ONTAP 9.15.1 commands
vserver cifs options modify
Modify CIFS options
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The vserver cifs options modify
command modifies CIFS options for a CIFS server.
Parameters
-vserver <vserver name>
- Vserver-
This parameter specifies the name of the CIFS server for which you want to modify CIFS options.
[-default-unix-user <text>]
- Default UNIX User-
This optional parameter specifies the name of the default UNIX user for the CIFS server.
[-read-grants-exec {enabled|disabled}]
- Read Grants Exec for Mode Bits-
This optional parameter specifies whether the CIFS server does read grant execution for mode bits.
[-wins-servers <InetAddress>,…]
- Windows Internet Name Service (WINS) Addresses-
This optional parameter specifies a list of Windows Internet Name Server (WINS) addresses for the CIFS server. You must specify the WINS servers using an IP address. You can enter multiple WINS addresses as a comma-delimited list.
Use an IPv4 address because WINS over IPv6 is not supported. [-smb1-enabled {true|false}]
- (DEPRECATED)-Enable SMB1 Protocol (privilege: advanced)-
This optional parameter specifies whether the CIFS server negotiates the SMB 1.0 version of the CIFS protocol. The default value for this parameter is false.
This parameter is deprecated because the SMB1 protocol is obsolete and considered insecure. It might be removed in a future release. [-smb2-enabled {true|false}]
- Enable all SMB2 Protocols (privilege: advanced)-
This optional parameter specifies whether the CIFS server negotiates the SMB 2 version of the CIFS protocol. The default value for this parameter is true.
[-smb3-enabled {true|false}]
- Enable SMB3 Protocol (privilege: advanced)-
This optional parameter specifies whether the CIFS server negotiates the SMB 3 version of the CIFS protocol. The default value for this parameter is true.
[-smb31-enabled {true|false}]
- Enable SMB3.1 Protocol (privilege: advanced)-
This optional parameter specifies whether the CIFS server negotiates the SMB 3.1 version of the CIFS protocol. The default value for this parameter is true.
[-max-mpx <integer>]
- Maximum Simultaneous Operations per TCP Connection (privilege: advanced)-
This optional parameter specifies the maximum number of simultaneous operations the CIFS server reports it can process per TCP connection.
[-shadowcopy-dir-depth <integer>]
- Maximum Depth of Directories to Shadow Copy (privilege: advanced)-
This optional parameter specifies the maximum depth of directories on which to create shadow copies in the CIFS server. The default for this parameter is 5. The value 0 indicates that all sub-directories should be shadow copied. This parameter is not supported for workgroup CIFS servers. Directories and files within a FlexGroup will not be shadow copied because FlexGroups do not support shadow copy.
[-copy-offload-enabled {true|false}]
- Enable Copy Offload Feature (privilege: advanced)-
This optional parameter enables the Copy Offload feature in the CIFS server. If set to false, the Copy Offload feature is disabled. The default for this parameter is true.
[-is-copy-offload-direct-copy-enabled {true|false}]
- Is Direct-copy Copy Offload Mechanism Enabled-
This optional parameter enables the direct-copy mechanism for ODX copy offload in the CIFS server. If set to false, the direct-copy mechanism is disabled. The default for this parameter is true.
The direct-copy mechanism increases the performance of the copy offload operation when Windows clients try to open the source file of a copy in a mode that prevents the file being changed while the copy is in progress. If turned off, regular copy offloading takes place. [-default-unix-group <text>]
- Default UNIX Group-
This optional parameter specifies the name of the default UNIX group for the CIFS server. If you do not specify a default UNIX group, the CIFS ACL to NFSv4 ACL translation may result in incomplete NFSv4 ACL information. This parameter is not supported by Vservers with FlexVol volumes.
[-shadowcopy-enabled {true|false}]
- Enable Shadow Copy Feature (VSS) (privilege: advanced)-
This optional parameter enables the Shadow Copy (VSS) feature in the CIFS server when set to true. The VSS feature is disabled when set to false. The default for this parameter is true. This parameter is not supported for workgroup CIFS servers. Directories and files within a FlexGroup will not be shadow copied because FlexGroups do not support shadow copy.
[-is-referral-enabled {true|false}]
- Refer Clients to More Optimal LIFs (privilege: advanced)-
This optional parameter specifies whether the CIFS server automatically refers clients to a data LIF local to the node which hosts the root of the requested share. The default value for this parameter is false.
[-is-local-auth-enabled {true|false}]
- Is Local User Authentication Enabled (privilege: advanced)-
This optional parameter specifies whether local user authentication is enabled for the CIFS server.
[-is-local-users-and-groups-enabled {true|false}]
- Is Local Users and Groups Enabled (privilege: advanced)-
This optional parameter specifies whether the local users and groups feature is enabled for the CIFS server.
