W E K A
4.4
4.4
  • WEKA v4.4 documentation
    • Documentation revision history
  • WEKA System Overview
    • Introduction
      • WEKA system functionality features
      • Converged WEKA system deployment
      • Optimize redundancy in WEKA deployments
    • SSD capacity management
    • Filesystems, object stores, and filesystem groups
    • WEKA networking
    • Data lifecycle management
    • WEKA client and mount modes
    • WEKA containers architecture overview
    • Glossary
  • Planning and Installation
    • Prerequisites and compatibility
    • WEKA cluster installation on bare metal servers
      • Plan the WEKA system hardware requirements
      • Obtain the WEKA installation packages
      • Install the WEKA cluster using the WMS with WSA
      • Install the WEKA cluster using the WSA
      • Manually install OS and WEKA on servers
      • Manually prepare the system for WEKA configuration
        • Broadcom adapter setup for WEKA system
        • Enable the SR-IOV
      • Configure the WEKA cluster using the WEKA Configurator
      • Manually configure the WEKA cluster using the resources generator
        • VLAN tagging in the WEKA system
      • Perform post-configuration procedures
      • Add clients to an on-premises WEKA cluster
    • WEKA Cloud Deployment Manager Web (CDM Web) User Guide
    • WEKA Cloud Deployment Manager Local (CDM Local) User Guide
    • WEKA installation on AWS
      • WEKA installation on AWS using Terraform
        • Terraform-AWS-WEKA module description
        • Deployment on AWS using Terraform
        • Required services and supported regions
        • Supported EC2 instance types using Terraform
        • WEKA cluster auto-scaling in AWS
        • Detailed deployment tutorial: WEKA on AWS using Terraform
      • WEKA installation on AWS using the Cloud Formation
        • Self-service portal
        • CloudFormation template generator
        • Deployment types
        • AWS Outposts deployment
        • Supported EC2 instance types using Cloud Formation
        • Add clients to a WEKA cluster on AWS
        • Auto scaling group
        • Troubleshooting
    • WEKA installation on Azure
      • Azure-WEKA deployment Terraform package description
      • Deployment on Azure using Terraform
      • Required services and supported regions
      • Supported virtual machine types
      • Auto-scale virtual machines in Azure
      • Add clients to a WEKA cluster on Azure
      • Troubleshooting
      • Detailed deployment tutorial: WEKA on Azure using Terraform
    • WEKA installation on GCP
      • WEKA project description
      • GCP-WEKA deployment Terraform package description
      • Deployment on GCP using Terraform
      • Required services and supported regions
      • Supported machine types and storage
      • Auto-scale instances in GCP
      • Add clients to a WEKA cluster on GCP
      • Troubleshooting
      • Detailed deployment tutorial: WEKA on GCP using Terraform
      • Google Kubernetes Engine and WEKA over POSIX deployment
    • WEKA installation on OCI
  • Getting Started with WEKA
    • Manage the system using the WEKA GUI
    • Manage the system using the WEKA CLI
      • WEKA CLI hierarchy
      • CLI reference guide
    • Run first IOs with WEKA filesystem
    • Getting started with WEKA REST API
    • WEKA REST API and equivalent CLI commands
  • Performance
    • WEKA performance tests
      • Test environment details
  • WEKA Filesystems & Object Stores
    • Manage object stores
      • Manage object stores using the GUI
      • Manage object stores using the CLI
    • Manage filesystem groups
      • Manage filesystem groups using the GUI
      • Manage filesystem groups using the CLI
    • Manage filesystems
      • Manage filesystems using the GUI
      • Manage filesystems using the CLI
    • Attach or detach object store buckets
      • Attach or detach object store bucket using the GUI
      • Attach or detach object store buckets using the CLI
    • Advanced data lifecycle management
      • Advanced time-based policies for data storage location
      • Data management in tiered filesystems
      • Transition between tiered and SSD-only filesystems
      • Manual fetch and release of data
    • Mount filesystems
      • Mount filesystems from Single Client to Multiple Clusters (SCMC)
      • Manage authentication across multiple clusters with connection profiles
    • Snapshots
      • Manage snapshots using the GUI
      • Manage snapshots using the CLI
    • Snap-To-Object
      • Manage Snap-To-Object using the GUI
      • Manage Snap-To-Object using the CLI
    • Snapshot policies
      • Manage snapshot policies using the GUI
      • Manage snapshot policies using the CLI
    • Quota management
      • Manage quotas using the GUI
      • Manage quotas using the CLI
  • Additional Protocols
    • Additional protocol containers
    • Manage the NFS protocol
      • Supported NFS client mount parameters
      • Manage NFS networking using the GUI
      • Manage NFS networking using the CLI
    • Manage the S3 protocol
      • S3 cluster management
        • Manage the S3 service using the GUI
        • Manage the S3 service using the CLI
      • S3 buckets management
        • Manage S3 buckets using the GUI
        • Manage S3 buckets using the CLI
      • S3 users and authentication
