing Note If you add the -remove_localgroup option, the Data Mover permanently deletes the local group information of the CIFS server from the permanent storage of the Data Mover. If you add the alias and interface options, only the alias and the interface are deleted, the CIFS server exists. - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 74
Managing Procedure 1. To rename a NetBIOS name, use this command syntax: $ server_cifs -rename -netbios Where: = name of the Data Mover. = name of the current NetBIOS. = name of the new NetBIOS. Example: To rename the NetBIOS - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 75
Managing $ server_cifs server_2 -Join compname=W2kProd,domain=abc.com,admin=Administrator Assign a NetBIOS or computer name alias NetBIOS versus DNS alias on page 19 provides conceptual information. Perform these tasks to manage aliases: l Add a NetBIOS alias to a CIFS server on page 75 l Add a - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 76
Managing = name of the Data Mover. = NetBIOS name for the CIFS server. = domain name for the Windows environment. = alias for the NetBIOS name. Example: To declare three aliases for NetBIOS dm102-cge0, type: $ server_cifs server_2 -add netbios= - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 77
Managing View aliases Procedure 1. To delete one or more NetBIOS aliases from a CIFS server, use this command syntax: $ server_cifs -delete netbios=, alias= [,alias=,...] Where: = name of the Data Mover. = NetBIOS name - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 78
server_2 in a Windows Server environment, type: $ server_cifs server_2 -add compname=dm32-ana0,domain=NASDOCS.emc.com -comment "EMC_VNX" International character support on page 18 provides conceptual information. Note You cannot add or change comments through the Server Management or the Computer - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 79
comment as the name of the mapped drive. The client continues to use the stored comment as the mapped drive name until you manually change the Registry. If you manually change the name of the mapped network drive from Explorer or My Computer, the changed name is stored in another Registry entry - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 80
default password is the name of the server you should reset the password. Restart the CIFS service to force the Data Mover to update the password on its domain controller. Start the CIFS service on page 53 provides procedural information. Procedure 1. To reset the CIFS password and encryption keys - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 81
Managing I18N mode = UNICODE Home Directory Shares DISABLED Usermapper auto broadcast enabled Usermapper[0] = [127.0.0.1] state:active (auto discovered) Enabled interfaces: (All interfaces are enabled) Disabled interfaces: (No interface disabled) ... Verify the effective SMB dialect for the - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 82
Managing Where: = name of the Data Mover. = the user name can be simply or Domain\ or . = the machine name, which can be a string or an IP address. Example: To display the number and names of open files on server_2, - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 83
Managing The Parameters Guide for VNX for File provides additional information. Delegating enabled, data loss can occur in a Microsoft network if the Windows Server crashes or network problems occur. Note You might notice performance degradation if oplocks are disabled. Procedure 1. To turn - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 84
Managing $ server_mount -option nooplock Where: = name of the Data Mover or VDM. = name of the file system being mounted. = name of the mount point. Example: To mount the file system ufs1 with oplocks turned off, type: $ - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 85
command syntax: $ server_setup -Protocol cifs -option stop Where: = name of the Data Mover Example: To stop the CIFS service on server_2, type: $ server_setup server_2 -Protocol cifs -option stop Output: server_2: done Delete a CIFS server Before you begin Use Microsoft - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 86
Managing NOTICE Data loss can occur if you stop or delete a CIFS server (Windows Server or Windows NT) when writes are in process. Before you perform this procedure, notify all users in advance that the CIFS server will no longer be available. Delete a CIFS server in a Windows Server environment - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 87
Managing Delete CIFS shares When you delete a share, users no longer have access to that share. All unexports on CIFS shares are permanent-when a CIFS share is unexported, the entry is deleted from the export table. To provide user access to the file system, you must reexport the file system. Before - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 88
the Data Mover to ensure that all changes are made to the target domain. Stop the CIFS service on page 85 and Start the CIFS service on page 53 provide procedural information. The server_cifs -Replace command replaces the history SIDs from the old domain with the new SIDS in the new - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 89
