I'm trying to get access to the admin$-share like the share c$ in 7-mode, but i can't get it to work. The CIFS-User is mapped to root (uid 0 / gid 0) and was defined as cifs superuser, but both didn't help.
Mapping of the user-defined share with the same share-path works fine... Something else I can do? ONTAP release is 8.1.2P1
st228::*> vserver cifs share access-control create -share admin$ -user-or-group Everyone -permission Full_Control Error: command failed: Failed to create ACE on CIFS share admin$. Reason: The share permission cannot be set on administrative shares. st228::*> vserver cifs share show Vserver Share Path Properties Comment ACL -------------- ------------- ----------------- ---------- -------- ----------- test_bl_2 admin$ / browsable - - test_bl_2 ipc$ / browsable - - test_bl_2 vsroot / oplocks - Everyone / Full Control browsable changenotify 3 entries were displayed.
Have a look at this FAQ, https://kb.netapp.com/support/index?page=content&id=3012797. The considerations will guide you though the configuration settings that need to be checked.
normal CIFS-Access to a user-defined share with sharepath "/" is working just fine, so user-mapping, export-policies etc are configured correctly.
But I can't get the administrative share admin$ to work, neither with a domain administrator, nor with a regular domain-user which has cifs superuser privileges configured.
Didn't find anything about admin$ and ipc$ in the ONTAP-documentation, is this working in 8.1 or will we have to wait for future releases?
From the Windows XP HTML Help file:
Special shared resources
Depending on the configuration of your computer, some or all of the following special shared resources are created for administrative and system use. These shared resources are not visible from My Computer, but you can view them by using Shared Folders. In most cases, you should not delete or modify special shared resources.
You may see some or all of the following administrative shared resources in the Shares folder:
A shared resource that enables administrators to connect to the root directory of a drive. The root directories appear in the Shared Folder column in the Shares folder as A$, B$, C$, D$, and so on. For example, you can access drive D by clicking D$.
A resource that is used during remote administration of a computer. The path of this resource is always the path to the system root (the directory in which the operating system is installed: for example, C:\Windows).
A resource that shares the named pipes that are essential for communication between programs. You use IPC$ during remote administration of a computer and when you view a computer's shared resources. You cannot delete this resource.
I believe in 7-mode systems these "hidden" shares would allow remote administration through the Computer Management MMC console snap-in, to add, remove or modify CIFS Shares, local users & groups, etc. I am pretty certain these functions are not supported through MMC in Clustered ONTAP; use the CLI or System Manager GUI instead.