6 Replies Latest reply: Feb 19, 2013 12:20 PM by Eric Sherrill RSS

CIFS-Access to admin$ share

bloehlein
Currently Being Moderated

Hi,

 

I'm trying to get access to the admin$-share like the share c$ in 7-mode, but i can't get it to work. The CIFS-User is mapped to root (uid 0 / gid 0) and was defined as cifs superuser, but both didn't help.

 

Mapping of the user-defined share with the same share-path works fine... Something else I can do? ONTAP release is 8.1.2P1

 

st228::*> vserver cifs share access-control create -share admin$ -user-or-group Everyone -permission Full_Control


Error: command failed: Failed to create ACE on CIFS share admin$. Reason: The share permission cannot be set on administrative shares.


st228::*> vserver cifs share show
Vserver        Share         Path              Properties Comment  ACL
-------------- ------------- ----------------- ---------- -------- -----------
test_bl_2      admin$        /                 browsable  -        -
test_bl_2      ipc$          /                 browsable  -        -
test_bl_2      vsroot        /                 oplocks    -        Everyone / Full Control
                                               browsable
                                               changenotify
3 entries were displayed.

 

Best regards,

 

Bernd

  • Re: CIFS-Access to admin$ share
    Mrinal Devadas
    Currently Being Moderated

    Hi Bernd,

    Have a look at this FAQ, https://kb.netapp.com/support/index?page=content&id=3012797. The considerations will guide you though the configuration settings that need to be checked.

    • Re: CIFS-Access to admin$ share
      bloehlein
      Currently Being Moderated

      Hi Mrinal,

      normal CIFS-Access to a user-defined share with sharepath "/" is working just fine, so user-mapping, export-policies etc are configured correctly.

       

      But I can't get the administrative share admin$ to work, neither with a domain administrator, nor with a regular domain-user which has cifs superuser privileges configured.

      Didn't find anything about admin$ and ipc$ in the ONTAP-documentation, is this working in 8.1 or will we have to wait for future releases?

       

      Best regards,

      Bernd

      • Re: CIFS-Access to admin$ share
        Mrinal Devadas
        Currently Being Moderated

        Hi Berd,

        I do not have a good answer for why the system-defined shares cannot be modified. My suggestion would be to create a new $ share. This will allow you to set custom permissions on it.

        • Re: CIFS-Access to admin$ share
          bloehlein
          Currently Being Moderated

          Hi Mrinal,

           

          can you tell me what purpose those both administrative shares have? They seem pretty useless since no user can map them and the documentation doesn't talk about them at all

           

          Best regards,

           

          Bernd

          • Re: CIFS-Access to admin$ share
            Mrinal Devadas
            Currently Being Moderated

            That is a good question. I do not have an answer. Others might.

          • Re: CIFS-Access to admin$ share
            Eric Sherrill
            Currently Being Moderated

            From the Windows XP HTML Help file:

             

            Special shared resources

            Depending on the configuration of your computer, some or all of the following special shared resources are created for administrative and system use. These shared resources are not visible from My Computer, but you can view them by using Shared Folders. In most cases, you should not delete or modify special shared resources.

            You may see some or all of the following administrative shared resources in the Shares folder:

             

            drive letter$

            A shared resource that enables administrators to connect to the root directory of a drive. The root directories appear in the Shared Folder column in the Shares folder as A$, B$, C$, D$, and so on. For example, you can access drive D by clicking D$.

             

            ADMIN$

            A resource that is used during remote administration of a computer. The path of this resource is always the path to the system root (the directory in which the operating system is installed: for example, C:\Windows).

             

            IPC$

            A resource that shares the named pipes that are essential for communication between programs. You use IPC$ during remote administration of a computer and when you view a computer's shared resources. You cannot delete this resource.

            [...]

             

            I believe in 7-mode systems these "hidden" shares would allow remote administration through the Computer Management MMC console snap-in, to add, remove or modify CIFS Shares, local users & groups, etc.  I am pretty certain these functions are not supported through MMC in Clustered ONTAP; use the CLI or System Manager GUI instead.

More Like This

  • Retrieving data ...