, VNX uses the NT user authentication method. Use NT user authentication with both domain CIFS servers and a stand-alone CIFS server with local user support. For security reasons, it is strongly recommended that you do not use UNIX or SHARE user authentication. User authentication methods on page 23 - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 90
Managing Where: = name of the Data Mover or VDM. Example: To check the user authentication method for server_2, type: $ server_cifs server_2 Output: server_2 : 256 Cifs threads started Security mode = NT Max protocol = NT1 I18N mode = UNICODE Home Directory Shares DISABLED usermapper - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 91
CHAPTER 5 Leveraging Advanced Functionality Advanced CIFS functionalities are: l Enable and manage home directories 92 l Manage group policy objects 94 l Disable alternate data streams 98 l Configure SMB signing 98 l Manage SMB2 and SMB3 protocols 101 l Change the default symbolic link behavior - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 92
Functionality Enable and manage home directories The home directory feature is disabled by default. Create the CIFS server and start the CIFS service before you enable the home directory as discussed in the Unisphere online help. Home directories on page 33 provides conceptual information. Perform - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 93
Leveraging Advanced Functionality \\\HOME OR \\\[$] Where: = IP address, computer name, or NetBIOS name of the CIFS server. HOME = special share name reserved for the home directory feature. [$] = name of a user's directory. Using the $ - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 94
-option homedir=no Manage group policy objects Perform these tasks to manage group policy object (GPO) support: l Display GPO settings on page 94 l Update GPO settings on page 95 l Disable GPO support on page 96 l Disable GPO caching on page 97 Group policy objects on page 28 provides conceptual - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 95
15:50:42 EDT 2007 Update GPO settings While the CIFS service is running or after restarting the CIFS service, the Data Mover updates its group policy object (GPO) page 95 l Update GPO settings manually for all Data Movers on page 96 l Update GPO settings manually for the specified domain on page 96 - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 96
: $ server_security ALL -update -policy gpo Update GPO settings manually for the specified domain Note To update the GPO settings for support is disabled, VNX cannot access the Windows domain controller, and the related VNX functions automatically use their own default settings. The Parameters Guide - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 97
: = name of the Data Mover Example: To disable GPO support on server_2, type: $ server_param server_2 -facility cifs -modify gpo -value retrieve the settings from the Windows domain controller. The Parameters Guide for VNX for File provides additional information about the cifs gpocache - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 98
there are rare cases when you might want to disable ADS support, EMC generally recommends that alternate data stream support be enabled. Alternate datastream support on page 35 provides more information. The Parameters Guide for VNX for File provides additional information about the shadow stream - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 99
Leveraging Advanced Functionality = name of the Data Mover Example: To disable SMB signing support on server_2, type: $ server_param server_2 -facility cifs -modify smbsigning -value 0 Output: server_2: done Configure SMB signing with GPOs If you want independent control of server- - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 100
Enabled You can also configure server message block (SMB) signing through the Windows Registry. If there is no group policy object (GPO) service available, such as in a Windows NT environment, the Registry settings are used. Registry settings affect only the individual server or client that - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 101
link to a file with a relative path on page 103 SMB protocol support on page 36 provides conceptual information. Enable the SMB2 protocol Procedure 1. To done Enable the SMB3 protocol SMB3 is enabled by default for a fresh install. In case of an upgrade, if you have modified the MAX protocol - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 102
=NT dialect=SMB3 Output: server_2: done Note l The keyword that is used for the dialect option in the server_cifs command indicates the maximum supported dialect. For example, when you enable SMB3, all protocol dialects up to SMB 3.0 are enabled, including NT1, SMB2.0, and SMB 2.1. l To switch to - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 103
SMB1 protocol on server_2, type: $ server_cifs server_2 -add security=NT,dialect=NT1 Output: done Create a symbolic link to a file with a relative path SMB2 support for symbolic links on page 38 provides conceptual information. Note The creation of symbolic link with an absolute path or an UNC path - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 104
Leveraging Advanced Functionality mklink Where: = name of the symbolic link. = location and name of the target. Example: To create a symbolic link target1 that points to a file with an absolute pathname from a MS DOS console on the SMB2 client, type: mklink - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 105
