Manual Pages
arp
by Chris Kranz on Jul.07, 2009, under Manual Pages
NAME
arp – address resolution display and control
SYNOPSIS
arp [-n] hostnamearp [-n] -a
arp -d hostname
arp -s hostname ether_address [ temp ] [ pub ]
DESCRIPTION
The arp command displays and modifies the tables that the address resolution protocol uses to translate between Internet and Ethernet addresses.With no flags, arp displays the current ARP entry for hostname. The host may be specified by name or by number, using Internet dot notation.
OPTIONS
- -a
- Displays all of the current ARP entries.
- -d
- Deletes an entry for the host called hostname.
- -n
- IP addresses are displayed instead of hostnames.
- -s
- Creates an ARP entry for the host called hostname with the Ethernet address ether_address. The Ethernet address is given as six hex bytes separated by colons. The entry not will be permanent if the words following -s includes the keyword temp. Temporary entries that consist of a complete Internet address and a matching Ethernet address are flushed from the arp table if they haven’t been referenced in the past 20 minutes. A permanent entry is not flushed.
CLUSTER CONSIDERATIONS
In takeover mode, each filer in a cluster maintains its own ARP table. You can make changes to the ARP table on the live filer, or your can make changes to the ARP table on the failed filer using the arp command in partner mode. However, the changes you make in partner mode are lost after a giveback.
VFILER CONSIDERATIONS
When run from a vfiler context, (e.g. via the vfiler run command), arp operates on the concerned vfiler. As currently all vfilers in an ipspace share an arp table, arp operates on the arp table of the concerned vfiler’s ipspace.
SEE ALSO
ifconfig , partner , ipspace , vfiler , RFC1483.
cifs_shares
by Chris Kranz on Jul.07, 2009, under Manual Pages
NAME
cifs_shares – configure and display CIFS shares information
SYNOPSIS
cifs shares [ sharename ] cifs shares -add sharename path
[ -f ]
[ -comment description ]
[ -maxusers userlimit ]
[ -forcegroup groupname ]
[ -nosymlink_strict_security ]
[ -widelink ]
[ -umask mask ]
[ -dir_umask mask ]
[ -file_umask mask ]
[ -nobrowse ]
[ -novscan ]
[ -novscanread ]
[ -no_caching | -auto_document_caching -auto_program_caching ]
[ -accessbasedenum ]
cifs shares -change sharename
{ -comment description | -nocomment } { -maxusers userlimit | -nomaxusers } { -forcegroup groupname | -noforcegroup } { -nosymlink_strict_security | -symlink_strict_security }
{ -widelink | -nowidelink }
{ -umask mask | -noumask }
{ -dir_umask mask | -nodir_umask } { -file_umask mask | -nofile_umask } { -nobrowse | -browse }
{ -novscan | -vscan }
{ -novscanread | -vscanread }
{ -no_caching | -manual_caching
-auto_document_caching | -auto_program_caching } { -accessbasedenum | -noaccessbasedenum }
cifs shares -delete [ -f ] sharename
cifs shares -t
DESCRIPTION
cifs shares displays one or more shares, edits one or more shares, creates a share, deletes a share, or displays a total summary of the shares. Listing shares
To list the shares and their access control lists, use the command cifs shares followed by the name of the share to display. If the name contains the wildcard characters * or ? , then all the shares matching the specified name are displayed.
To list all shares and their access control lists, use the command cifs shares with no arguments or cifs shares *
toaster> cifs shares
Name Mount Point Description —- ———– ———– HOME /vol/vol0/home Default Share everyone / Full Control C$ /vol/vol0 Remote Administration BUILTIN\Administrators / Full Control ENGR /vol/vol0/engr Engineering Machine Account access disabled DOMAIN\Engineering / Full Control ENGRSW /vol/vol0/engr-sw Software Engineering Machine Account access disabled DOMAIN\Engineering / Full Control ENGRHW /vol/vol0/engr-hw Hardware Engineering Machine Account access disabled DOMAIN\Engineering / Full Control NEWS /vol/vol0/news News DOMAIN\Guests / No Access everyone / Read
toaster> cifs shares news
Name Mount Point Description —- ———– ———– NEWS /vol/vol0/news News DOMAIN\Guests / No Access everyone / Read
toaster> cifs shares eng*
ENGR /vol/vol0/engr Engineering Machine Account access disabled DOMAIN\Engineering / Full Control ENGRSW /vol/vol0/engr-sw Software Engineering Machine Account access disabled DOMAIN\Engineering / Full Control ENGRHW /vol/vol0/engr-hw Hardware Engineering Machine Account access disabled DOMAIN\Engineering / Full Control
toaster> cifs shares engr??
