Table of ContentsView in Frames

Creating an SMB share on a CIFS server

You must create an SMB share before you can share data on a CIFS server with SMB clients. When you create a share, you can customize the share by configuring optional settings, such as specifying how symlinks are presented to clients. You can also set share properties when creating the share.

Steps

  1. If necessary, create the directory path structure for the share.
    You must create the directory path structure specified by the -path option in the vserver cifs share create command before creating your share. The vserver cifs share create command checks the path specified in the -path option during share creation. If the specified path does not exist, the command fails.

    If the UNC path (\\servername\sharename\filepath) of the share contains more than 256 characters (excluding the initial "\\" in the UNC path), then the Security tab in the Windows Properties box is unavailable. This is a Windows client issue rather than a Data ONTAP issue. To avoid this issue, do not create shares with UNC paths with more than 256 characters.

  2. Create an SMB share on a CIFS server associated with the specified Storage Virtual Machine (SVM): vserver cifs share create -vserver vserver_name -share-name share_name -path path [-share-properties share_properties,...] [-symlink-properties {enable|hide|read_only},...] [-file-umask octal_integer] [-dir-umask octal_integer] [-comment text] [-attribute-cache-ttl [integerh]|[integerm]|[integers]] [-offline-files {none|manual|documents|programs}] [-vscan-fileop-profile {no-scan|standard|strict|writes-only}] [-max-connections-per-share integer] [-force-group-for-create UNIX_group_name]
    -vserver vserver_name specifies the CIFS-enabled SVM on which to create the share.

    -share-name share_name specifies the name of the new SMB share.

    • If this is a home directory share as specified by the value of homedirectory on the -share-properties parameter, you must include either the %w (Windows user name) or the %u (UNIX user name) dynamic variable in the share name.

      The share name can additionally contain the %d (domain name) dynamic variable (for example, %d/%w) or a static portion in the share name (for example, home1_%w).

    • If the share is used by administrators to connect to other users' home directory (the vserver cifs home-directory modify option -is-home-dirs-access-for-admin-enabled is set to true) or by a user to connect to other users' home directory (the advanced vserver cifs home-directory modify option -is-home-dirs-access-for-public-enabled is set to true, the dynamic share name pattern must be preceded by a tilde (~).

    -path path specifies the directory path to the SMB share.

    • This path must exist.
    • A directory path name can be up to 255 characters long.
    • If there is a space in the path name, the entire string must be quoted (for example, "/new volume/mount here").
    • If this is a home directory share as specified by value of homedirectory on the -share-properties parameter, you can make the path name dynamic by specifying the %w (Windows user name), %u (UNIX user name), or %d (domain name) variables or any of their combinations as a part of the value of this parameter.

    -share-properties share_properties specifies an optional list of properties for the share.

    • The default initial properties for all shares on FlexVol volumes are oplocks, changenotify, and browsable.
    • It is optional to specify share properties when you create a share.

      However, if you do specify share properties when you create the share, the defaults are not used. If you use the -share-properties parameter when you create a share, you must specify all the share properties that you want to apply to the share using a comma-delimited list.

    • For SVMs with Infinite Volume, the default initial properties are oplocks and browsable.

    The list of share properties can include one or more of the following:

    • homedirectory

      Specifies that this is a home directory share. The CIFS home directory feature enables you to configure a share that maps to different directories based on the user that connects to it and a set of variables. Instead of having to create separate shares for each user, you can configure a single share with a few home directory parameters to define a user's relationship between an entry point (the share) and their home directory (a directory on the SVM).

      Note: This property cannot be added or removed after share creation.
    • oplocks

      Specifies that the share uses opportunistic locks, also known as client-side caching. Oplocks are enabled on shares by default; however, some applications do not work well when oplocks are enabled. In particular, database applications such as Microsoft Access are vulnerable to corruption when oplocks are enabled.

      An advantage of shares is that a single path can be shared multiple times, with each share having different properties. For instance, if a path named /dept/finance contains both a database and other types of files, you can create two shares to it, one with oplocks disabled for safe database access and one with oplocks enabled for client-side caching.

    • browsable

      Specifies that the share can be browsed by Windows clients.

    • showsnapshot

      Specifies that Snapshot copies can be viewed and traversed by clients.

    • changenotify

      Specifies that the share supports Change Notify requests. For shares on SVMs with FlexVol volumes, this is a default initial property.

      For shares on SVMs with Infinite Volume, the changenotify property is not set by default, and setting it requires the advanced privilege level. When the changenotify property is set for a share on SVMs with Infinite Volume, change notifications are not sent for changes to file attributes and time stamps.

    • attributecache

      Specifies that file attribute caching on the SMB share is enabled to provide faster access of attributes. The default is to disable attribute caching. This property should be enabled only if there are clients connecting to shares over SMB 1.0. This share property is not applicable if clients are connecting to shares over SMB 2.x or SMB 3.0.

    • continuously-available

      Specifies that SMB 3.0 and later clients that support it are permitted to open files in a persistent manner. Files opened this way are protected from disruptive events, such as failover and giveback. This option is not supported for SVMs with Infinite Volume.

