Please find the output below:
BR-HNAS-2:$ evssel 1
cifs-user-lookup-access: executing on cluster node 2, though the EVS in context (1) is currently on cluster node 1
Only authenticated clients may use the server's LSA.
EVS 1 CIFS Authentication: on
cifs-restrict-anonymous: executing on cluster node 2, though the EVS in context (1) is currently on cluster node 1
cifs-restrict-anonymous: Restrict Anonymous users is disabled.
Is tcipnasevs1 a member of an Active Directory domain ?
If you connect a non-domain PC ( like a home laptop) to your network are you , without authenticating, or joining that
PC to the domain actually, able to access content on tcipnasevs1 ?
Is tcipnasevs1 a member of an Active Directory domain ? yes, screenshot attached.
PC to the domain actually, able to access content on tcipnasevs1 ? no.
I think I got the solution, if I enable below settings, all CIFS shares will be accessible to only authenticated users right.
Anonymous users are restricted and only authenticated users are allowed access over CIFS.
HiYes; but, based on your test , anonymous users are not able to access anything now .What actual operations are you seeing that anonymous users can do that would justify changing the default cifs-restrict-anonymous settingAndy
There are CIFS share which can be accessed by un authenticated users, which we want to restrict.
And below setting will make us achieve that right ? cifs-restrict-anonymous enable
On a test share that can be accessed by an un-authenticated user, try this ( it allows you to control share access without changing a more global settting.
cifs-saa list myshare
If Everyone has af access, run these
cifs-saa add myshare "Administrators" afcifs-saa add myshare "Authenticated Users" afcifs-saa delete myshare Everyone
Can an un-authenticated user still access the share ?
When I configure shares, I remove Everyone from the accesslist of 99.9% of the shares
I actually do additional share-permission changes.
Hi Andrew,How can we access logs for CIFS share access on HNAS
Hi Andrew,I have same question, how to access CIFS share user access log, I need to pull list of users accessing the shares.