ENGRSW /vol/vol0/engr-sw Software Engineering Machine Account access disabled DOMAIN\Engineering / Full Control ENGRHW /vol/vol0/engr-hw Hardware Engineering Machine Account access disabled DOMAIN\Engineering / Full Control
Creating new shares
To create a new share, use the -add option:
cifs shares -add sharename path
[ -f ]
[ -comment description ]
[ -maxusers userlimit ]
[ -forcegroup groupname ]
[ -nosymlink_strict_security ] [ -widelink ]
[ -umask mask ]
[ -dir_umask mask ]
[ -file_umask mask ]
[ -nobrowse ]
[ -novscan ]
[ -novscanread ]
[ -no_caching | -auto_document_caching -auto_program_caching ]
[ -accessbasedenum ]
sharename name of the new share; clients use this name to access the share. The share name cannot exceed 256 characters. Note that the following 15 characters are invalid characters for a share name: " / \ [ ] : | < > + ; , ? * =
- path
- full path name of the directory on the filer that corresponds to the root of the new share.
- -f
- Suppress confirmation dialogs, if any. This option will be deprecated in future releases. A warning will be issued when share-names exceed 8 characters.
- -comment description
- description of the new share. CIFS clients see this description when browsing the filer’s shares. If the description includes spaces, it must be enclosed in double quotatation marks. If you do not specify a description, the description is blank.
- -maxusers userlimit
- maximum number of simultaneous connections to the new share. userlimit must be a positive integer. If you do not specify a number, the filer does not impose a limit on the number of connections to the share.
- -forcegroup groupname
- name of the group to which files to be created in the share belong. The groupname is the name of a group in the UNIX group database.
- -nosymlink_strict_security
- allow clients to follow symbolic links to destinations on this filer but outside of the current share. Do not check that the client is authenticated to the symbolic link’s destination.
- -widelink
- allow clients to follow absolute symbolic links outside of this share, subject to NT security. This feature requires an entry in the /etc/symlink.translations file and it requires that the client supports Microsoft’s Distributed File System (Dfs).
- -umask mask set
- file mode creation mask for shares in qtrees with Unix or mixed security styles. The mask is an octal value which restricts the initial permissions setting of a newly created file or directory. This mask may be overridden by dir_umask or file_umask.
- -dir_umask mask
- set file mode creation mask for shares in qtrees with Unix or mixed security styles. The mask is an octal value which restricts the initial permissions setting of a newly created directory.
- -file_umask mask
- set file mode creation mask for shares in qtrees with Unix or mixed security styles. The mask is an octal value which restricts the initial permissions setting of a newly created file.
- -nobrowse
- disable enumeration of this share by browsing tools such as Server Manager or Active Directory Users and Computers.
- -novscan
- do not perform a virus scan when clients open files on this share.
- -novscanread
- do not perform a virus scan when clients open files on this share for read access.
- -no_caching disallow
- Windows clients from caching any files on this share.
- -auto_document_caching
- allow Windows clients to cache user documents on this share. The actual caching behavior depends upon the Windows client.
- -auto_program_caching
- allow Windows clients to cache programs on this share. The actual caching behavior depends upon the Windows client.
- -accessbasedenum
- enable the ability to hide the folders and files underneath this share when the user has no permissions to read them.
Deleting existing shares
To delete a share, use the -delete option:
cifs shares -delete sharename
Changing the settings of existing shares
To change the settings of an existing share, use the -change option:
cifs shares -change sharename
{ -comment description | -nocomment } { -maxusers userlimit | -nomaxusers } { -forcegroup groupname | -noforcegroup } { -nosymlink_strict_security | -symlink_strict_security }
{ -widelink | -nowidelink } { -umask mask | -noumask } { -dir_umask mask | -nodir_umask } { -file_umask mask | -nofile_umask } { -nobrowse | -browse }
{ -novscan | -vscan }
{ -novscanread | -vscanread } { -no_caching | -manual_caching
- -auto_document_caching
- | -auto_program_caching } { -accessbasedenum | -noaccessbasedenum }
sharename , if fully specified, is the name of the existing share that is to be changed. If the name contains the wildcard characters * or ? , then all the shares matching the specified name are to be changed.