    • branchcache

      Specifies that the share allows clients to request BranchCache hashes on the files within this share. This option is effective only if you specify per-share as the operating mode in the CIFS BranchCache configuration. This option is not supported for SVMs with Infinite Volume.

    • access-based-enumeration

      Specifies that Access Based Enumeration is enabled on this share. ABE-filtered shared folders are visible to a user based on that individual user's access rights, preventing the display of folders or other shared resources that the user does not have rights to access.

    • namespace-caching

      Specifies that the SMB clients connecting to this share can cache the directory enumeration results returned by the CIFS servers, which can provide better performance. By default, SMB 1.0 clients do not cache directory enumeration results. Because SMB 2.0 and SMB 3.0 clients cache directory enumeration results by default, specifying this share property provides performance benefits only to SMB 1.0 client connections.

    • encrypt-data

      This property specifies that SMB encryption must be used when accessing this share. SMB clients that do not support encryption when accessing SMB data will not be able to access this share.

    -symlink-properties share_symlink_property specifies how UNIX symbolic links (symlinks) are presented to SMB clients. You can specify one of the following values:
    • enabled

      Specifies that symlinks are enabled for read-write access.

    • read_only

      Specifies that symlinks are enabled for read-only access. This setting does not apply to widelinks. Widelink access is always read-write.

    • hide

      Specifies that SMB clients are prevented from seeing symlinks.

    Note: To disable symlinks, you specify the value as "" or "-".

    -file-umask octal_integer specifies the default UNIX umask for new files created on the share. If not specified, the umask defaults to 022.

    -dir-umask octal_integer specifies the default UNIX umask for new directories created on the share. If not specified, the umask defaults to 000.
    Note: Accessing an existing directory or file through multiple SMB shares that have different values for the -file-umask and -dir-umask parameters returns consistent permissions and access rights. For instance, assume you have a share named "share1" that has a file umask of 000 and a share named "share2" that has a file umask of 022, and that these shares overlap (that is, can access the same directories). If you create a file named \\server\share1\abc, the umask for that file is 000. If you create a file named \\server\share2\123, the umask for that file is 022.

    -comment text specifies a text description of the share. The description can be up to 255 characters long. If there is a space in the description, the entire string must be quoted (for example, "This is engineering's share.").

    -attribute-cache-ttl time_interval specifies the lifetime for the attribute cache share property. Specifying this option is useful only if you specify attributecache as a value of the -share-properties parameter.

    -offline-files specifies the caching behavior of Windows clients when accessing data from the share. The value can be one of following:

    • none

      This disallows Windows clients from caching any files on this share.

    • manual

      This allows users on Windows clients to manually select files to be cached.

    • documents

      This allows Windows clients to cache user documents that are used by the user for offline access.

    • programs

      This allows Windows clients to cache programs that are used by the user for offline access. A user can use those files in an offline mode even if the share is available.

    -vscan-filop-profile specifies which operations trigger virus scans. The value can be one of following:

    • no-scan

      Specifies that virus scans are never triggered for this share.

    • standard

      Specifies that virus scans are triggered by open, close, and rename operations. This is the default profile.

    • strict

      Specifies that virus scans are triggered by open, read, close, and rename operations.

    • writes-only

      Specifies that virus scans are triggered only when a file that has been modified is closed.

    For information about configuring an antivirus solution, see the Clustered Data ONTAP Antivirus Configuration Guide.

    -max-connections-per-share specifies the maximum number of simultaneous connections on a share.

    • The limit is on a node-by-node basis, not the SVM or cluster basis.
    • The default value is 4294967295, which is the maximum value for this parameter.
    Note: The maximum number of tree connects allowed in a single session is 4096 and is not configurable.

    -force-group-for-create specifies that all files that SMB users create in a specific share belong to the same group, also called the force group. The force group must exist in the UNIX group database (files, NIS, or LDAP). This setting has no effect unless the security style of the volume is UNIX or mixed security style. If this setting is specified, the following becomes true for the share:

    • The primary GID of the SMB users who access this share is temporarily changed to the GID of the force group.
    • All files in this share that SMB users create belong to the same force group, regardless of the primary GID of the file owner.

Examples

The following command creates an SMB share named "SHARE1" on Storage Virtual Machine (SVM, formerly known as Vserver) "vs1". Its directory path is /u/eng. Oplocks and browsability are specified on the share, and the UNIX umask is explicitly set as 022 on files and 000 on directories.

cluster1::> vserver cifs share create -vserver vs1 -share-name SHARE1 -path /u/eng -share-properties browsable,oplocks -file-umask 022 -dir-umask 000

The following command creates an SMB share named "DOCUMENTS" on the SVM "vs1". The path to the share is /documents. The share uses opportunistic locks (client-side caching), a notification is generated when a change occurs, and the share allows clients to cache user documents on this share.

cluster1::> vserver cifs share create -vserver vs1 -share-name DOCUMENTS -path /documents -share-properties changenotify,oplocks -offline-files documents