        • Manage S3 users and authentication using the CLI
        • Manage S3 service accounts using the CLI
      • S3 lifecycle rules management
        • Manage S3 lifecycle rules using the GUI
        • Manage S3 lifecycle rules using the CLI
      • Audit S3 APIs
        • Configure audit webhook using the GUI
        • Configure audit webhook using the CLI
        • Example: How to use Splunk to audit S3
        • Example: How to use S3 audit events for tracking and security
      • S3 supported APIs and limitations
      • S3 examples using boto3
      • Configure and use AWS CLI with WEKA S3 storage
    • Manage the SMB protocol
      • Manage SMB using the GUI
      • Manage SMB using the CLI
  • Security
    • WEKA security overview
    • Obtain authentication tokens
    • Manage token expiration
    • Manage account lockout threshold policy
    • Manage KMS
      • Manage KMS using GUI
      • Manage KMS using CLI
    • Manage TLS certificates
      • Manage TLS certificates using GUI
      • Manage TLS certificates using CLI
    • Manage Cross-Origin Resource Sharing
    • Manage CIDR-based security policies
    • Manage login banner
  • Secure cluster membership with join secret authentication
  • Licensing
    • License overview
    • Classic license
  • Operation Guide
    • Alerts
      • Manage alerts using the GUI
      • Manage alerts using the CLI
      • List of alerts and corrective actions
    • Events
      • Manage events using the GUI
      • Manage events using the CLI
      • List of events
    • Statistics
      • Manage statistics using the GUI
      • Manage statistics using the CLI
      • List of statistics
    • Insights
    • System congestion
    • User management
      • Manage users using the GUI
      • Manage users using the CLI
    • Organizations management
      • Manage organizations using the GUI
      • Manage organizations using the CLI
      • Mount authentication for organization filesystems
    • Expand and shrink cluster resources
      • Add a backend server
      • Expand specific resources of a container
      • Shrink a cluster
    • Background tasks
      • Set up a Data Services container for background tasks
      • Manage background tasks using the GUI
      • Manage background tasks using the CLI
    • Upgrade WEKA versions
    • Manage WEKA drivers
  • Monitor the WEKA Cluster
    • Deploy monitoring tools using the WEKA Management Station (WMS)
    • WEKA Home - The WEKA support cloud
      • Local WEKA Home overview
      • Deploy Local WEKA Home v3.0 or higher
      • Deploy Local WEKA Home v2.x
      • Explore cluster insights
      • Explore performance statistics in Grafana
      • Manage alerts and integrations
      • Enforce security and compliance
      • Optimize support and data management
      • Export cluster metrics to Prometheus
    • Set up WEKAmon for external monitoring
    • Set up the SnapTool external snapshots manager
  • Kubernetes
    • Composable clusters for multi-tenancy in Kubernetes
    • WEKA Operator deployment
    • WEKA Operator day-2 operations
  • WEKApod
    • WEKApod Data Platform Appliance overview
    • WEKApod servers overview
    • Rack installation
    • WEKApod initial system setup and configuration
    • WEKApod support process
  • AWS Solutions
    • Amazon SageMaker HyperPod and WEKA Integrations
      • Deploy a new Amazon SageMaker HyperPod cluster with WEKA
      • Add WEKA to an existing Amazon SageMaker HyperPod cluster
    • AWS ParallelCluster and WEKA Integration
  • Azure Solutions
    • Azure CycleCloud for SLURM and WEKA Integration
  • Best Practice Guides
    • WEKA and Slurm integration
      • Avoid conflicting CPU allocations
    • Storage expansion best practice
  • Support
    • Get support for your WEKA system
    • Diagnostics management
      • Traces management
        • Manage traces using the GUI
        • Manage traces using the CLI
      • Protocols debug level management
        • Manage protocols debug level using the GUI
        • Manage protocols debug level using the CLI
      • Diagnostics data management
  • Appendices
    • WEKA CSI Plugin
      • Deployment
      • Storage class configurations
      • Tailor your storage class configuration with mount options
      • Dynamic and static provisioning
      • Launch an application using WEKA as the POD's storage
      • Add SELinux support
      • NFS transport failback
      • Upgrade legacy persistent volumes for capacity enforcement
      • Troubleshooting
    • Convert cluster to multi-container backend
    • Create a client image
    • Update WMS and WSA
    • BIOS tool
Powered by GitBook
On this page
  • Show the SMB cluster
  • Show the SMB domain configuration
  • Add an SMB cluster
  • Guidelines for configuring an SMB cluster
  • Update the SMB cluster
  • Check the status of SMB cluster readiness
  • Join an SMB cluster in Active Directory
  • Remove an SMB cluster
  • Add or remove SMB cluster containers
  • Configure trusted domains
  • List trusted domains
  • Add trusted domains
  • Remove trusted domains
  • List SMB shares
  • Add an SMB share
  • Guidelines for adding an SMB share
  • Update SMB shares
  • Control SMB share user-lists
  • Remove SMB shares
  • Control SMB access based on hosts' IP/name
  1. Additional Protocols
  2. Manage the SMB protocol