[-is-use-junctions-as-reparse-points-enabled {true|false}]
- Is Reparse Point Support Enabled (privilege: advanced)-
This optional parameter specifies whether the CIFS server exposes junction points to Windows clients as reparse points. The default value for this parameter is true. This parameter is only active if the client has negotiated use of the SMB 2 or SMB 3 protocol.
[-is-exportpolicy-enabled {true|false}]
- Is Export Policies for CIFS Enabled (privilege: advanced)-
This optional parameter specifies whether the CIFS server uses export policies to control client access. The default value for this parameter is false.
[-is-unix-nt-acl-enabled {true|false}]
- Is NTFS ACLs on UNIX Security-style Volumes Enabled (privilege: advanced)-
This optional parameter specifies whether the CIFS server has the NTFS ACLs enabled on UNIX security-style volumes. The default value for this parameter is true.
[-is-trusted-domain-enum-search-enabled {true|false}]
- Is Enumeration of Trusted Domain and Search Capability Enabled (privilege: advanced)-
This optional parameter specifies whether the CIFS server supports enumeration of bidirectional trusted domains. It also supports the search in all the bidirectional trusted domains when performing Windows user lookups for UNIX user to Windows user name mapping. The default value is true. This parameter is not supported for workgroup CIFS servers.
[-client-session-timeout <integer>]
- Idle Timeout Before CIFS Session Disconnect (secs)-
This optional parameter specifies the amount of idle time (in seconds) before a CIFS session is disconnected. The default value for this parameter is 900 seconds.
[-is-dac-enabled {true|false}]
- Is Dynamic Access Control (DAC) Enabled (privilege: advanced)-
This optional parameter enables the Dynamic Access Control (DAC) feature in the CIFS server when set to true. The DAC feature is disabled when set to false. The default for this parameter is false. This parameter is not supported for workgroup CIFS servers.
[-restrict-anonymous {no-restriction|no-enumeration|no-access}]
- Restrictions for Anonymous User (privilege: advanced)-
This optional parameter controls the access restrictions of non-authenticated sessions and applies the restrictions for the anonymous user based on the permitted values. The default value for this parameter is no-restriction. Permitted values for this option are:
-
no-restriction - This option specifies no access restriction for anonymous users (default).
-
no-enumeration - This option specifies that only enumeration is restricted.
-
no-access - This option specifies that access is restricted for anonymous users.
-
[-is-read-only-delete-enabled {enabled|disabled}]
- Is Deletion of Read-Only Files Enabled-
This optional parameter controls deletion of read-only files and directories. NTFS delete semantics forbid deletion of a file or directory when the read-only attribute is set. UNIX delete semantics ignore it, focusing instead on parent directory permissions, which some applications require. This option is used to select the desired behavior. By default this option is disabled, yielding NTFS behavior.
[-file-system-sector-size {512|4096 (in bytes)}]
- Size of File System Sector Reported to SMB Clients (bytes) (privilege: advanced)-
This optional parameter specifies the size of file system sector reported to SMB clients (in bytes). The default value for this parameter is 4096. Valid values are 512 and 4096.
[-is-fake-open-enabled {true|false}]
- Is Fake Open Support Enabled (privilege: advanced)-
This optional parameter specifies whether the CIFS server supports fake open requests. This parameter allows you to optimize the open and close requests coming from SMB 2 clients. The default value for this parameter is true.
[-is-unix-extensions-enabled {true|false}]
- Is UNIX Extensions Enabled (privilege: advanced)-
When set to true, this optional parameter enables the UNIX Extensions feature in the CIFS server. If set to false, the UNIX Extensions feature is disabled. The default for this parameter is false. UNIX Extensions allows POSIX/UNIX style security to be displayed through the CIFS protocol.
[-is-search-short-names-enabled {true|false}]
- Is Search Short Names Support Enabled (privilege: advanced)-
This optional parameter specifies whether the CIFS server supports searching short names. A search query with this option enabled will try to match 8.3 file names along with long file names. The default value for this parameter is false.
[-is-advanced-sparse-file-support-enabled {true|false}]
- Is Advanced Sparse File Support Enabled (privilege: advanced)-
This optional parameter specifies whether the CIFS server supports the advanced sparse file capabilities. This allows CIFS clients to query the allocated ranges of a file and to write zeroes or free data blocks for ranges of a file.
[-is-fsctl-file-level-trim-enabled {true|false}]
- Is Fsctl File Level Trim Enabled (privilege: advanced)-
This optional parameter specifies whether trim requests (FSCTL_FILE_LEVEL_TRIM) are supported on the CIFS server.
