Connecting using a CIFS client
You can connect to a CIFS share using a CIFS client, such as Microsoft Windows™.
To access the share or export, a user must have appropriate POSIX permissions for accessing the path, and ACL authorization to read (r) and execute (x) each directory in the full path of the directory on which the share or export is mounted. If an Storwize V7000 Unified system administrator has disabled the --bypassTraversalCheck option of the chcfg Storwize V7000 Unified CLI command, which is enabled by default, retain the traversal rights ACE entry to ensure that users are able to access the share or export and its subdirectories. For example, to access a share or export mounted at /ibm/mydir/mysubdir/myexport, the above ACLs, at a minimum, must be applied to /ibm, /ibm/mydir, /ibm/mydir/mysubdir and /ibm/mydir/mysubdir/myexport. See Creating shares or exports, Managing authorization and access control lists, and Authorization limitations.
The used space and free space reported to CIFS clients also depends on the quotas applicable to the current user. For details, see the description in Managing quotas.
- The time must be synchronized across the KDC server, Storwize V7000 Unified cluster, and the CIFS clients, or access to a CIFS share is denied.
- In MIT KDC configurations for the CIFS services, the service principal name must use the NetBIOS name (the cluster name used in cfgcluster command). For example, if the cluster name is FOO and the realm is KDC.COM, the service principal name should be cifs/foo@KDC.COM.
- The clients should use only the NetBIOS name, while accessing a CIFS share. Using any other name or IP address might either cause a failure or fallback to the NTLM authentication.
- With Active Directory KDC, you can use DNS alias (CNAME) for Kerberized
CIFS access. To use the alias, you must register the DNS alias (CNAME)
record for the NetBIOS name (system account name) using the SetSPN
tool available on Active Directory server. For example, if the NetBIOS
name is FOO and the DNS alias is BAR, use the SetSPN tool from the command prompt
of the Active Directory server to register the following record:
setspn -A cifs/BAR FOO
Not registering the DNS alias record for the NetBIOS name might cause access to the CIFS shares to be denied with the following error code: KDC_ERR_S_SPRINCIPAL_UNKNOWN.
- On Linux clients, to use Kerberized CIFS access for Storwize V7000 Unified configured
with MIT KDC, you must at least have the 3.5.9 version of Samba client
installed. The Linux clients having an older Samba client might encounter
the following error, while trying to access CIFS shares:
ads_krb5_mk_req: krb5_get_credentials failed for foo$@KDC.COM (Server not found in Kerberos database) cli_session_setup_kerberos: spnego_gen_negTokenTarg failed: Server not found in Kerberos database
- Netbios/DNS name: unified03
- Share name: gpfs0all
- Using the Universal Naming Convention (UNC) syntax.
- Mapping a network drive using Windows Explorer.
- Mapping a network drive using NET.EXE from the Windows command line.
Example 1: UNC mapping
\\unified03\gpfs0all
Example 2: Mapping a network drive using Windows Explorer
To map a network drive to a drive letter from Windows Explorer, click
or use the icon .Example 3: Mapping a network drive using NET.EXE
C:> net use x: \\unified03\gpfs0all * /user:DOMAIN\\username
The command waits for your password input. If your authentication information is successful, you are notified that the command completed successfully.