Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| cloudappliance/cifs [2020_08_24 11:54] – dan | cloudappliance:cifs [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | # CIFS/SMB Connector (Multi User) | ||
| - | == Last updated on August 24, 2020 == | ||
| - | //(New in 1906.07 - Appliance Only)// | ||
| - | |||
| - | <WRAP center round important 100%> | ||
| - | We recommend using this connector with v1906.08 or higher of the File Fabric. | ||
| - | </ | ||
| - | |||
| - | |||
| - | For the single-user CIFS/SMB connector [[cloudappliance: | ||
| - | |||
| - | ===== Overview ===== | ||
| - | |||
| - | The CIFS/SMB connector provides end-users with access to their data stored within the CIFS/SMB shares via the Enterprise File Fabric and its' multiple channels of access, including web, desktop, and mobile. This can be CIFS shared that are on-premises, | ||
| - | |||
| - | The connector binds Identity and Access Management from the Enterprise File Fabric (integrated via Active Directory / LDAP integration) with the permissions of the underlying file shares to provide users with secure access into the SMB storage, whilst ensuring that users only see and access data that they have permissions to from the underlying shares. | ||
| - | |||
| - | Your existing administrators will continue to manage and maintain file share permissions directly from the SMB file shares. Furthermore, | ||
| - | |||
| - | ===== Prerequisites ===== | ||
| - | |||
| - | Enterprise File Fabric (EFF) requirements: | ||
| - | * Version 1906.07 or higher | ||
| - | * Organization user account with Administrator role | ||
| - | * Organization connected to your Active Directory via the LDAP Auth Connector. | ||
| - | * AD Administrative account | ||
| - | |||
| - | ===== Adding the SMB Connector ===== | ||
| - | |||
| - | To begin adding the connector, it must first be enabled in your applicable **Package** from your **appladmin** account. In the Package options, ensure that the **SMB (multi-user)** connector is checked for it to be available to the organization. | ||
| - | |||
| - | Next, logging into the Organization Admin account, visit the **Dashboard** and click the **Add new provider** button. | ||
| - | |||
| - | From the dropdown list, select **SMB (multi-user)** and then click **Add provider**. | ||
| - | |||
| - | On the next screen, you will be presented with the following fields: | ||
| - | |||
| - | * **Name** — This will be the friendly name of the provider. Your users will see this inside of their accounts. | ||
| - | |||
| - | * **Username** - The provider will index the storage using an identity that can access the entire storage estate, normally the Administrator user. This field accepts the Username, and should include the domain, for example " | ||
| - | |||
| - | * **Password** - This is the password for the account used in the **Username** field. | ||
| - | |||
| - | * **Share Path** - This is the UNC path to the SMB Share. Enter a Unix compatible path, for example: | ||
| - | |||
| - | / / | ||
| - | |||
| - | * **Protocol version** - This is used to control the SMB protocol version that is used. As of writing, **3.0** is the most secure and most recommended version to use. < | ||
| - | It appears that some implementations of SMB 3.0 with ABE don't work as expected. | ||
| - | </ | ||
| - | |||
| - | |||
| - | * **Use SMBClient for Listing** - Using the smbclient can have performance benefits and is recommended. | ||
| - | |||
| - | * **Binding LDAP** - A prerequisite noted for this connector is an already established Active Directory connection via LDAP. This should be the same AD domain that is integrated with your SMB share. You should select this Enterprise File Fabric Authentication System from the list. | ||
| - | |||
| - | Before proceeding with the next step, it is advisable to review the number of threads that will be used for the Synchronization. Increasing the thread count can improve the rate at which the storage is indexed. For details on increasing that, [[provider-synchronization|please see this guide]]. | ||
| - | |||
| - | Once completed, click **Continue**. | ||
| - | |||
| - | At this point, the EFF will connect to the SMB share, and perform a Provider Sync of the storage metadata. | ||
| - | |||
| - | During the phase of Provider Synchronization, | ||
| - | |||
| - | You can monitor the Provider Sync from the Provider Information screen. | ||
| - | |||
| - | Once the Synchronization has been completed, you should open the **Dashboard** and set the **Real-time refresh** option to **On**. If this option is not present on your Dashboard, then it may need to be enabled from the **appladmin**' | ||
| - | |||
| - | The SMB connector automatically establishes itself as a [[organisationcloud/ | ||
| - | |||
| - | When users next login to the EFF, they will observe a team shared folder at the root of their view, with access to the data stored on the filer. | ||
| - | |||
| - | If you need to add multiple SMB shares, this can be done by repeating the above steps. | ||
| - | |||
| - | ===== Guidelines and Notices ===== | ||
| - | |||
| - | * By design, this connector cannot be added by individual org members to create personal providers as it involves creating a Shared Team Folder for the organization' | ||
| - | * For each SMB provider that you add, you will find a shared team folder created in the root of the Organization account. The File Fabric reads the permissions for the file shares, whether you are mounting the root of a file share, or if you are mounting a sub-path of the share. Where DFS is fronting the shares, all users will have access to the DFS root, and the shares within the DFS server will have permissions applied accordingly. | ||
| - | * Often versioning and trash should be disabled, as the SMB file system will handle these capabilities natively. | ||
| - | * To prevent overloading your LDAP server with repeat requests, caching of user groups and SIDs is done within the EFF. The default cache expiration time is 300 seconds. This can be tuned using the following configuration parameter: | ||
| - | |||
| - | ``` | ||
| - | var $cifsldapcachetime = 300; | ||
| - | ``` | ||
| - | |||
| - | <WRAP center round help 100%> | ||
| - | For guidance in adding, modifying, or deleting configuration parameters, [[appliance/ | ||
| - | |||
| - | * The EFF will automatically manage specific mount points on the EFF host machine. Operations performed by users, such as opening, editing and sharing are performed on the individual user's mounts. This underpins the security of the connector. | ||
| - | * It is recommended to have the following configuration option enabled: | ||
| - | |||
| - | ``` | ||
| - | var $cifs_passwd = ' | ||
| - | ``` | ||
| - | * If a user receives the message " | ||
| - | |||
| - | * The baseDN that you specify for LDAP searches must be high enough in the tree to encompass both all of your users and all of your shares. | ||
| - | |||
| - | * If the password of a user who is using the File Fabric' | ||
| - | |||
| - | * Share names configured in the File Fabric must match the corresponding names on the storage exactly, including case. If the cases differ then you will experience errors when adding the provider. | ||
| - | |||
| - | * When a folder is being configured as the root of a share, the full folder path configured in the File Fabric must match the path on the storage exactly, including case. If there are differences in case then the File Fabric will not be able to fetch and use the storage' | ||
| - | |||