[-guest-unix-user <text>]
- Map the Guest User to Valid UNIX User (privilege: advanced)-
This optional parameter specifies that an unauthenticated user coming from any untrusted domain can be mapped to a specified UNIX user for the CIFS server. If the CIFS server cannot authenticate the user against a domain controller for the home domain or a trusted domain or the local database, and this option is enabled, the CIFS server considers the user as a guest user and maps the user to the specified UNIX user. The UNIX user must be a valid user.
[-smb1-max-buffer-size <integer>]
- Maximum Buffer Size Used for SMB1 Message (privilege: advanced)-
This optional parameter specifies the maximum buffer size used for an SMB 1.0 message that the CIFS server can receive. If the LARGE_READ or LARGE_WRITE capability is negotiated during session setup, then 'Read' or 'Write' SMB 1.0 operations are allowed to exceed the configured 'smb1-max-buffer-size' value. This parameter does not have any effect on SMB 2 or SMB 3 buffer size. The default value for this parameter is 65535. The supported range for this parameter is 4356 through 65535.
[-max-same-user-sessions-per-connection <integer>]
- Maximum Same User Sessions per TCP Connection (privilege: advanced)-
This optional parameter specifies the maximum number of CIFS sessions that can be set up by the same user per TCP connection. The default value of this parameter is 2500. The maximum value of this parameter is 4294967295.
[-max-same-tree-connect-per-session <integer>]
- Maximum Same Tree Connect per Session (privilege: advanced)-
This optional parameter specifies the maximum number of CIFS tree connects to the same share per CIFS session. The default value of this parameter is 5000. The maximum value of this parameter is 4294967295.
[-max-opens-same-file-per-tree <integer>]
- Maximum Opens on Same File per Tree (privilege: advanced)-
This optional parameter specifies the maximum number of existing opens on the same file per CIFS tree. The default value of this parameter is 1000. The maximum value of this parameter is 4294967295.
[-max-watches-set-per-tree <integer>]
- Maximum Watches Set per Tree (privilege: advanced)-
This optional parameter specifies the maximum number of watches, also known as change notifies, that can be set per CIFS tree. Tree here refers to a share connect from a single client. The default value of this parameter is 500. The maximum value of this parameter is 4294967295.
[-is-admin-users-mapped-to-root-enabled {true|false}]
- Map Administrators to UNIX User 'root' (privilege: advanced)-
If this optional parameter is set to true, Windows users who are members of the "BUILTIN\Administrators" group are mapped to UNIX user 'root' unless a user who is a member of this group is explicitly mapped to a UNIX user. If a Windows user is a member of the "BUILTIN\Administrators" group and an explicit user mapping exists for that user, the explicit name mapping takes precedence. If this parameter is set to false, users that are members of the "BUILTIN\Administrators" group are not mapped to UNIX 'root'. The default value for this parameter is true.
[-is-advertise-dfs-enabled {true|false}]
- (DEPRECATED)-Enable DFS Referral Advertisement (privilege: advanced)-
This optional parameter specifies whether to advertise DFS referral of the CIFS protocol. The default value for this parameter is false. This option is not applicable to SMB 1.0.
This parameter is deprecated and may be removed in a future release of Data ONTAP. The functionality provided by this parameter is now controlled by the -symlink-properties
parameter instead. [-is-path-component-cache-enabled {true|false}]
- Is Path Component Cache Enabled (privilege: advanced)-
This optional parameter specifies whether the path component cache is enabled. The default value for this parameter is true.
[-win-name-for-null-user <TextNoCase>]
- Map Null User to Windows User or Group (privilege: advanced)-
This optional parameter specifies a valid Windows user or group name that will be added to the CIFS credentials for a NULL user Session.
[-is-hide-dotfiles-enabled {true|false}]
- Is Hide Dot Files Enabled (privilege: advanced)-
This optional parameter specifies whether the CIFS server supports hiding dot files. Directory enumeration with this option enabled hides files and directories that begin with a dot ("."). The default value for this parameter is false.
[-is-client-version-reporting-enabled {true|false}]
- Is Client Version Reporting Enabled (privilege: advanced)-
If this parameter is set to true, CIFS client version tracking information is collected by AutoSupport. The default value of this parameter is true.
[-is-client-dup-detection-enabled {true|false}]
- Is Client Duplicate Session Detection Enabled (privilege: advanced)-
This optional parameter specifies whether the CIFS server supports duplicate session detection. Duplicate sessions that come from the same client with VcNumber of zero with this option enabled will be closed, and is only applicable for SMB 1.0 clients. The default value for this parameter is true.
[-grant-unix-group-perms-to-others {true|false}]
- Grant UNIX Group Permissions to Others (privilege: advanced)-
This optional parameter specifies whether the incoming CIFS user who is not the owner of the file, can be granted the group permission. If the CIFS incoming user is not the owner of UNIX security-style file and this option is set to true, then at all times the file’s "group" permissions are granted. If the CIFS incoming user is not the owner of UNIX security-style file and this option is set to false, then the normal UNIX rules are applicable to grant the permissions. The default value of this parameter is false.