Leveraging Advanced Functionality Enable symbolic links with absolute paths By default, the Data Mover will not follow symbolic links that contain absolute paths (full pathnames). Note When the shadow followabsolutpath parameter is enabled to follow absolute paths, the target is interpreted by the - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 106
Leveraging Advanced Functionality Access symbolic links through CIFS clients You must have root privileges to create a symbolic link. Perform the following steps using the Control Station and an NFS client. Procedure 1. Set the shadow followabsolutpath parameter to enable symbolic links with - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 107
cifs srvpwd.updtMinutes lets you configure the time interval at which the Data Mover changes passwords with the domain controller. The Parameters Guide for VNX for File provides additional information about the cifs srvpwd.updtMinutes parameter. Configure automatic computer password changes 107 - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 108
can change the location and the size limit of the Data Mover's Windows security log. NOTICE Incorrectly modifying the Registry might cause serious system-wide problems that require you to reinstall the system. Use this tool at your own risk. You can access the Windows security log for a Data Mover - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 109
name. c. From the Window menu, select the Hkey Local Machine on Local Machine subtree, and go to the key System\CurrentControlSet \Services\Eventlog\Security. d. Select the string [File: REG_EXPAND_SZ:c:\security.evt]. e. From the Edit menu, select String. f. Edit the string that has information - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 110
Leveraging Advanced Functionality Note Delegating joins on page 32 provides conceptual information. The article explaining Disjoint Namespace at Microsoft Technet website provides detailed information. Join a CIFS server to a Windows domain for a disjoint namespace and a delegated join Note The < - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 111
to the local administrative group for the user to be able to manage the CIFS server, set the cifs djAddAdminToLg parameter to 1. The Parameters Guide for VNX for File provides additional information. Customize file filtering pop-up messages Following are the error codes that can be used with the - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 112
Leveraging Advanced Functionality l Remote l NoSpace l QuotaExceeded l GroupQuotaExceeded l TreeQuotaExceeded Procedure 1. Log in to the Control Station as root. 2. Copy the cifsmsg.txt file from the Data Mover to the Control Station by using this command syntax: # server_file server_ -get - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 113
.txt cifsmsg.txt 5. To implement the changes that you made to the cifsmsg.txt file, restart (stop and start) the CIFS service on the Data Mover () by using this command syntax: $ server_setup server_ -P cifs -o stop $ server_setup server_ -P cifs -o start Customize file filtering pop - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 114
Leveraging Advanced Functionality 114 EMC VNX Series VNX1, VNX2 Configuring and Managing CIFS on VNX - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 115
Known problems and limitations 116 l Symbolic link limitations 119 l Error messages 120 l EMC Training and Professional Services 120 l GPO conflict resolution 120 l LDAP signing and encryption 122 l SMB signing resolution 122 l DNS issues...123 l MS Event Viewer snap-in 124 Troubleshooting - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 116
Support Tools, click E-Lab Navigator. VNX user customized documentation EMC provides the ability to create step-by-step planning, installation, and maintenance instructions tailored to your environment. To create VNX user customized documentation, go to: https://mydocs.emc.com/VNX. Known problems - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 117
Troubleshooting Known problem Table 17 Windows environment known problems and workarounds (continued) Symptom Workaround Note 2. From the HKEY_LOCAL_MACHINE subtree, go to the following key: System\CurrentControlSet\Services \rdr\parameters a. Under this key, create a new DWORD Registry key - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 118
Troubleshooting Known problem Table 17 Windows environment known problems and workarounds (continued) Symptom Workaround record belongs to a deleted computer account. The DNS record must be removed manually. Domain administrator account was locked out. Typically, this happens when another user - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 119
Troubleshooting Table 17 Windows environment known problems and workarounds (continued) Known problem DDNS. Access is denied to Internet Information Services (IIS) 6.0 when attempting to connect to For a stand-alone CIFS server with local user support enabled, the username and password must be the - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 120
recommended actions to help you troubleshoot the situation. To view Guide: n Use this guide to locate information about messages that are in the earlier-release message format. l EMC Online Support Support at http://Support.EMC.com for course and registration information. EMC Professional Services - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 121
