跳转到主内容

为什么导出策略不限制客户端的访问?

Views:
12
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
cifs
Last Updated:

适用于

ONTAP 9

问题

设置如下。
 
TEST-01::*> cifs share show -vserver test-fs02 -instance
 
Vserver: test-fs02
Share: test
CIFS Server NetBIOS Name: TEST-FS02
Path: /test
Share Properties: oplocks
          browsable
          changenotify
          show-previous-versions
Symlink Properties: symlinks
File Mode Creation Mask: -
Directory Mode Creation Mask: -
Share Comment: -
Share ACL: Everyone / Full Control
File Attribute Cache Lifetime: -
Volume Name: test
Offline Files: manual
Vscan File-Operations Profile: standard
Maximum Tree Connections on Share: 4294967295
UNIX Group for File Create: -
 
Vserver: test-fs02
Share: qtree01
CIFS Server NetBIOS Name: TEST-FS02
Path: /test/qtree01
Share Properties: oplocks
          browsable
          changenotify
          show-previous-versions
Symlink Properties: symlinks
File Mode Creation Mask: -
Directory Mode Creation Mask: -
Share Comment: -
Share ACL: Everyone / Full Control
File Attribute Cache Lifetime: -
Volume Name: test
Offline Files: manual
Vscan File-Operations Profile: standard
Maximum Tree Connections on Share: 4294967295
UNIX Group for File Create: -
 
TEST-01::*> qtree show -vserver test-fs02 -volume test -instance
 
Vserver Name: test-fs02
Volume Name: test
Qtree Name: ""
Actual (Non-Junction) Qtree Path: /vol/test
Security Style: ntfs
Oplock Mode: enable
Unix Permissions: -
Qtree Id: 0
Qtree Status: normal
Export Policy: default
Is Export Policy Inherited: true
 
Vserver Name: test-fs02
Volume Name: test
Qtree Name: qtree01
Actual (Non-Junction) Qtree Path: /vol/test/qtree01
Security Style: ntfs
Oplock Mode: enable
Unix Permissions: -
Qtree Id: 1
Qtree Status: normal
Export Policy: testpolicy
Is Export Policy Inherited: false
 
 
TEST-01::*> export-policy rule show -instance
 
Vserver: test-fs02
Policy Name: default
Rule Index: 1
Access Protocol: cifs
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 0.0.0.0/0
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: any
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true
NTFS Unix Security Options: fail
Vserver NTFS Unix Security Options: use_export_policy
Change Ownership Mode: restricted
Vserver Change Ownership Mode: use_export_policy
 
Vserver: test-fs02
Policy Name: testpolicy
Rule Index: 1
Access Protocol: cifs
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 192.168.1.0/24
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: none
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true
NTFS Unix Security Options: fail
Vserver NTFS Unix Security Options: use_export_policy
Change Ownership Mode: restricted
Vserver Change Ownership Mode: use_export_policy
 
将 Windows 客户端( 192.168.2.1 )跳转连接到 CIFS 共享 "\\test-fs02\test" 后,我们可以在文件夹 "test" 下确认文件夹 "qtree01" 。
现在,即使客户端 IP 地址与 192.168.1.x 不是同一子网,文件夹 "qtree01" 也可以打开

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support

 

  • 这篇文章对您有帮助吗?