[-is-multichannel-enabled {true|false}]
- Is Multichannel Enabled (privilege: advanced)-
This optional parameter specifies whether the CIFS server supports Multichannel or not. The default value for this parameter is false.
[-max-connections-per-session <integer>]
- Maximum Connections Allowed Per Multichannel Session (privilege: advanced)-
This optional parameter specifies the maximum number of connections allowed per Multichannel session. The default value for this parameter is 32.
[-max-lifs-per-session <integer>]
- Maximum LIFs Advertised Per Multichannel Session (privilege: advanced)-
This optional parameter specifies the maximum number of network interfaces advertised per Multichannel session. The default value for this parameter is 256.
[-is-large-mtu-enabled {true|false}]
- Is Large MTU Enabled (privilege: advanced)-
This optional parameter specifies whether the CIFS server supports the SMB 2.1 "large MTU" feature. The default value for this parameter is true.
[-is-netbios-over-tcp-enabled {true|false}]
- Is NetBIOS over TCP (port 139) Enabled (privilege: advanced)-
This optional parameter specifies whether the CIFS server supports the NetBIOS over TCP (port 139) feature. The default value for this parameter is true.
[-is-nbns-enabled {true|false}]
- Is NBNS over UDP (port 137) Enabled (privilege: advanced)-
This optional parameter specifies whether the CIFS server supports the NBNS protocol. The default value for this parameter is
false
. [-widelink-as-reparse-point-versions <CIFS Dialects>,…]
- Protocol Versions for Which Widelink Will Be Reported as Reparse Point (privilege: advanced)-
This optional parameter specifies the CIFS protocol versions for which the widelink is reported as reparse point. The default value for this parameter is
SMB1
.Any values entered for this parameter is replaced with the existing values. [-max-credits <integer>]
- Maximum Credits to Grant (privilege: advanced)-
This optional parameter specifies the maximum number of outstanding requests on a CIFS connection. The default value for this parameter is 128.
[-is-inherit-modebits-with-nfsv4acl-enabled {true|false}]
- Enable Modebits on CIFS File Inheriting NFSv4 ACLs (privilege: advanced)-
This optional parameter specifies whether to set mode bits on the files created by the cifs user that inherit NFSv4 acls. This parameter is not supported for SMB1 clients.
[-is-share-enum-permission-check-enabled {true|false}]
- Check Share Permission for NetShareEnumAll Request (privilege: advanced)-
If this parameter is set to
true
, the NetShareEnum call will only respond with the shares the user has access to. The default value isfalse
which means it will respond with all shares.
Examples
The following example modifies CIFS options for the Vserver "vs1". It changes the default UNIX user, disables read grants exec, disables SMB2.x, changes maximum multiplex count to 1124, changes the file system sector size reported to SMB clients to 512, disables the direct-copy offload mechanism for ODX copy offload, enables the UNIX Extensions feature, disables fake open requests changes WINS servers to 192.168.11.112 and changes the client session timeout to 6000.
cluster1::> vserver cifs options modify -vserver vs1 -default-unix-user pcuser -read-grants-exec disabled -smb2-enabled false -max-mpx 1124 -file-system-sector-size 512 -is-copy-offload-direct-copy-enabled false -is-unix-extensions-enabled true -is-fake-open-enabled false -wins-servers 192.168.11.112 -client-session-timeout 6000
The following example modifies CIFS options for the Vserver "vs1". It enables the advanced sparse file support .
cluster1::> vserver cifs options modify -vserver vs1 -is-advanced-sparse-file-support-enabled true
The following example modifies CIFS options for the Vserver "vs1". It modifies limits for maximum opens on the same file, max sessions by the same user, max tree connects per session, and max watches set.
cluster1::> vserver cifs options modify -vserver vs1 -max-same-user-sessions-per-connection 100 -max-same-tree-connect-per-session 100 -max-opens-same-file-per-tree 150 -max-watches-set-per-tree 200
The following example modifies CIFS options for the Vserver "vs1". It modifies the option to disable the path component cache. .
cluster1::> vserver cifs options modify -vserver vs1 -is-path-component-cache-enabled false
The following example modifies CIFS options for the Vserver "vs1". It modifies the option to disable CIFS client version tracking.
cluster1::> vserver cifs options modify -vserver vs1 -is-client-version-reporting-enabled false
The following example modifies CIFS option for the Vserver "vs1". It modifies the option to enable granting of UNIX group permissions to others.
cluster1::> vserver cifs options modify -vserver vs1 -grant-unix-group-perms-to-others true