Manage SMB using the CLI
This page provides procedures for setting up an SMB cluster over WEKA filesystems and managing the cluster itself, using the CLI.
Using the CLI, you can manage both the SMB-W and legacy SMB:
Show the SMB cluster
Command: weka smb cluster
Use this command to view information about the SMB cluster managed by the WEKA system.
Show the SMB domain configuration
Command: weka smb domain
Use this command to view information about the SMB domain configuration.
Create the SMB cluster
Command: weka smb cluster create
Use the following command line to create a new SMB cluster to be managed by the WEKA system:
weka smb cluster create <netbios-name> <domain> [--domain-netbios-name domain-netbios-name] [--idmap-backend idmap-backend] [--default-domain-mapping-from-id default-domain-mapping-from-id] [--default-domain-mapping-to-id default-domain-mapping-to-id] [--joined-domain-mapping-from-id joined-domain-mapping-from-id] [--joined-domain-mapping-to-id joined-domain-mapping-to-id] [--encryption encryption] [--smb-conf-extra smb-conf-extra] [--container-ids container-ids]... [--smb-ips-pool smb-ips-pool]... [--smb-ips-range smb-ips-range]...
To create an SMB-W cluster, contact the Customer Success Team.
Note: As a best practice, it is recommended to have only one of the following protocol containers, NFS, SMB, or S3, installed on the same server. Starting from version 4.2, setting more than one additional protocol to the existing POSIX is not allowed.
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| String | NetBIOS name for the SMB cluster | Must be a valid name (ASCII) | Yes | |
| String | The domain to join the SMB cluster to | Must be a valid name (ASCII) | Yes | |
| String | Domain NetBIOS name. | Must be a valid name (ASCII) | No | The first part of the |
| String | The ID mapping method to use. | SMB-W: | No |
|
| Number | The last ID of the range for the default AD ID mapping (for trusted domains that have no range defined). | Not supported in SMB-W yet | No | 4290000000 |
| Number | The first ID of the range for the main AD ID mapping. | None | No | 4290000000 |
| Number | The last ID of the range for the main AD ID mapping. | None | No | 4290000001 |
| String | The global encryption policy to use.
| SMB-W: | No |
|
| String | Additional SMB configuration options. | None | No | |
| Number | The container IDS of the containers with the frontend process to serve the SMB service. | Minimum of 3 containers | ||
| Comma-separated IP addresses | The public IPs used as floating IPs for the SMB cluster to serve the SMB over and thereby provide HA. Do not assign these IPs to any server on the network. | Must be valid IP addresses | No | |
| IP address range | The public IPs used as floating IPs for the SMB cluster to serve the SMB over and thereby provide HA. Do not assign these IPs to any server on the network. | Format: A.B.C.D-E Example: 10.10.0.1-100 | No |
Note: To enable HA through IP takeover, all IPs must reside on the same subnet.
Note: The IPs must be configured but MUST NOT be in use by any other application/server in the subnet, including WEKA system management nodes, WEKA system IO nodes, or WEKA system NFS floating IPs. In AWS environments, this is not supported and these IPs should not be provided**.**
Note: The --smb-ips
parameter is supposed to accept the public IPs that the SMB cluster will expose. To mount the SMB cluster in an HA manner, clients should be mounted via one of the exposed public IPs, thereby ensuring that they will automatically reconnect if one of the SMB containers fails.
Note: If it is necessary to set global options to the SMB library, contact the Customer Success Team.
For Example:
weka smb cluster create wekaSMB mydomain --container-ids 0,1,2,3,4 --smb-ips-pool 1.1.1.1,1.1.1.2 --smb-ips-range 1.1.1.3-5
In this example of a full command, an SMB cluster is configured over the WEKA system containers 0-4. The SMB cluster is called wekaSMB,
the domain name is called mydomain
and is directed to use public IPs 1.1.1.1 to 1.1.1.5.
Update the SMB cluster
Command: weka smb cluster update
Use the following command line to update an existing SMB cluster:
weka smb cluster update [--encryption encryption] [--smb-ips-pool smb-ips-pool]... [--smb-ips-range smb-ips-range]
Parameters
Name | Type | Value | Limitations | Mandatory |
| String | The global encryption policy to use.
| SMB-W: | No |
| Comma-separated IP addresses | The public IPs used as floating IPs for the SMB cluster to serve the SMB over and thereby provide HA. The IPs should not be assigned to any host on the network. | Must be valid IP addresses | No |
| IP address range | The public IPs used as floating IPs for the SMB cluster to serve the SMB over and thereby provide HA. Do not assign IPs to any host on the network. | Format: A.B.C.D-E E.g., 10.10.0.1-100 | No |
Check the status of SMB cluster readiness
Command: weka smb cluster status
The SMB cluster is comprised of a few SMB containers. Use this command to check the status of the SMB containers that are part of the SMB cluster. Once all the SMB containers are prepared and ready, it is possible to join an SMB cluster to an Active Directory.