Manage SMB using the CLI

This page provides procedures for setting up an SMB cluster over WEKA filesystems and managing the cluster itself, using the CLI.

PreviousManage SMB using the GUINextWEKA security overview

Last updated 2 months ago

Using the CLI, you can manage both SMB-W and legacy SMB:

Show the SMB cluster

Command: weka smb cluster

Use this command to view information about the SMB cluster managed by the WEKA system.

Show the SMB domain configuration

Command: weka smb domain

Use this command to view information about the SMB domain configuration.

Add an SMB cluster

Command: weka smb cluster add

Use the following command line to create a new SMB cluster to be managed by the WEKA system:

weka smb cluster add <netbios-name> <domain> <config-fs-name> [--domain-netbios-name domain-netbios-name] [--idmap-backend idmap-backend] [--default-domain-mapping-from-id default-domain-mapping-from-id] [--default-domain-mapping-to-id default-domain-mapping-to-id] [--joined-domain-mapping-from-id joined-domain-mapping-from-id] [--joined-domain-mapping-to-id joined-domain-mapping-to-id] [--encryption encryption] [--smb-conf-extra smb-conf-extra] [--container-ids container-ids]... [--smb-ips-pool smb-ips-pool]... [--smb-ips-range smb-ips-range]...[--symlink symlink]

Parameters

Name
Value
Default

netbios-name*

NetBIOS name for the SMB cluster must be 1-15 characters long, using only alphanumeric characters (A-Z, 0-9) and hyphens (-). Names are case-insensitive, cannot start with a hyphen, and must be unique within the network. Spaces and special characters are not allowed. This will be the name of the Active Directory computer object and the hostname part of the FQDN.

domain*

The Active Directory domain to which the SMB cluster will be joined.

​

config-fs-name*

domain-netbios-name

Domain NetBIOS name.

