# Manage SMB using the CLI Using the CLI, you can: * [Show the SMB cluster](#show-the-smb-cluster) * [Show the SMB domain configuration](#show-smb-domain-cfg) * [Create the SMB cluster](#create-smb-cluster) * [Update the SMB cluster](#update-smb-cluster) * [Check the status of SMB host readiness](#check-status-smb-host-readiness) * [Join an SMB cluster in Active Directory](#join-smb-cluster-in-ad) * [Delete an SMB cluster](#delete-an-smb-cluster) * [Add or remove SMB cluster hosts](#add-or-remove-smb-cluster-hosts) * [Configure trusted domains](#configure-trusted-domains) * [List SMB shares](#list-smb-shares) * [Add an SMB share](#add-an-smb-share) * [Update SMB shares](#update-smb-shares) * [Control SMB share user-lists](#control-smb-share-user-lists) ## Show the SMB cluster **Command:** `weka smb cluster` Use this command to view information about the SMB cluster managed by the Weka system. ## Show the SMB domain configuration **Command:** `weka smb domain` Use this command to view information about the SMB domain configuration. ## Create the SMB cluster **Command:** `weka smb cluster create` Use the following command line to create a new SMB cluster to be managed by the Weka system: `weka smb cluster create [--samba-hosts samba-hosts]... [--smb-ips-pool smb-ips-pool]... [--smb-ips-range smb-ips-range] [--domain-netbios-name domain-netbios-name] [--idmap-backend idmap-backend] [--joined-domain-mapping-from-id joined-domain-mapping-from-id] [--joined-domain-mapping-to-id joined-domain-mapping-to-id] [--default-domain-mapping-from-id default-domain-mapping-from-id] [--default-domain-mapping-to-id default-domain-mapping-to-id] [--encryption encryption]` {% hint style="warning" %} **Note:** As a best practice, it is recommended to have only one of the following protocol containers, NFS, SMB, or S3, installed on the same server. Starting from version 4.2, setting more than one additional protocol to the existing POSIX is not allowed. {% endhint %} **Parameters** | **Name** | **Type** | **Value** | **Limitations** | **Mandatory** | **Default** | | -------------------------------- | ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------- | ------------- | ------------------------------- | | `name` | String | NetBIOS name for the SMB cluster. | Must be a valid name (ASCII) | Yes | | | `domain` | String | The domain which the SMB cluster is to join. | Must be a valid name (ASCII) | Yes | ​ | | `samba-hosts` | Comma-separated strings | List of 3-8 Weka system hosts to participate in the SMB cluster, based on the host IDs in Weka. | Must be valid host IDs | Yes | ​ | | `smb-ips-pool` | Comma-separated IP addresses | The public IPs used as floating IPs for the SMB cluster to serve the SMB over and thereby provide HA; should not be assigned to any host on the network. | Must be valid IP addresses | No | ​ | | `smb-ips-range` | IP address range | The public IPs used as floating IPs for the SMB cluster to serve the SMB over and thereby provide HA. The IPs should not be assigned to any host on the network. |

Format: A.B.C.D-E

E.g., 10.10.0.1-100

| No​ | | | `domain-netbios-name` | String | Domain NetBIOS name. | Must be a valid name (ASCII) | No | First part of`domain` parameter | | `idmap-backend` | String | The Id mapping method to use. | `rfc2307` or `rid` | No | `rfc2307` | | `joined-domain-mapping-from-id` | Number | The first ID of the range for the main AD ID mapping. | | No | 0 | | `joined-domain-mapping-to-id` | Number | The last ID of the range for the main AD ID mapping. | | No | 4290000000 | | `default-domain-mapping-from-id` | Number | The first ID of the range for the default AD ID mapping (for trusted domains that have no range defined). | | No | 4290000001 | | `default-domain-mapping-to-id` | Number | The last ID of the range for the default AD ID mapping (for trusted domains that have no range defined). | | No | 4291000000 | | `encryption` | String |

The global encryption policy to use.

enabled - enables encryption negotiation but doesn't turn it on automatically for supported sessions and share connections.

disabled - doesn't support encrypted connections.

desired - enables encryption negotiation and turns on data encryption on supported sessions and share connections.

required - enforces data encryption on sessions and share connections. Clients that do not support encryption will be denied access to the server.