Join an SMB cluster in Active Directory
Command: weka smb domain join
Use the following command line to join an SMB domain in an Active Directory:
weka smb domain join <username> <password> [--server server] [--create-computer create-computer]
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| String | Name of a user with permission to add a server to the domain. | Must be a valid name (ASCII) | Yes | |
| String | The password of the user. | Must be a valid password (ASCII) | Yes | |
| String | Weka identifies the AD server automatically based on the AD name. You do not need to set the server name. In some cases, if required, specify the AD server. | Must be valid Not applicable for SMB-W yet | No | The AD server is automatically identified based on the AD name. |
| String | The default organization unit is the Computers directory. You can define any other directory to connect to in Active Directory, such as SMB servers or Corporate computers. | Must be valid Not applicable for SMB-W yet | No | The computer's directory |
To join the SMB cluster to another Active Directory, leave the current Active Directory using the following command line:
weka smb domain leave <username> <password>
On completion of this operation, it is possible to join the SMB cluster to another Active Directory.
Delete an SMB cluster
Command: weka smb cluster destroy
Use this command to destroy an SMB cluster managed by the Weka system.
Deleting an existing SMB cluster managed by the Weka system does not delete the backend Weka filesystems but removes the SMB share exposures of these filesystems.
Add or remove SMB cluster containers
Command: weka smb cluster containers add
Command: weka smb cluster containers remove
Use these commands to add or remove containers from the SMB cluster.
weka smb cluster containers add [--containers-id containers-id]...
weka smb cluster containers remove [--containers-id containers-id]...
Note: This operation might take some time to complete. During that time, SMB IOs are stalled.
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| Comma-separated strings | Container IDs of containers with a frontend process to serve the SMB service. | Minimum of 3 containers must be supplied. | Yes |
Configure trusted domains
Note: SMB-W does not yet support trusted domains.
List trusted domains
Command: weka smb cluster trusted-domains
Use this command to list all the configured trusted domains and their ID ranges.
Add trusted domains
Command: weka smb cluster trusted-domains add
Use the following command line to add an SMB trusted domain:
weka smb cluster trusted-domains add <domain-name> <from-id> <to-id>
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| String | The name of the domain being added | Must be a valid name (ASCII) | Yes | |
| Number | The first ID of the range for the domain ID mapping | The range cannot overlap with other domains | Yes | |
| Number | The last ID of the range for the domain ID mapping | The range cannot overlap with other domains | Yes |
Remove trusted domains
Command: weka smb cluster trusted-domains remove
Use the following command line to remove an SMB-trusted domain:
weka smb cluster trusted-domains remove <domain-id>
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| Number | The internal ID of the domain to remove | Yes |
List SMB shares
Command: weka smb share
Use this command to list all existing SMB shares.
Add an SMB share
Command: weka smb share add
Use the following command line to add a new share to be exposed to SMB:
weka smb share add <share-name> <fs-name> [--description description] [--internal-path internal-path] [--file-create-mask file-create-mask] [--directory-create-mask directory-create-mask] [--obs-direct obs-direct] [--encryption encryption] [--read-only read-only] [--user-list-type user-list-type] [--users users]... [--allow-guest-access allow-guest-access] [--hidden hidden]
The mount mode for the SMB share is readcache
and cannot be modified.
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| String | Valid name of the share to add | The share name must meet the following requirements:
SMB-W: you cannot create the same share name with different case insensitivity. | Yes | |
| String | Name of the filesystem to share | Must be a valid name. A filesystem set with required authentication cannot be used for SMB share. | Yes | |
| String | Description of what the share will receive when viewed remotely | Must be a valid string | No | |
| String | The internal path within the filesystem (relative to its root) which will be exposed | Must be a valid path | No | . |
| String | POSIX permissions for the file created through the SMB share | Numeric (octal) notation | No | 0744 |
| String | POSIX permissions for directories created through the SMB share | Numeric (octal) notation. SMB-W: the specified string must be greater or equal to 0600. | No | 0755 |
| String | Enable Windows ACLs on the share (which will be translated to POSIX) |
Up to 16 ACEs per file | No |
|
| String | See Object-store Direct Mount section | Legacy SMB: | No |
|
| String | The share encryption policy.
| SMB-W: | No |
|
| String | Sets the share as read-only. Users cannot create or modify files in this share. |
| No |
|
| String | The type of initial permissions list for | SMB-W: not supported
Legacy SMB:
| No | |
| A comma-separated list of Strings | A list of users to use with the | SMB-W: not supported Legacy SMB: Up to 8 users/groups for all lists combined per share | No | Empty list |
| String | Allows connecting to the SMB service without a password. Permissions are as the | Legacy SMB: | No |
|
| String | Sets the share as non-browsable. It will be accessible for mounting and IOs but not discoverable by SMB clients. |
| No |
|
Note: If it is necessary to set a share with specific options to the SMB library, contact Weka support.