The first part of the domain parameter

idmap-backend

The ID mapping method to use. Possible values: rfc2307 or rid

rfc2307

default-domain-mapping-from-id

The first ID of the range for the default AD ID mapping (for trusted domains that have no defined range). Not supported in SMB-W yet.

4290000001

default-domain-mapping-to-id

The last ID of the range for the default AD ID mapping (for trusted domains that have no defined range). Not supported in SMB-W yet.

4291000000

joined-domain-mapping-from-id

The first ID of the range for the main AD ID mapping.

0

joined-domain-mapping-to-id

The last ID of the range for the main AD ID mapping.

4290000000

encryption

The global encryption policy to use:

  • enabled - enables encryption negotiation but doesn't turn it on automatically for supported sessions and share connections.

  • disabled - doesn't support encrypted connections.

  • desired - enables encryption negotiation and turns on data encryption on supported sessions and share connections.

  • required - enforces data encryption on sessions and share connections. Clients that do not support encryption will be denied access to the server.

SMB-W possible values: enabled, desired, required Legacy SMB possible values: enabled, disabled, desired, required

enabled

smb-conf-extra

Additional SMB configuration options.

container-ids

The container IDs of the containers with a frontend process to serve the SMB service. Minimum of 3 containers.

smb-ips-pool

A pool of virtual IPs, used as floating IPs for the SMB cluster to provide HA to clients.

These IPs must be unique; do not assign these IPs to any host on the network. Format: comma-separated IP addresses.

smb-ips-range

A range of virtual IPs, used as floating IPs for the SMB cluster to provide HA to clients.

These IPs must be unique; do not assign these IPs to any host on the network. Format: A.B.C.D-E Example: 10.10.0.1-100

symlink

Determines if symbolic links are allowed in the SMB cluster.

  • on: Enables symbolic links. Use with caution, as it can introduce security risks by exposing data across shares.

  • off: Disables symbolic links, enhancing security by preventing link-based vulnerabilities.

Important: If a symbolic link in one share points to a file system in another share, users in the first share can access the data in the second share. Ensure you understand the security implications before enabling this option.

Only applicable for SMB-W clusters.

Off

Guidelines for configuring an SMB cluster

  • Enable High Availability (HA):

    • Ensure all floating IPs reside on the same subnet to enable IP takeover for HA.

  • Floating IP requirements:

    • Floating IPs must not be used by any other applications, servers, or WEKA components, including:

      • WEKA system management nodes

      • WEKA system IO nodes

      • WEKA system NFS floating IPs

    • In all-cloud installations, where listing SMB floating IPs is restricted by cloud provider network limitations, access the SMB service via the primary addresses of the cluster nodes.

  • Configure SMB floating IPs:

    • Use the --smb-ips parameter to specify the virtual IPs exposed by the SMB cluster.

    • Clients must connect through one of these virtual IPs to ensure automatic reconnection if an SMB container fails.

  • Customizing SMB library options:

Example command: In this example, an SMB cluster named wekaSMB is created using containers 0-4, within the domain mydomain. The cluster is configured with virtual IPs ranging from 1.1.1.1 to 1.1.1.5.

weka smb cluster create wekaSMB mydomain --container-ids 0,1,2,3,4 --smb-ips-pool 1.1.1.1,1.1.1.2 --smb-ips-range 1.1.1.3-5  

Update the SMB cluster

Command: weka smb cluster update

Use the following command line to update an existing SMB cluster:

weka smb cluster update [--encryption encryption] [--smb-ips-pool smb-ips-pool]... [--smb-ips-range smb-ips-range]...[--symlink symlink]

Parameters

Name
Value

encryption

The global encryption policy to use:

  • enabled: enables encryption negotiation but doesn't turn it on automatically for supported sessions and share connections.

  • disabled: doesn't support encrypted connections.

  • desired: enables encryption negotiation and turns on data encryption on supported sessions and share connections.

  • required: enforces data encryption on sessions and share connections. Clients that do not support encryption are denied access to the server.,

Possible values in SMB-W: enabled, desired, required Possible values in legacy SMB: enabled, disabled, desired, required

smb-ips-pool

A pool of virtual IPs, used as floating IPs for the SMB cluster to provide HA to clients.