| `enabled,` `disabled`, `desired` or `required` | No | `enabled` | {% hint style="info" %} **Note:** To enable HA through IP takeover, all IPs must reside on the same subnet. {% endhint %} {% hint style="info" %} **Note:** The IPs must be configured but **MUST NOT** be in use by any other application/host in the subnet, including Weka system management nodes, Weka system IO nodes, or Weka system NFS floating IPs. In AWS environments, this is not supported and these IPs should not be provided**.** {% endhint %} {% hint style="info" %} **Note:** The `--smb-ips` parameter is supposed to accept the public IPs that the SMB cluster will expose. To mount the SMB cluster in an HA manner, clients should be mounted via one of the exposed public IPs, thereby ensuring that they will automatically reconnect if one of the SMB hosts fails. {% endhint %} {% hint style="info" %} **Note:** If it is necessary to set global options to the SMB library, contact the [Customer Success Team](https://docs.weka.io/4.0/support/getting-support-for-your-weka-system). {% endhint %} {% hint style="success" %} **For Example:** `weka smb cluster create wekaSMB mydomain --samba-hosts 0,1,2,3,4 --smb-ips-pool 1.1.1.1,1.1.1.2 --smb-ips-range 1.1.1.3-5` In this example of a full command, an SMB cluster is configured over the Weka system hosts 0-4. The SMB cluster is called `wekaSMB,`the domain name is called `mydomain`and is directed to use public IPs 1.1.1.1 to 1.1.1.5. {% endhint %} ## Update the SMB cluster **Command:** `weka smb cluster update` Use the following command line to update an existing SMB cluster: `weka smb cluster update [--encryption encryption] [--smb-ips-pool smb-ips-pool]... [--smb-ips-range smb-ips-range]` **Parameters** | **Name** | **Type** | **Value** | **Limitations** | **Mandatory** | | --------------- | ---------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------- | ------------- | | `encryption` | String |

The global encryption policy to use.

enabled - enables encryption negotiation but doesn't turn it on automatically for supported sessions and share connections.

disabled - doesn't support encrypted connections.

desired - enables encryption negotiation and turns on data encryption on supported sessions and share connections.

required - enforces data encryption on sessions and share connections. Clients that do not support encryption are denied access to the server.

| `enabled,` `disabled`, `desired` or `required` | No | | `smb-ips-pool` | Comma-separated IP addresses | The public IPs used as floating IPs for the SMB cluster to serve the SMB over and thereby provide HA. The IPs should not be assigned to any host on the network. | Must be valid IP addresses | No | | `smb-ips-range` | IP address range |

The public IPs used as floating IPs for the SMB cluster to serve the SMB over and thereby provide HA.
The IPs should not be assigned to any host on the network.

