chris - Fotolia

Tutorial

Managing NetApp CIFS shares with PowerShell

NetApp provides a feature-rich PowerShell module to manage CIFS shares. Find out how it works, as well as how to set up a new share and establish permissions.

Dan Franciscus
By
Published: 10 May 2019

Windows IT professionals are usually well-versed in working with CIFS, also known as SMB, network shares created and managed on Windows Server. After all, Windows comes by default with several CIFS shares already created, such as C$ and ADMIN$. Another option to using Windows Server for CIFS shares is NAS or SAN, such as NetApp.

Since IT pros frequently use PowerShell, NetApp created a PowerShell toolkit to help manage not only NetApp CIFS shares, but shares on the entire system. In this article, I focus just on CIFS shares, setting up a new NetApp CIFS share from scratch along with permissions.

One thing to note, SMB is often the favored protocol over CIFS. However, NetApp generally uses CIFS in its terminology.

Creating a CIFS Share

After installing the PowerShell toolkit, there are quite a few cmdlets in the module:

C:\> Get-Command -Module DataONTAP | Measure-Object | Select-Object -Property Count

Count: 2019

Even better, there are 111 cmdlets that have CIFS in the name:

C:\> Get-Command -Name *CIFS* -Module DataONTAP | Measure-Object | Select-Object -Property Count

Count: 111

Since we will be working with a specific Storage Virtual Machine (SVM) on NetApp, let's first connect to it:

C:\> Connect-NcController -Name SVM1

Now, let's create a directory on a volume that we will use for the CIFS share:

C:\> New-NC Directory -Path vol/fas_vol/test-Permission 777

Now that we have a directory ready, we can create a CIFS share:

C:\> Add-NcCifsShare -Name 'test' -Path /fas_vol/test -ShareProperties @("browsable","showsnapshot") -Comment 'test share'

Note that the -ShareProperties parameter contains a few possible values outside of browsable and showsnapshot. For instance, oplocks enables CIFS clients to perform caching of read-ahead, write-behind and lock information. Or another option is to specify to changenotify so that CIFS clients will see change notifications for directories on the share.

To view the share, we can use the Get-NcCifsShare cmdlet:

C:\> Get-NcCifsShare -Name test

CifsServer                ShareName       Path                  Comment
SVM1                      Test            /fas_vol/test         Test share

Working with permissions

By default -- at least in my case -- the permissions given on NetApp CIFS shares are set to everyone. This is most likely not what an administrator will want because that would mean anyone in an Active Directory domain can get to the share. For this reason, we will first add permissions to the share and then remove everyone.

C:\> Add-NcCifsShareAcl -Share test -UserOrGroup 'domain\testgroup' -Permission full_control -UserGroupType windows

Note there are several options for adding permissions to a share. The various types of permissions are no_access, read, change or full_control. The -UserGroupType specifies if this is a Windows or Unix user or group.

Now, I can remove everyone.

C:\> Remove-NcCifsShareAcl -Share test -UserOrGroup everyone

Remember, this is only part of the process of setting permissions as NT file system permissions on the files should be set as well. This can be done through native Windows PowerShell cmdlets, such as Get-ACL and Set-ACL or by using Windows Explorer.

Modifying NetApp CIFS shares

To change an existing CIFS share, use the Set-NcCifsShare cmdlet, which can alter a CIFS path, share properties, comments, dirumask and max connections, among other settings.

In this example, I modify the path that the CIFS share is pointed to:

C:\> Set-NcCifsShare -Name test –Path '/fas_vol/newpath'

Removing a CIFS share

Of course, there are times when you want to completely remove a CIFS share from your NetApp. To delete the CIFS share:

C:\> Remove-NcCifsShare -Name test

After this, you can also use Remove-NcDirectory to remove the directory on the volume itself, but you must first remove any data in the folder.

Viewing CIFS connections

The fact that NetApp provides such a full-featured PowerShell module to manage shares is great news for Windows IT pros.

Another great feature provided for NetApp CIFS shares is viewing active sessions from CIFS client machines. The command to do this -- Get-NcCifsSession -- provides some valuable information as well, such as the IP address of the client, authentication mechanism, SMB protocol version and Windows user.

In this example, I want to view all of these, so I use Select-Object in PowerShell to show these properties:

C:\> Get-NcCifsSession | select address,AuthMechanism,ProtocolVersion,windowsuser

Address       AuthMechanism ProtocolVersion WindowsUser
-------       ------------- --------------- -----------
172.16.18.108 kerberos      smb3_1          DOMAIN\testuser1
172.16.18.90  ntlmv2        smb2_1          DOMAIN\testuser2
172.16.18.9   ntlmv2        smb2_1          DOMAIN\testuser3

As you can see, I have some clients using Kerberos and others using Windows NT LAN Manager for authentication. I also see that some clients are using version 2 of SMB, while others are using version 3.

Automation advantage

NetApp is one of the best on-premises storage options for IT professionals, and the fact that NetApp provides such a full-featured PowerShell module to manage shares is great news for Windows IT pros. There is a lot of automation around NetApp filers -- and especially NetApp CIFS shares -- that can be accomplished with the vendor's PowerShell module.

Dig Deeper on Storage architecture and strategy