These IPs must be unique; do not assign these IPs to any host on the network. Format: comma-separated IP addresses.

smb-ips-range

A range of public IPs is used as floating IPs to provide high availability for the SMB cluster to serve the SMB clients. These IPs must be unique; do not assign these IPs to any host on the network. Format: A.B.C.D-E Example: 10.10.0.1-100

symlink

Controls whether symbolic links are supported within the SMB cluster.

Possible values:

  • on: Enables the creation and use of symbolic links within the SMB cluster.

  • off: Disables symbolic links, enhancing security by preventing potential link-based attacks.

Only applicable for SMB-W clusters.

Check the status of SMB cluster readiness

Command: weka smb cluster status

The SMB cluster is comprised of three to eight SMB containers. Use this command to check the status of the SMB containers that are part of the SMB cluster. Once all the SMB containers are prepared and ready, it is possible to join an SMB cluster to an Active Directory domain.

Join an SMB cluster in Active Directory

Command: weka smb domain join

Use the following command line to join the SMB cluster to an Active Directory domain:

weka smb domain join <username> <password> [--server server] [--create-computer create-computer]

Ensure the AD servers are resolvable to all WEKA servers. This resolution enables the WEKA servers to join the AD domain.

Parameters

Name
Value

username*

Name of an AD user with permission to add a server to the domain.

password*

The password of the AD user. This password is not retained or cached.

server

create-computer

Creates an SMB cluster computer account in AD under a specified OU. The default is the "Computers" container in AD.

To join an existing SMB cluster to another Active Directory domain, leave the current Active Directory using the following command line:

weka smb domain leave <username> <password>

On completion of this operation, it is possible to join the SMB cluster to another Active Directory domain.

Remove an SMB cluster

Command: weka smb cluster remove

Use this command to remove an SMB cluster managed by the WEKA system.

Removing an existing SMB cluster managed by the WEKA system does not delete the backend WEKA filesystems but removes the SMB share exposures of these filesystems.

Add or remove SMB cluster containers

Command: weka smb cluster container add

Command: weka smb cluster container remove

Use these commands to add or remove containers from the SMB cluster.

weka smb cluster container add [--containers-id containers-id]...

weka smb cluster container remove [--containers-id containers-id]...

This operation might take some time to complete. During that time, SMB IOs are stalled.

Parameters

Name
Value

containers-id*

Container IDs of containers with a frontend process to serve the SMB service. Specify a comma-separated list with a minimum of 3 containers.

Configure trusted domains

List trusted domains

Command: weka smb cluster trusted-domains

Use this command to list all the configured trusted domains and their ID ranges.

Add trusted domains

Command: weka smb cluster trusted-domains add

Use the following command line to add an SMB trusted domain:

weka smb cluster trusted-domains add <domain-name> <from-id> <to-id>

Parameters

Name
Value

domain-name*

The name of the domain to add.

from-id*

The first ID of the range for the domain ID mapping. The range cannot overlap with other domains.

to-id*

The last ID of the range for the domain ID mapping. The range cannot overlap with other domains

Remove trusted domains

Command: weka smb cluster trusted-domains remove

Use the following command line to remove an SMB-trusted domain:

weka smb cluster trusted-domains remove <domain-id>

Parameters

Name
Value

domain-id*

The internal ID of the domain to remove

SMB-W cluster restart and verification

The commands weka smb cluster trusted-domains add and weka smb cluster trusted-domains remove (and the related APIs) trigger a background restart of the SMB-W cluster. This restart is necessary for the changes to take effect.

To confirm that the cluster has resumed normal operation following the restart, run the command: weka smb cluster status

This command provides the current status of the SMB-W cluster and ensures that it is operational.

List SMB shares

Command: weka smb share

Use this command to list all existing SMB shares.