|

Format: A.B.C.D-E

E.g., 10.10.0.1-100

| No​ | ## Check the status of SMB host readiness **Command:** `weka smb cluster status` Use this command to check the status of the hosts that are part of the SMB cluster. Once all hosts are prepared and ready, it is possible to join an SMB cluster to an Active Directory. ## Join an SMB cluster in Active Directory **Command:** `weka smb domain join` Use the following command line to join an SMB domain in an Active Directory: `weka smb domain join ` **Parameters** | **Name** | **Type** | **Value** | **Limitations** | **Mandatory** | **Default** | | ---------- | -------- | -------------------------------------------------------------- | -------------------------------- | ------------- | ----------- | | `username` | String | Name of a user with permissions to add a machine to the domain | Must be a valid name (ASCII) | Yes | | | `password` | String | The password of the user | Must be a valid password (ASCII) | Yes | | To join another Active Directory to the current SMB cluster configuration, leaving the current Active Directory is necessary. This is performed using the following command line: `weka smb domain leave ` On completion of this operation, it is possible to join another Active Directory to the SMB cluster. ## Delete an SMB cluster **Command:** `weka smb cluster destroy` Use this command to destroy an SMB cluster managed by the Weka system. Deleting an existing SMB cluster managed by the Weka system does not delete the backend Weka filesystems but removes the SMB share exposures of these filesystems. ## Add or remove SMB cluster hosts **Command:** `weka smb cluster hosts add` **Command:** `weka smb cluster hosts remove` Use these commands to add or remove hosts from the SMB cluster. `weka smb cluster hosts add [--samba-hosts samba-hosts]...` `weka smb cluster hosts remove [--samba-hosts samba-hosts]...` {% hint style="info" %} **Note:** This operation might take some time to complete. During that time, SMB IOs are stalled. {% endhint %} **Parameters** | **Name** | **Type** | **Value** | **Limitations** | **Mandatory** | **Default** | | ------------- | ----------------------- | ---------------------------------------------------------------------------------------------- | ---------------------- | ------------- | ----------- | | `samba-hosts` | Comma-separated strings | List of 3-8 Weka system hosts to participate in the SMB cluster, based on the host IDs in Weka | Must be valid host IDs | Yes | | ## Configure trusted domains ### List trusted domains **Command:** `weka smb cluster trusted-domains` Use this command to list all the configured trusted domains and their ID ranges. ### Add trusted domains **Command:** `weka smb cluster trusted-domains add` Use the following command line to add an SMB trusted domain: `weka smb cluster trusted-domains add ` **Parameters** | **Name** | **Type** | **Value** | **Limitations** | **Mandatory** | **Default** | | ------------- | -------- | --------------------------------------------------- | ------------------------------------------- | ------------- | ----------- | | `domain-name` | String | The name of the domain being added | Must be a valid name (ASCII) | Yes | | | `from-id` | Number | The first ID of the range for the domain ID mapping | The range cannot overlap with other domains | Yes | | | `to-id` | Number | The last ID of the range for the domain ID mapping | The range cannot overlap with other domains | Yes | | ### Remove trusted domains **Command:** `weka smb cluster trusted-domains remove` Use the following command line to remove an SMB trusted domain: `weka smb cluster trusted-domains remove ` **Parameters** | **Name** | **Type** | **Value** | **Limitations** | **Mandatory** | **Default** | | ----------- | -------- | --------------------------------------- | --------------- | ------------- | ----------- | | `domain-id` | Number | The internal ID of the domain to remove | | Yes | | ## List SMB shares **Command:** `weka smb share` Use this command to list all existing SMB shares. ## Add an SMB share **Command:** `weka smb share add` Use the following command line to add a new share to be exposed to SMB: `weka smb share add [--description description] [--internal-path internal-path] [--file-create-mask file-create-mask] [--directory-create-mask directory-create-mask] [--obs-direct obs-direct] [--encryption encryption] [--read-only read-only] [--user-list-type user-list-type] [--users users]... [--allow-guest-access allow-guest-access] [--hidden hidden]` {% hint style="info" %} The mount mode for the SMB share is `readcache` and cannot be modified. {% endhint %} **Parameters** | **Name** | **Type** | **Value** | **Limitations** | **Mandatory** | **Default** | | ----------------------- | --------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ----------------- | | `share-name` | String | Name of the share being added | Must be a valid name (ASCII) | Yes | ​ | | `fs-name` | String | Name of the filesystem to share |

Must be a valid name.
A filesystem set with required authentication cannot be used for SMB share.

| Yes | ​ | | `description` | String | Description of what the share will receive when viewed remotely | Must be a valid string | No | ​ | | `internal-path` | String | The internal path within the filesystem (relative to its root) which will be exposed | Must be a valid path | No | . | | `file-create-mask` | String | POSIX permissions for the file created through the SMB share | Numeric (octal) notation | No | 0744 | | `directory-create-mask` | String | POSIX permissions for directories created through the SMB share | Numeric (octal) notation | No | 0755 | | `acl` | String | Enable Windows ACLs on the share (which will be translated to POSIX) |

on or off;

Up to 16 ACEs per file

| No | `off` | | `obs-direct` | String | See [Object-store Direct Mount](https://docs.weka.io/4.0/fs/tiering/advanced-time-based-policies-for-data-storage-location#object-store-direct-mount-option) section | `on` or `off` | No | `off` | | `encryption` | String |

The share encryption policy.

cluster\_default: The he share encryption policy follows the global SMB cluster setting.

desired: If negotiation is enabled globally, it turns on data encryption for this share for clients that support encryption.

required: Enforces encryption for the shares. Clients that do not support encryption are denied when accessing the share. If the global option is disabled, the access is restricted to these shares for all clients.