Example: The following is an example for adding users to a share mounted on a filesystem named "default":
weka smb share add rootShare default
weka smb share add internalShare default --internal-path some/dir --description "Exposed share"
In this example, the first SMB share added has the Weka system share for default. The second SMB share has internal for default.
Update SMB shares
Command: weka smb share update
Use the following command line to update an existing share:
weka smb share update <share-id> [--encryption encryption] [--read-only read-only] [--allow-guest-access allow-guest-access] [--hidden hidden]
Note: SMB-W does not yet support share update.
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| Number | The ID of the share to update | Must be a valid share ID | Yes | |
| String | The share encryption policy.
|
| No | |
| String | Mount the SMB share as read-only. |
| No | |
| String | Allow guest access |
| No | |
| String | Hide the the SMB share. |
| StringNo |
Control SMB share user-lists
Note: SMB-W does not yet support share user-lists.
Command: weka smb share lists show
Use this command to view the various user-list settings.
Command: weka smb share lists add
Use the following command line to add users to a share user-list:
weka smb share lists add <share-id> <user-list-type> <--users users>...
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| Number | The ID of the share to be updated | Must be a valid share ID | Yes | |
| String | The type of permissions list for |
| Yes | |
| A comma-separated list of Strings | A list of users to add to the | Up to 8 users/groups for all lists combined per share | Yes |
Command: weka smb share lists remove
Use the following command line to remove users from a share user-list:
weka smb share lists remove <share-id> <user-list-type> <--users users>...
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| Number | The ID of the share to be updated | Must be a valid share ID | Yes | |
| String | The type of permissions list for |
| Yes | |
| A comma-separated list of Strings | A list of users to remove from the | Up to 8 users/groups for all lists combined per share | Yes |
Command: weka smb share lists reset
Use the following command line to remove all users from a share user-list:
weka smb share lists reset <share-id> <user-list-type>
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| Number | The ID of the share to be updated | Must be a valid share ID | Yes | |
| String | The type of permissions list to reset |
| Yes |
Remove SMB shares
Command: weka smb share remove
Use the following command line to remove a share exposed to SMB:
weka smb share remove <share-id>
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| String | The ID of the share to be removed | Must be a valid share ID | Yes | |
Example: The following is an example of removing an SMB share defined as ID 1:
weka smb share remove 1
Control SMB access based on hosts' IP/name
It is possible to control which hosts are permitted to access the SMB service or share.
Note: SMB-W does not yet support access based on hosts' IP/name.
Command: weka smb cluster host-access list
weka smb share host-access list
Use this command to view the various host access settings.
Command: weka smb cluster host-access add
weka smb share host-access add
Use the following command line to add a host to the allow/deny list (at either cluster level or share level):
weka smb cluster host-access add <mode> <--ips ips> <--hosts hosts>
weka smb share host-access add <share-id> <mode> <--ips ips> <--hosts hosts>
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| Number | The ID of the share to be updated | Must be a valid share ID | Yes (for the share-level command) | |
| String | The access mode of the host |
| Yes | |
| A Comma-separated list of IPs | Host IP addresses to allow or deny | Supports the following format to provide multiple IPs:
| Must provide at least one of: | |
| A Comma-separated list of strings | Host names to allow/deny | Must provide at least one of: |
Command: weka smb cluster host-access remove
/ weka smb share host-access remove
Use the following command line to remove hosts from the allow or deny list (at either cluster level or share level):
weka smb cluster host-access remove <hosts>
weka smb share host-access remove <share-id> <hosts>
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| Number | The ID of the share to be updated | Must be a valid share ID | Yes (for the share-level command) | |
| Space-separated list of hosts | The hosts to remove from the host-access list | Must be the exact name as shown under the | Yes |
Command: weka smb cluster host-access reset
weka smb share host-access reset
Use the following command line to remove all containers from the allow or deny list (at either cluster level or share level):
weka smb cluster host-access reset <mode>
weka smb share host-access reset <share-id> <mode>
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| Number | The ID of the share to be updated | Must be a valid share ID | Yes (for the share-level command) | |
| String | All hosts with this access mode will be removed from the list |
| Yes |
Last updated