Add User or Group to CIFS Share

Add User or Group to CIFS Share

Environment:

All Data Domain systems

DDOS 5.1 and above

CIFS

 

Description:

DDOS 5.1

  • DataDomain enterprise manager (DDEM) does not allow add user or group to a CIFS share.
  • Customer shall be encouraged to restrict CIFS share access through Windows client using Microsoft Management Console (MMC).

 

DDOS 5.2

  • From DDOS 5.2 onwards this feature has been added back to DDEM GUI interface. Customer will be able to add user and group to CIFS share via DDEM.

 

Cause:

To restrict access to a CIFS share to one or more users or groups, Data Domain system administrator typically uses Data Domain CLI command "cifs share create" or "cifs share modify" with "users" option. This option is also available through GUI prior DDOS 5.1 release and is available from DDOS 5.2 onward.

 

 

Resolution:

Below are two DDMS screenshots when a Data Domain admin adds users or groups to a CIFS share. In DDOS 5.1, CIFS share ACL feature is removed from GUI (DDMS).   The user/group option in CLI remains valid.

 

NOTE: When adding users or Groups to a CIFS share do not use the asterisk  (*) as the Data Domain system will not interpret this symbol as a wildcard but attempt to look for a user or group with the name of *. It is always a best practice to use the user name or the group name for example: "Domain\<username >  Corp\steve (OR) Domain\<group> corp\IT"

 

In DDOS 5.1:

 

Please check for the steps to follow using MMC for adding user and groups to the CIFS share.

 

4.1.jpg

 

From  DDOS 5.2

 

Customer will be able to add users and groups to a particular CIFS share using DDEM.

 

4.2.jpg

 

Procedure to set CIFS share ACL through Windows client

 

  1. From a Windows client running Windows operation system, connect to DataDomain system using a local administrator account (sysadmin or other local account when DataDomain system uses non-AD mode) or domain administrator account (when DataDomain system is joined to AD).
  2. Right click on "My Computer" or equivalent icon and select "Manage". This will launch Computer Management Tool.
  3. Client on "Action" and select "Connect to another computer". Then, enter the name or IP-address of the DataDomain system used in step #1.
  4. Navigate to "System Tools" -> "Shared Folders" and “Shares".
  5. Right click on a share, select "Properties" and click on "Share permissions".
  6. Set appropriate permissions and click on "Apply" or "OK" button.

 

Note: If DataDomain system uses a local administrator account (sysadmin or other local account), the user needs to have the same account and password in Windows client node. This is because Windows MMC passes current Windows user/password to DataDomain node for authentication.

 

There is no problem if the windows client and Data Domain system are in the same Active Directory and the user logs into the Windows client using an AD account. Otherwise, the user must map a drive from the DataDomain system using a user with administrative privileges such as local admin account or domain admin account.

 

Below is a screenshot of MMC at step 5.

 

4.3.jpg

 

 

Reference:

EMC Support Solution Number: 181965

Copying the RPM file to the releases directory via FTP 181306

Copying the RPM file to the releases directory in NFS 181312

Copying the RPM File to The Releases Folder Using CIFS 181322

Copying files from and to /ddvar via SCP 181182