Add an SMB share

Command: weka smb share add

Use the following command line to add a new share to be exposed by SMB. Ensure the SMB cluster is joined to the Active Directory. For details, see Join an SMB cluster in Active Directory.

weka smb share add <share-name> <fs-name> [--description description] [--internal-path internal-path] [--file-create-mask file-create-mask]  [--directory-create-mask directory-create-mask] [--acl acl] [--map-acls map-acls] [--case-sensitivity case-sensitivity] [--obs-direct obs-direct] [--encryption encryption] [--read-only read-only] [--user-list-type user-list-type] [--allow-guest-access allow-guest-access]
[--enable-ADS enable-ADS] [--hidden hidden] [--vfs-zerocopy-read vfs-zerocopy-read] [--users users]...

The mount mode for the SMB share is readcache and cannot be modified.

Parameters

Name
Value
Default

share-name*

A unique name of the share to add to the filesystem. The share name must adhere to the following rules:

  • Alphanumeric characters: A-Z, a-z, 0-9.

  • Maximum length: 80 characters.

  • Allowed special characters: hyphens (-) and underscores (_).

  • Prohibited special characters: space ( ), backslash (\), slash (/), colon (:), semicolon (;).

  • Prohibited : 0x00 through 0x1F.

  • No reserved names: Avoid using reserved names such as CON, PRN, AUX, NUL, COM1, LPT1. They may cause conflicts.

SMB-W: Do not create the same share name with different case insensitivity.

​

fs-name*

Valid name of the filesystem to share. A filesystem with Required Authentication set to ON cannot be used for SMB share.

​

description

The description of the share received in remote views.

​

internal-path

The internal valid path within the filesystem (relative to its root) which will be exposed.

.

file-create-mask

POSIX permissions for the file created through the SMB share. Numeric (octal) notation.

0744

directory-create-mask

POSIX permissions for directories created through the SMB share. Numeric (octal) notation. SMB-W: the specified string must be greater or equal to 0600.

0755

acl

For a MAC client in SMB-W only, if acl is off, set enable-ADS to off.

off

map-acl

Specifies the type of access control to use for the share. Options include POSIX, Windows, or Hybrid.

Hybrid ACL allows seamless interoperability between POSIX and Windows systems by exchanging permissions based on timestamps. Regardless of the system it originated from, the most recent permission takes precedence. Only applicable for SMB-W.

POSIX

case-sensitivity

Enables or disables case sensitivity for the specified SMB share. When enabled, the share distinguishes between files with the same name but different capitalization.

This option applies exclusively to SMB-W cluster.

on

obs-direct

A special mount option to bypass the time-based policies.

off

encryption

The share encryption policy.

  • cluster_default: The share encryption policy follows the global SMB cluster setting.

  • desired: If negotiation is enabled globally, it turns on data encryption for this share for clients that support encryption.

  • required: Enforces encryption for the shares. Clients that do not support encryption are denied when accessing the share. If the global option is disabled, access is restricted to these shares for all clients.

Possible value for SMB-W: cluster_default Possible values: cluster_default , desired, required

cluster_default

read-only

Sets the share as read-only. Users cannot create or modify files in this share. Possible values: on, off

off

user-list-type

The type of initial permissions list for users. Possible values: read_only : List of users who have been denied write access to the share, regardless of the read-only setting. read_write: List of users given write access to the share, regardless of the read-only setting.

valid : List of users that are allowed to log in to this share (empty list = all users are allowed) invalid - list of users that are not allowed to log in to this share

allow-guest-access

Allows connecting to the SMB service without a password. Permissions are as the nobody user account permissions. Possible values: on, off

off

enable-ADS

Enables using Alternate Data Streams (ADS) on a specified SMB share. Possible values: yes, no

macOS clients: If ACLs are disabled (acl=off), set enable-ADS to off.

Windows clients: When enabled, ADS data is stored in the file’s extended attributes (XAttr), which consumes XAttr space.

on

hidden

Sets the share as non-browsable. It will be accessible for mounting and IOs but not discoverable by SMB clients. Possible values: on, off

off

vfs-zerocopy-read

If supported, enable zero-copy reads. This allows data to transfer directly from disk to application memory without intermediate copying, reducing CPU usage and latency and enhancing throughput and efficiency for large file access.