- -comment description
- changes the description of the share. For more information about the share description setting, see the Creating new shares section, above.
- -nocomment
- changes the description of the share to an empty string.
- -maxusers userlimit
- changes the user limit on the share. For more information about the user limit setting, see the Creating new shares section, above.
- -nomaxusers removes the user limit on the share.
-
- -forcegroup groupname
- changes the forcegroup setting. For more information about the forcegroup setting, see the Creating new shares section, above.
- -noforcegroup
- specifies that files to be created in the share do not belong to a particular UNIX group. That is, each file belongs to the same group as the owner of the file.
- -nosymlink_strict_security
- disables the symlink_strict_security setting. For more information about the symlink_strict_security setting, see the Creating new shares section, above.
- -symlink_strict_security
- enables the symlink_strict_security setting for this share.
- -widelink
- changes the widelink setting. For more information about the widelink setting, see the Creating new shares section, above.
- -nowidelink disables the widelink setting for this
- share.
- -umask mask changes
- the umask setting. For more information about the umask setting, see the Creating new shares section, above.
- -noumask
- resets the umask value to 0.
- -dir_umask mask
- changes the dir_umask setting. For more information about the dir_umask setting, see the Creating new shares section, above.
- -nodir_umask
- removes the dir_umask.
- -file_umask mask
- changes the file_umask setting. For more information about the file_umask setting, see the Creating new shares section, above.
- -nofile_umask
- removes the file_umask.
- -nobrowse
- disables enumeration of this share by browsers. For more information about the browse setting, see the Creating new shares section, above.
- -browse
- enables enumeration of this share by browsers.
- -novscan
- changes the share’s virus scan setting. For more information about the vscan setting, see the Creating new shares section, above.
- -vscan
- enables virus scanning for this share.
- -novscanread
- changes the virus scan setting on this share for read access. For more information about the novscanread setting, see the Creating new shares section, above.
- -vscanread
- specifies that files opened on this share for read access should be scanned for viruses.
- -no_caching disallow
- Windows clients from caching any files on this share.
- -manual_caching
- allow users on Windows clients to manually select files to be cached.
- -auto_document_caching
- allow Windows clients to cache user documents on this share. The actual caching behavior depends upon the Windows client.
- -auto_program_caching
- allow Windows clients to cache programs on this share. The actual caching behavior depends upon the Windows client.
- -accessbasedenum
- enable the ability to hide the folders and files underneath this share when the user has no permissions to read them.
- -noaccessbasedenum
- disable the ability to hide the folders and files underneath this share when the user has no permissions to read them.
It is possible for some share settings to be applied to users’ CIFS home directories. The share setting will apply to all user home directories. It is not possible to specify per user settings. Similarly, if the filer has multiple CIFS homedir paths, it is not possible to specify a setting that is per CIFS homedir path. To apply a share setting to all CIFS home directories use the share name cifs.homedir when entering a command. For example, to disable virus scanning for all CIFS access to home directories, a sysadmin would use the command:
filer> cifs shares -change CIFS.HOMEDIR -novscan
To display the settings on CIFS home directories use the command:
filer> cifs shares CIFS.HOMEDIR
The following share settings can be applied to CIFS home directories:
- -widelink
-
- -nowidelink
-
- -symlink_strict_security
-
- -nosymlink_strict_security
-
- -browse
-
- -nobrowse
-
- -vscan
-
- -novscan
-
- -vscanread
-
- -novscanread
-
- -umask
-
- -noumask
-
- -dir_umask
-
- -nodir_umask
-
- -file_umask
-
- -nofile_umask
-
- -no_caching
-
- -manual_caching
-
- -auto_document_caching
-
- -auto_program_caching
-
- -accessbasedenum
-
- -noaccessbasedenum
-
To display the summary for all the shares use the -t option
cifs shares -t
EFFECTIVE
Any changes take effect immediately
PERSISTENCE
Changes are persistent across system reboots.