Troubleshooting secure setting of all the related settings on the CIFS server. For /No) Yes Requires conflict resolution (Yes/No) Yes Audit account management Yes Yes Audit directory service Yes Yes access Audit logon events Yes Yes Audit object access Yes Yes Audit policy change Yes - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 122
Troubleshooting are not already active on the connection. If you experience any problems with LDAP signing or encryption, do the following: Procedure 1. On - Client or server supports SMB signing but does not require it for transactions. l Disabled - Client or server does not support any SMB signing. - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 123
DNS issues Troubleshooting 2. GPO settings 3. Registry values The CIFS client executes its own the group policy because the Data Mover only updates the DNS zone for host entries and not for service entries. l When two Windows-based DNS servers are working in the same DNS zone, their content might - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 124
Troubleshooting MS Event Viewer snap-in VNX CIFS servers support the MS Event Viewer snap-in for 2008, and experience problems with the Event Viewer help, perform the following: Procedure 1. Download and install the old executable for .hlp files from the Microsoft support website Windows Help - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 125
APPENDIX A Additional Home Directory Information This section provides additional information regarding the optional home directory feature described in Enable and manage home directories on page 92. The information in this section is intended for users who are creating or maintaining home directory - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 126
Additional Home Directory Information Home directory database format This section outlines the format of the entries in the home directory database. EMC recommends that you use the home directory Microsoft Management Console (MMC) snap-in to create and maintain the home directory. The snap-in - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 127
in the use of an excessive number of home directory database entries to achieve something that should have been relatively simple. Home Directory solves this problem by giving you the enormous flexibility of using regular expressions when specifying the Wildcards 127 - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 128
Additional Home Directory Information domain name and username of a database entry. Table 21 on page 128 shows examples of how regular expressions can be used in the Home Directory database to simplify Home Directory management. Table 21 Examples of regular expression use in the Home Directory - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 129
Additional Home Directory Information /homes3/user1 - does not exist If the Data Mover looked only for a galaxy:user1 match, it would stop parsing at the first map entry. However, the Data Mover, after finding a galaxy:user1 match, searches the path for a user1 directory-if it does not find a user1 - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 130
Additional Home Directory Information 130 EMC VNX Series VNX1, VNX2 Configuring and Managing CIFS on VNX - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 131
VNX users and Data Mover security settings from a Windows Server or Windows XP computer. Installing Management Applications on VNX for File includes details about MMC snap-ins. EMC recommends that you use Microsoft Services for UNIX (SFU) or Identity Management for UNIX (IMU). Topics include: l Data - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 132
viruschecker.conf file) used with Common AntiVirus Agent (CAVA) and third-party antivirus programs. CAVA and a third-party antivirus program must be installed on the Windows Server. Using the Common Event Enabler for Windows provides more details about CAVA. Home Directory Management snap-in You can - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 133
server to domain 55 joining server to the domain 111 starting CIFS service 53 unicode 18 D Data Mover user authentication 23, 89 deleting CIFS configuring with SMB signing 99 disabling caching 97 disabling support 96 displaying settings 95 support 29 updating settings 95 guest accounts 27 H history - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 134
with GPOs 99 overview 37 stand-alone server accessing 71 start CIFS service 53 symbolic link 104 symbolic links CIFS 106 synchronous writes, ensuring 83 105 shadow followdotdot 104 T threads 53 troubleshooting 115 U Unicode, enabling support 18 user authentication mode defined NT 23 setting - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 135
W Windows adding computer account 52 platform comparison 13 with VNX File Server 14 Windows 2000/Windows Server 2003 Kerberos authentication 19 WINS, adding a server 52 Index EMC VNX Series VNX1, VNX2 Configuring and Managing CIFS on VNX 135 - Dell VNX5600 | Configuring and Managing CIFS on VNX VNX1-VNX2 - Page 136
Index 136 EMC VNX Series VNX1, VNX2 Configuring and Managing CIFS on VNX
EMC
®
VNX
®
Series
Version VNX1, VNX2
Configuring and Managing CIFS on VNX
P/N 300-014-332 REV. 04