| `cluster_default` `desired` or `required` | No | `cluster_default` | | `read-only` | String | Sets the share as read-only. Users cannot create or modify files in this share. | `on` or `off` | No | `off` | | `user-list-type` | String | The type of initial permissions list for `users` |

read\_only : List of users that will not be given write access to the share, regardless of the read-only setting.

read\_write: List of users that are given write access to the share, regardless of the read-only setting.

valid : List of users that are allowed to log-in to this share SMB service (empty list all users are allowed)invalid - list of users that are not allowed to log-in to this share SMB service

| No | | | `users` | A comma-separated list of Strings | A list of users to use with the `user-list-type` list. Can use the `@` notation to allow groups of users, e.g. `root, Jack, @domain\admins` | Up to 8 users/groups for all lists combined per share | No | Empty list | | `allow-guest-access` | String | Allows connecting to the SMB service without a password. Permissions are as the `nobody` user account permissions. | `on` or`off` | No | `off` | | `hidden` | String | Sets the share as non-browsable. It will be accessible for mounting and IOs but not discoverable by SMB clients. | `on` or `off` | No | `off` | {% hint style="info" %} **Note:** If it is necessary to set a share with specific options to the SMB library, contact Weka support. {% endhint %} {% hint style="success" %} **Example:** The following is an example for adding users to a share mounted on a filesystem named "default": `weka smb share add rootShare default` \ `weka smb share add internalShare default --internal-path some/dir --description "Exposed share"` In this example, the first SMB share added has the Weka system share for default. The second SMB share has internal for default. {% endhint %} ## Update SMB shares **Command:** `weka smb share update` Use the following command line to update an existing share: `weka smb share update [--encryption encryption] [--read-only read-only] [--allow-guest-access allow-guest-access] [--hidden hidden]` **Parameters** | **Name** | **Type** | **Value** | **Limitations** | **Mandatory** | **Default** | | -------------------- | -------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------- | ------------- | ----------- | | `share-id` | Number | The ID of the share to update | Must be a valid share ID | Yes | ​ | | `encryption` | String |

The share encryption policy.

desired - turns on data encryption for this share for clients that support encryption if negotiation has been enabled globally.

required - enforces encryption for the shares. Clients that do not support encryption will be denied access to the share. If the global option is set to disabled access will be denied to these shares for all clients.

| `cluster_default` `desired` or `required` | No | | | `read-only` | String | Mount the SMB share as read-only. | `on` or `off` | No | | | `allow-guest-access` | String | Allow guest access | `on` or `off` | No | | | `hidden` | String | Hide the the SMB share. | `on` or `off` | StringNo | | ## **Control SMB share user-lists** **Command:** `weka smb share lists show` Use this command to view the various user-list settings. **Command:** `weka smb share lists add` Use the following command line to add users to a share user-list: `weka smb share lists add <--users users>...` **Parameters** | **Name** | **Type** | **Value** | **Limitations** | **Mandatory** | **Default** | | ---------------- | --------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ----------- | | `share-id` | Number | The ID of the share to be updated | Must be a valid share ID | Yes | | | `user-list-type` | String | The type of permissions list for `users` |

read\_only - list of users that will not be given write access to the share, regardless of the read-only setting.

read\_write- list of users that will be given write access to the share, regardless of the read-only setting.

valid - list of users that are allowed to log-in to this share SMB service (empty list - all users are allowed)invalid - list of users that are not allowed to log-in to this share SMB service

| Yes | | | `users` | A comma-separated list of Strings | A list of users to add to the `user-list-type` list. Can use the `@` notation to allow groups of users, e.g. `root, Jack, @domain\admins` | Up to 8 users/groups for all lists combined per share | Yes | | **Command:** `weka smb share lists remove` Use the following command line to remove users from a share user-list: `weka smb share lists remove <--users users>...` **Parameters** | **Name** | **Type** | **Value** | **Limitations** | **Mandatory** | **Default** | | ---------------- | --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ----------- | | `share-id` | Number | The ID of the share to be updated | Must be a valid share ID | Yes | | | `user-list-type` | String | The type of permissions list for `users` |

read\_only - list of users that will not be given write access to the share, regardless of the read-only setting.

read\_write- list of users that will be given write access to the share, regardless of the read-only setting.