SEE ALSO
cifs_access
cifs_setup
by Chris Kranz on Jul.07, 2009, under Manual Pages
NAME
cifs_setup – configure CIFS service
SYNOPSIS
cifs setup
DESCRIPTION
The cifs setup command performs the initial configuration of the filer for CIFS. You must have installed the CIFS license before you enter this command. You must run the cifs setup command from the console or from a telnet connection; you can’t enter the command through rsh.
FILES
- /etc/cifsconfig_setup.cfg
- setup configuration information
- /etc/cifsconfig_share.cfg
- share configuration information
- /etc/cifssec.cfg
- NT domain machine account information
- /etc/filersid.cfg
- local machine SID /etc/lclgroups.cfg local NT group information
- /etc/usermap.cfg
- multiprotocol user map file
CLUSTER CONSIDERATIONS
The values for domain controllers and WINS servers need not match on both storage systems in a cluster. However, if you have a multiprotocol environment and use UID-to-SID mapping, the UNIX security information must be compatible between the two domains.
EFFECTIVE
Any changes take effect immediately
PERSISTENCE
Changes are persistent across system reboots.
SEE ALSO
cifs_access , partner , group , passwd .
Copyright © 1994-2008 NetApp, Inc. Legal Information
cifs_sessions
by Chris Kranz on Jul.07, 2009, under Manual Pages
NAME
cifs_sessions – information on current CIFS activity
SYNOPSIS
cifs sessions [ -s | -c ] [ user | machine_IP_address * | machine_name ]cifs sessions -t [ -c ]
DESCRIPTION
The cifs sessions command displays information about CIFS users who are connected to the filer. If you omit the argument, the command displays a summary of information about the filer and lists the users who are connected to the filer.It is also possible to ask for session information by specifying the user’s machine_name.
One can always specify the user’s client machine_IP_address to the cifs sessions command. However, if the filer has not been provided the machine name and session information is asked for using the machine_name argument, the cifs sessions command will fail with the message "User (or PC) not logged in”.
The -t option displays the total count of CIFS sessions, open shares and open files.
The -c option displays information about open directories and the number of active ChangeNotify requests. When used with the -t option, the total count of open directories and active ChangeNotify requests is also shown. When no other option or argument is present, the -c option shows, for each user, the number of open directories and number of active ChangeNotify requests.
A CIFS client connected to the filer is displayed under the PC IP (PC Name) column as an IP address followed by a NetBIOS name (if available) within parentheses. If NetBIOS name is unavailable, the name is displayed as an IP address followed by empty parentheses.
EXAMPLES
cifs sessions Server Registers as ‘HAWLEYR-TOKYO’ in group ‘NT-DOMAIN’ Filer is using ja for DOS users WINS Server: 10.10.10.55 Selected domain controller \NT-DOMAIN-BDC for authentication ==================================================== PC IP(PC Name) (user) #shares #files 132.170.108.1(HAWLEY-PC) (hawleyr – root) 1 4 192.123.34.56() (foo – userBar) 2 5
cifs sessions -c Server Registers as ‘HAWLEYR-TOKYO’ in group ‘NT-DOMAIN’ Filer is using ja for DOS users WINS Server: 10.10.10.55 Selected domain controller \NT-DOMAIN-BDC for authentication =============================================================================== PC IP (PC Name) (user) #shares #files #dirs #ChangeNotifies 132.170.108.1(HAWLEY-PC) (hawleyr – root) 1 4 1 2 192.123.34.56() (foo – userBar) 5 12 10 10
-
Executing the command for user sam might produce output as follows:
cifs sessions sam users shares/files opened 172.18.34.11(HAWLEY-HOME1) (sam) ENG-USERS Read-denyW – \SAM\SRC\TEST\test_pgm.c 132.170.108.1(HAWLEY-PC) (sam) ENG-USERS
