No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

File Access and Protocols Feature Guide 11

OceanStor 18500 V3 and 18800 V3 Mission Critical Storage System V300R003

This document describes the implementation principles and application scenarios of the NAS feature. Also, it explains how to configure and manage NAS.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Enabling the CIFS Service

Enabling the CIFS Service

Before creating a CIFS share, check whether the CIFS service has been enabled and whether parameters are correct.

Procedure

  1. Log in to DeviceManager.
  2. Choose Settings > Storage Settings > File Storage Service > CIFS Service.
  3. In CIFS Service, check whether Enable is selected. If not, select Enable.
  4. Configure CIFS service parameters.
    1. Table 3-6 describes the related parameters.

      Table 3-6  CIFS service parameters

      Parameter

      Description

      Value

      Authentication Mode

      Authentication mode for accessing a CIFS share.

      • Local authentication: Applies to scenarios where a local user accesses a CIFS share in a non-domain environment.
      • Domain authentication: Applies to scenarios where a domain user accesses a CIFS share in an AD domain.
      • Global authentication: Local authentication is used first. If local authentication fails, domain authentication is used.

      [Example]

      Domain authentication

      Performance Settings

      You can configure performance parameters to improve the CIFS share access efficiency.
      • Oplock: Opportunistic locking (Oplock) is a mechanism that improves client access efficiency. After this mechanism is enabled, files are cached locally before being sent to shared storage.
        This function is not recommended in the following scenarios:
        • Scenarios that have high requirements for data integrity: Local cache loss will occur if your network is interrupted or your client breaks down after Oplock is enabled. If the upper-layer service software does not have a mechanism to ensure data integrity, recovery, or retry, data loss may occur.
        • Scenarios where multiple clients access the same file: If Oplock is enabled, the system performance will be adversely affected.
      • Notify: After this parameter is enabled, a client's operations on a directory, such as adding a sub-directory, adding a new file, modifying the directory, and modifying a file, can be sensed by other clients that are accessing this directory or the parent directory of this directory through automatic display refreshing.

      None

      Security Settings

      After the guest service is enabled, users can access shared directories without user names or passwords. Besides, users have the same permission as the Everyone local authentication group.

      None

      Access Settings

      After ABSE (Access Based Share Enumeration) has been enabled, when user view the CIFS share information, only the CIFS shares that the user has permission to access displays.

      NOTE:
      • It takes 10 to 20 minutes to load the CIFS share permission information after the storage system is powered on. During this period, the function does not take effect.
      • You are advised to enable ABSE. Otherwise, security risks may exist in all sharing including sharing without access permission.

      [Example]

      ABSE

      Signature Settings

      You can set signatures to enhance CIFS share access security.

      • Signature: This item is available for a client that employs SMB (Server Message Block) 1.0. After this item is selected, the client supports the signature function. For a client that employs an SMB later than SMB 1.0, the client supports the signature function by default. Whether the signature function is enabled also depends on the client registry settings. By default, the registry settings do not support the signature function.
      • Signature enforcement: After this parameter is selected, clients are required to enable the signature function. If a client does not enable the signature function, the client is not allowed to access the system data.
      NOTE:

      If the signature function is disabled, the storage system may encounter man-in-the-middle (MITM) attacks, resulting in security risks.

      [Example]

      Signature enforcement

    2. After the parameters are configured, click Save.

      The Success dialog box is displayed indicating that the operation succeeded.

    3. Click OK to finish configuring CIFS service parameters.
Translation
Download
Updated: 2018-07-19

Document ID: EDOC1000084098

Views: 24751

Downloads: 72

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next