Possible values: on, off.

on

users

A list of users to use with the user-list-type list.

Format: Domain short name followed by group name, for example WEKAAD\internalShareUsers Possible values: Up to 8 users/groups for all lists combined per share.

Empty list

Guidelines for adding an SMB share

  • Adding SMB shares:

    • Example commands:

      weka smb share add rootShare default  
      weka smb share add internalShare default --internal-path some/dir --description "Exposed share"  

      The first command creates a root SMB share for the default filesystem.

      The second command creates an internal SMB share for the default filesystem with a specified subdirectory and description.

  • Custom SMB library options: For configuring SMB shares with specific library options, contact the Customer Success Team.

  • Setting share permissions: After adding an SMB share, configure POSIX permissions to grant SMB users access. Examples:

    • Grant full access:

      mount -t wekafs smbw-fs /mnt/smbw  
      chmod 777 /mnt/smbw  
      umount /mnt/smbw  
    • Assign group ownership:

      mount -t wekafs smbw-fs /mnt/smbw  
      chown :smb-group /mnt/smbw  
      umount /mnt/smbw  

Update SMB shares

Command: weka smb share update

Use the following command line to update an existing share:

weka smb share update <share-id> [--encryption encryption] [--read-only read-only] [--allow-guest-access allow-guest-access] [--hidden hidden]

Parameters

Name
Value

share-id*

A valid share ID to update.

encryption

The share encryption policy.

  • cluster_default: The share encryption policy follows the global SMB cluster setting.

  • desired: If negotiation is enabled globally, it turns on data encryption for this share for clients that support encryption.

  • required: Enforces encryption for the shares. Clients that do not support encryption are denied when accessing the share. If the global option is disabled, access is restricted to these shares for all clients.

Possible value for SMB-W: cluster_default Possible values: cluster_default , desired, required

read-only

Sets the share as read-only. Users cannot create or modify files in this share. Possible values: on, off

allow-guest-access

Allows connecting to the SMB service without a password. Permissions are as the nobody user account permissions. Possible values: on, off

hidden

Sets the share as non-browsable. It will be accessible for mounting and IOs but not discoverable by SMB clients. Possible values: on, off

Control SMB share user-lists

Command: weka smb share list show

Use this command to view the various user-list settings.

Command: weka smb share list add

Use the following command line to add users to a share user-list:

weka smb share list add <share-id> <user-list-type> <--users users>...

Parameters

Name
Value

share-id*

The ID of the share to update.

user-list-type*

The type of permissions list for users: read_only: list of users that do not get write access to the SMB share, regardless of the read-only setting. read_write: list of users get write access to the SMB share, regardless of the read-only setting. valid: list of users allowed to log in to this SMB share service (an empty list means all users are allowed). invalid: list of users that are not allowed to log in to this share SMB service.

users*

A comma-separated list of users to add to the user-list-type list. Can use the @ notation to allow groups of users. For example, root, Jack, @domain\admins. You can set up to 8 users/groups for all lists combined per share.


Command: weka smb share list remove

Use the following command line to remove users from a share user-list:

weka smb share list remove <share-id> <user-list-type> <--users users>...

Parameters

Name
Value

share-id*

The ID of the share to be updated.

user-list-type*

The type of permissions list for users: read_only: list of users that do not get write access to the SMB share, regardless of the read-only setting. read_write: list of users get write access to the SMB share, regardless of the read-only setting. valid: list of users allowed to log in to this SMB share service (an empty list means all users are allowed). invalid: list of users not allowed to log in to this SMB share service.

users*

A comma-separated list of users to remove from the user-list-type list. Can use the @ notation to allow groups of users, e.g. root, Jack, @domain\admins. You can set up to 8 users/groups for all lists combined per share.