cifs sessions -c sam users shares/files and directories opened 172.18.34.11(HAWLEY-HOME1) (sam) (using security signatures) ENG-USERS Read-denyW – \SAM\SRC\TEST\test_pgm.c 2 ChgNfys – \SAM\SRC\TEST
Executing the command with -s * might produce the following:
cifs sessions -s * users Security Information WIN-95 (AGuest – nobody[guest]) *************** UNIX uid = 1208 user is a member of group nobody(65535) NT membership NT-DOMAIN\Domain Guests BUILTIN\Guests User is also a member of Everyone, Network Users ***************
Here are examples using the machine_name and machine_IP_address arguments:
cifs sessions 192.168.228.4 users shares/files opened 10.56.19.93(TORTOLA) (nt-domain\danw – root) HOME cifs sessions tortola users shares/files opened 10.56.19.93(TORTOLA) (nt-domain\danw – root) HOME
Here are examples using the -t option:
cifs sessions -t Using domain authentication. Domain type is Windows NT. Root volume language is not set. Use vol lang. Number of WINS servers: 2 CIFS sessions: 1 CIFS open shares: 1 CIFS open files: 3 CIFS sessions using security signatures: 0 cifs sessions -tc Using domain authentication. Domain type is Windows NT. Root volume language is not set. Use vol lang. Number of WINS servers: 2 CIFS sessions: 1 CIFS open shares: 1 CIFS open files: 3 CIFS open directories: 1 CIFS ChangeNotifies: 2 CIFS sessions using security signatures: 1
cifs_restart
by Chris Kranz on Jul.07, 2009, under Manual Pages
NAME
cifs_restart – restart CIFS service
SYNOPSIS
cifs restart
DESCRIPTION
cifs restart restarts CIFS service if it has been terminated by cifs terminate.
SEE ALSO
cifs_terminate .
Copyright © 1994-2008 NetApp, Inc. Legal Information
cifs_resetdc
by Chris Kranz on Jul.07, 2009, under Manual Pages
NAME
cifs_resetdc – reset CIFS connection to Domain Controller
SYNOPSIS
cifs resetdc [ domain ]
DESCRIPTION
cifs resetdc resets the CIFS connection to Domain Controllers for the specified domain. Current connections to DCs for the domain are terminated, and a new connection is established. In addition, idle Active Directory LDAP connections are also terminated and a new connection is established. This command may be used in concert with the cifs prefdc command to change the Domain Controller CIFS uses for authentication.
SEE ALSO
cifs_prefdc , cifs_testdc
Copyright © 1994-2008 NetApp, Inc. Legal Information
cifs_prefdc
by Chris Kranz on Jul.07, 2009, under Manual Pages
NAME
cifs_prefdc – configure and display CIFS preferred Domain Controller information
SYNOPSIS
cifs prefdc print [ domain ]cifs prefdc add domain address [ address ... ]
cifs prefdc delete domain
DESCRIPTION
cifs prefdc allows control over the order in which CIFS chooses Domain Controllers for domain authentication. cifs prefdc displays one or more preferred Domain Controller (DC) lists, adds a preferred DC list for a domain, or deletes a preferred DC list for a domain.When CIFS needs a Domain Controller to authenticate domain users it uses a combination of WINS and DNS to discover a set of candidate DCs. It then orders the DCs based on site membership (if Windows 2000), and local vs. remote subnet. When a preferred DC list has been specified for the matching domain, those addresses are appended to the front of the list in the order specified, and are tried first. If no preferred DCs can be contacted, then the remaining discovered DCs are tried.
This preferred list is also used to control the order in which Active Directory LDAP servers are chosen.
Listing preferred DCs
To display preferred DC lists, use the print option:
cifs prefdc print [ domain ]
- domain
- name of the domain whose preferred DC list to print. If not present, print preferred DC lists of all domains.
To specify a preferred DC list for a domain, use the add option:
cifs prefdc add domain address [ address ... ]
- domain
- the domain whose preferred DC list is being set.
- address
- IP address for a Domain Controller. At least one address must be specified. Multiple addresses must be separated by spaces.