valid - list of users that are allowed to log-in to this share SMB service (empty list - all users are allowed)invalid - list of users that are not allowed to log-in to this share SMB service

| Yes | | | `users` | A comma-separated list of Strings | A list of users to remove from the `user-list-type` list. Can use the `@` notation to allow groups of users, e.g. `root, Jack, @domain\admins` | Up to 8 users/groups for all lists combined per share | Yes | | **Command:** `weka smb share lists reset` Use the following command line to remove all users from a share user-list: `weka smb share lists reset ` **Parameters** | **Name** | **Type** | **Value** | **Limitations** | **Mandatory** | **Default** | | ---------------- | -------- | ------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------- | ----------- | | `share-id` | Number | The ID of the share to be updated | Must be a valid share ID | Yes | | | `user-list-type` | String | The type of permissions list to reset |

read\_only - list of users that will not be given write access to the share, regardless of the read-only setting.

read\_write- list of users that will be given write access to the share, regardless of the read-only setting.

valid - list of users that are allowed to log-in to this share SMB service (empty list - all users are allowed)invalid - list of users that are not allowed to log-in to this share SMB service

| Yes | | ## Remove SMB shares **Command:** `weka smb share remove` Use the following command line to remove a share exposed to SMB: `weka smb share remove ` **Parameters** | **Name** | **Type** | **Value** | **Limitations** | **Mandatory** | **Default** | | ---------- | -------- | --------------------------------- | ------------------------ | ------------- | ----------- | | `share-id` | String | The ID of the share to be removed | Must be a valid share ID | Yes | ​ | {% hint style="success" %} **Example:** The following is an example for removing an SMB share defined as ID 1: `weka smb share remove 1` {% endhint %} ## Control SMB access based on hosts IP/name It is possible to control which hosts are permitted to access the SMB service or share. **Command:** `weka smb cluster host-access list` / `weka smb share host-access list` Use this command to view the various host-access settings. **Command:** `weka smb cluster host-access add` / `weka smb share host-access add` Use the following command line to add hosts to the allow/deny list (in either cluster-level or share-level): `weka smb cluster host-access add <--ips ips> <--hosts hosts>` `weka smb share host-access add <--ips ips> <--hosts hosts>` **Parameters** | **Name** | **Type** | **Value** | **Limitations** | **Mandatory** | **Default** | | ---------- | --------------------------------- | --------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------- | ----------- | | `share-id` | Number | The ID of the share to be updated | Must be a valid share ID | Yes (for the share-level command) | | | `mode` | String | The access mode of the host | `allow` or `deny` | Yes | | | `ips` | A Comma-separated list of IPs | Host IPs to allow/deny |

Supports the following format to provide multiple IPs:

192.

192.168.
192.168.1
192.168.1.1/24

| Must provide at least one of: `ips` or `hosts` | | | `hosts` | A Comma-separated list of strings | Host names to allow/deny | | Must provide at least one of: `ips` or `hosts` | | **Command:** `weka smb cluster host-access remove` / `weka smb share host-access remove` Use the following command line to remove hosts from the allow/deny list (in either cluster-level or share-level): `weka smb cluster host-access remove ` `weka smb share host-access remove ` **Parameters** | **Name** | **Type** | **Value** | **Limitations** | **Mandatory** | **Default** | | ---------- | ----------------------------- | --------------------------------------------- | -------------------------------------------------------------------------------------------- | --------------------------------- | ----------- | | `share-id` | Number | The ID of the share to be updated | Must be a valid share ID | Yes (for the share-level command) | | | `hosts` | Space-separated list of hosts | The hosts to remove from the host-access list | Must be the exact name as shown under the `HOSTNAME` column in the equivalent `list` command | Yes | | **Command:** `weka smb cluster host-access reset` / `weka smb share host-access reset` Use the following command line to remove all hosts from the allow/deny list (in either cluster-level or share-level): `weka smb cluster host-access reset ` `weka smb share host-access reset ` **Parameters** | **Name** | **Type** | **Value** | **Limitations** | **Mandatory** | **Default** | | ---------- | -------- | ------------------------------------------------------------- | ------------------------ | --------------------------------- | ----------- | | `share-id` | Number | The ID of the share to be updated | Must be a valid share ID | Yes (for the share-level command) | | | `mode` | String | All hosts with this access-mode will be removed from the list | `allow` or `deny` | Yes | |