Table of Contents

SMB File Access Workflow

The SMB File Access workflow enables you to set up SMB access for clients to volumes. This workflow enables you to configure file access over SMB shares to file and folders that are secured with NTFS file permissions.

The workflow provides instructions about how to provision storage, create NTFS security-style volumes, create shares, and then secure access to the files and folders by configuring NTFS file and folder permissions.

The following sections provide details about the workflow and how to execute the workflow:

Prerequisites for executing the SMB File Access workflow

You must ensure that certain requirements are met before executing the SMB File Access workflow. You must be a cluster administrator for executing this workflow.

  • Your system must be running ONTAP.
    Note: This workflow is qualified to work with ONTAP 8.2.1 and later.
  • OnCommand Workflow Automation (WFA) 3.0 must be installed.
  • You must have added any version of OnCommand Unified Manager from 6.1 through 9.5 or Active IQ Unified Manager 9.6 or later as a data source in WFA and obtained the latest Unified Manager data.
  • CIFS license must be enabled.
  • The cluster must already be created and the cluster time must be synchronized with an NTP server.
  • You must have already created the CIFS server for the storage virtual machine (SVM) on which you want to create SMB shares.
  • At least one data LIF for the SVM on which the CIFS server is configured must exist and must be reachable by the Windows clients that has to access data over SMB.
  • You must have set up a connection to the cluster that contains the SVM.
  • DNS must be configured on the SVM.
  • DNS entries on the DNS server must exist that map the CIFS server name to existing data LIFs used by the CIFS server.
  • A network path from the CIFS server to the Active Directory domain controllers must exist.
  • CIFS users and groups must be added in the Active Directory and configured in Data ONTAP.
  • The default UNIX user must be enabled and must be used for name mapping.

What happens when you execute the SMB File Access workflow

The SMB File Access workflow enables you to create an aggregate, create a volume and place the volume in a desired location in the namespace (if necessary), create a share, and configure access control of the share.

After you have configured the share permissions, you should configure NTFS file and folder permissions from your Windows administration host, and then verify your configuration from the Windows client.

Note: The workflow does not include the verification procedure.

The following illustration displays the tasks involved in executing the workflow:

Executing the SMB File Access workflow

The SMB File Access workflow enables you to create an aggregate, create a volume and place the volume in the required location in the namespace, change the volume security style to NTFS if necessary, create and configure the share, and then configure NTFS file and folder permissions.

Before you begin

You must have reviewed the requirements for executing the workflow.

About this task

You should have the following input parameters available for executing the workflow:

  • Cluster name
  • SVM name
  • If you want to create an aggregate:
    • Node name
    • Aggregate name
    • Aggregate RAID type
    • Number of disks to create the aggregate
  • Extended volume style (FlexVol or FlexGroup), volume name, and size
  • Volume junction path
  • Encrypt Volume (optional)
  • Name of the CIFS share
  • Required user access permission to the share


  1. Log in to WFA by providing the necessary credentials.
  2. Click Portal > Storage Provisioning > SMB File Access.
    Tip: You can use the filter () to locate the workflow.
  3. Click the Execute icon ().
    The Execute Workflow 'SMB File Access' dialog box is displayed.
  4. Provide the cluster and SVM names.
  5. Provide the aggregate details:
    If you are... Do this…
    Using an existing aggregate Select an appropriate aggregate from the drop-down list.
    Creating an aggregate

    Enter the following values:

    • Node name
    • Aggregate name
    • RAID type
    • Disk count
  6. Provide volume details, such as the extended volume type (FlexVol or FlexGroup), volume name, size, and junction path.
    If you are... Do this...
    Selecting volume style as FlexVol Go to the next step.
    Note: For FlexVol, if the volume is "thick" (that is, the space guarantee is other than "none"), then the FabricPool will be discarded from the selection list in the List Of Aggregate field.
    Selecting volume style as FlexGroup Create an aggregate list:
    1. Select the aggregates in the Aggregate List* from the available List Of Aggregates (Read Only).

      You can select one or more aggregates for the Aggregate List*. You can also use the same aggregate multiple times in the list.

    2. Enter the number of constituent volumes you want to create per aggregate for FlexGroup in the Aggregate List Multiplier.
    Note: ONTAP 9.4 and earlier does not support the creation of FlexGroup on the FabricPool.
  7. Provide the CIFS share name.
  8. Provide details about access control lists (ACLs), such as the user or group name, and select appropriate access levels.
  9. Optional: Select the Encrypt Volume checkbox to encrypt the volume.
    Encrypt Volume supports the Volume Granular Encryption functionality. By default, it is unchecked. This functionality is only supported on FlexVol volumes.
  10. Optional: Click Preview to validate your workflow before executing it.
  11. Click Execute.
    You can also schedule the workflow for execution at a later date and time by selecting the Choose date and time for execution check box.

After you finish

You should verify your configuration by configuring NTFS file and folder permissions from a Windows administration host, and then testing the configuration from the Windows client.