To delete a deferred DC list for a domain, use the delete option:
cifs prefdc delete domain
EXAMPLES
toaster> cifs prefdc add mydom 10.10.10.10 10.10.10.20 Preferred DC list for domain MYDOM: 1. 10.10.10.10 2. 10.10.10.20 toaster> cifs prefdc add otherdomain 10.10.30.10 Preferred DC list for domain OTHERDOMAIN: 1. 10.10.30.10 toaster> cifs prefdc print Preferred DC lists per domain: MYDOM: 1. 10.10.10.10 2. 10.10.10.20 OTHERDOMAIN: 1. 10.10.30.10
EFFECTIVE
Any changes take effect after a `cifs resetdc’ command or after a domain controller discovery (within 4 hours).
PERSISTENCE
Changes are persistent across system reboots.
SEE ALSO
cifs_resetdc , cifs_testdc
cifs_nbalias.cfg
by Chris Kranz on Jul.07, 2009, under Manual Pages
NAME
cifs_nbalias.cfg – configuration file for CIFS NetBIOS aliases
SYNOPSIS
/etc/cifs_nbalias.cfg
DESCRIPTION
The configuration file /etc/cifs_nbalias.cfg is used to configure NetBIOS aliases for the filer. A NetBIOS alias allows the filer to be accessed by a CIFS client using an alternate name for the filer.
EXAMPLE
This is a sample /etc/cifs_nbalias.cfg file with one NetBIOS alias.# # This file contains NetBIOS aliases used by the filer. # See the System Administrator’s Guide for a full # description of this file. # # There is a limit to the number of aliases that may be specified. # Currently that limit is 200. # # Aliases must be entered one per line. # # After editing this file, use the console command “cifs nbalias load” # to make the filer process the entries in this file. # # Note that the “#” character is valid in a CIFS NetBIOS alias. # Therefore the “#” character is only treated as a comment in this # file if it is in the first column. # # Actual NetBIOS alias name(s) for the filer follow this line. FILERALIAS01
EFFECTIVE
Any changes take effect once CIFS services are restarted
PERSISTENCE
Changes are persistent across system reboots.
FILES
/etc/cifs_nbalias.cfg
SEE ALSO
cifs_nbalias
Copyright © 1994-2008 NetApp, Inc. Legal Information
cifs_nbalias
by Chris Kranz on Jul.07, 2009, under Manual Pages
NAME
cifs_nbalias – Manage CIFS NetBIOS aliases.
SYNOPSIS
cifs nbaliascifs nbalias load
DESCRIPTION
The cifs nbalias command lists out the current NetBIOS aliases for the filer. These alternative filer names are kept in a configuration file at /etc/cifs_nbalias.cfg. After creating or changing the entries in the file, the command cifs nbalias load will cause the filer to process the file. In past releases of Data ONTAP, the CIFS NetBIOS aliases were managed with the options cifs.netbios_aliases name[, name] command. That command is deprecated.
EFFECTIVE
Any changes take effect immediately
PERSISTENCE
Changes are persistent across system reboots.
SEE ALSO
cifs_nbalias.cfg
Copyright © 1994-2008 NetApp, Inc. Legal Information
cifs_lookup
by Chris Kranz on Jul.07, 2009, under Manual Pages
NAME
cifs_lookup – translate name into SID or vice versa
SYNOPSIS
cifs lookup namecifs lookup domain\name
cifs lookup textual_sid_S-x-y-z
DESCRIPTION
The cifs lookup command translates a Windows NT user or group name into its corresponding textual Windows NT SID (Security ID), or a textual NT SID into its corresponding Windows NT user or group name.domain\name is the name of an account in a specified Windows domain. If the domain is omitted, then the name is looked up in the domain in which the Filer is a member server.
Conversely, given a Windows Security ID (SID), cifs lookup will return the corresponding account name.
EXAMPLES
toaster> cifs lookup mday SID = S-1-5-21-39724982-1647982808-1376457959-1221 toaster> cifs lookup NT-DOMAIN\mday SID = S-1-5-21-39724982-1647982808-1376457959-1221 toaster> cifs lookup BUILTIN\Administrators SID = S-1-5-32-544 toaster> cifs lookup S-1-5-32-544 name = BUILTIN\Administrators toaster> cifs lookup nonexistentuser lookup failed
Copyright © 1994-2008 NetApp, Inc. Legal Information
-
Hey. Welcome to NetApp Network Design!
Thanks for dropping by! Feel free to join the discussion by leaving comments, and stay updated by subscribing to the RSS feed. See ya!
Translator
