Table of ContentsView in Frames

How export policies are used with CIFS access

Export policies determine access to Vserver volumes with CIFS. To access data in a Vserver using CIFS, an export policy that allows CIFS access is created on a Vserver and then associated with volumes containing CIFS shares.

An export policy has a rule or rules applied to it that specify which clients are allowed access to the data and what authentication protocols are supported for read-only and read/write access. Client access can be configured to allow access to all clients, a subnet of clients, or a specific client. CIFS access can be configured to allow authentication using Kerberos and/or NTLM authentication when determining read-only and read/write access to data.

Export rules apply to client machines not to Windows users and groups. Export rules do not replace Windows user and group-based authentication and authorization. Export rules provide another layer of access security in addition to share and file-access permissions.

The administrator can configure rules that provide access to both NFS and CIFS hosts and associate that rule with an export policy, which can then be associated with the volume that contains data to which CIFS and NFS hosts both need access. Alternatively, if there are some volumes where only CIFS clients require access, the administrator can configure an export policy with rules that only allow access using the CIFS protocol and using only Kerberos and/or NTLM read-only and write authentication access rights. The export policy is then associated to the volumes where only CIFS access is desired.

Note: If an export policy with rules that allow access to the desired clients over CIFS and allows access rights using Kerberos and/or NTLM is not associated to the volume containing the CIFS shares, hosts cannot access data using CIFS (even if share ACLs and file permissions are configured to allow access to the requestor).