Command: weka smb share list reset

Use the following command line to remove all users from a share user-list:

weka smb share list reset <share-id> <user-list-type>

Parameters

Name
Value

share-id*

The ID of the share to be updated

user-list-type*

The type of permissions list to reset: read_only: list of users that do not get write access to the SMB share, regardless of the read-only setting. read_write: list of users get write access to the SMB share, regardless of the read-only setting. valid: list of users allowed to log in to this SMB share service (an empty list means all users are allowed). invalid: list of users not allowed to log in to this SMB share service.

Remove SMB shares

Command: weka smb share remove

Use the following command line to remove a share exposed to SMB:

weka smb share remove <share-id>

Parameters

Name
Value

share-id*

The ID of the share to remove.

Example: The following is an example of removing an SMB share defined as ID 1:

weka smb share remove 1

Control SMB access based on hosts' IP/name

You can control which hosts are permitted to access the SMB share. The maximum number of share host access definitions across all shares is 1024.

SMB-W supports access based on the host IP addresses (but not host names).

Command: weka smb share host-access list

Use this command to view the various host access settings.

Command: weka smb share host-access add

Use the following command line to add a host to the allow/deny list:

weka smb share host-access add <share-id> <mode> <--ips ips> <--hosts hosts>

Parameters

Name
Value

share-id*

The ID of the share to update. Mandatory for the share-level command.

mode*

The access mode of the host. Possible values: allow, deny

ips

A comma-separated list of host IP addresses to allow or deny. Must provide at least one of the IP addresses. Format example for multiple IPs: 192.

192.168. 192.168.1 192.168.1.1/24 192.168.1.2, 192.168.1.2

hosts

Host names to allow/deny.

  • You must provide at least one of the hostnames

  • Separate host names with spaces.

In SMB-W, use the ips parameter instead of hosts.

Command: weka smb share host-access remove

Use the following command line to remove hosts from the allow or deny list.

weka smb share host-access remove <share-id> <hosts>

Parameters

Name
Value

share-id*

The ID of the share to update. Mandatory for the share-level command.

hosts*

A list of hostnames you want to remove from access.

  • Separate host names with spaces.

  • In SMB-W, use the IP addresses displayed under the HOST column when running the corresponding list command.

  • In legacy SMB, use the names displayed under the HOSTNAME column when running the corresponding list command.

Command: weka smb share host-access reset

Use the following command line to remove all hosts from the allow or deny list:

weka smb share host-access reset <share-id> <mode>

Parameters

Name
Value

share-id*

The ID of the share to update. Mandatory for the share-level command.

mode*

The specified access mode will remove all associated hosts from the list.

Possible values: allow, deny.

The weka smb cluster create command creates an SMB-W cluster. To create a legacy SMB cluster, contact the .

The predefined filesystem for storing persistent cluster-wide protocol configurations. Ensure the filesystem exists; if not, create it. For details, see

If global options for the SMB library need adjustment, contact the .

Specifies the remote domain controller for SMB-W domain join commands. WEKA automatically identifies an AD Domain Controller server (from /etc/resolv.conf) based on the AD domain name. You do not need to set the server name. In some cases, specify the AD server if required. See .

Enable Windows ACLs on the share (translated to POSIX). Supports up to 16 ACLs per file depending on the available space in the Extended Attribute (xattr). For details, see Possible values: on, off

For details, see Possible values: on, off

For more details, see .

Customer Success Team
Show the SMB cluster
Show the SMB domain configuration
Add an SMB cluster
Update the SMB cluster
Check the status of SMB cluster readiness
Join an SMB cluster in Active Directory
Delete an SMB cluster
Add or remove SMB cluster containers
Configure trusted domains
List SMB shares
Add an SMB share
Update SMB shares
Control SMB share user-lists
Remove SMB shares
Control SMB access based on hosts' IP/name
Filesystem Extended Attributes considerations
Filesystem permissions and access rights configuration
Resolve the AD domain controllers
#object-store-direct-mount-option
#dedicated-filesystem-requirement-for-persistent-protocol-configurations
Customer Success Team