This topic describes how to manage Server Message Block (SMB) shares in the local file gateway console, including creating, deleting, disabling, and modifying SMB shares, configuring AD/LDAP, and adding SMB users.

Prerequisites

  1. You have added a cache disk to the gateway. For more information, see Add a cache disk.
  2. You have bound cloud resources. For more information, see Bind a cloud resource.

Background information

SMB is a network protocol that facilitates network communication between servers and clients or between network nodes. You can use this protocol to share files. SMB requires both a client and a server.

Cloud Storage Gateway (CSG) operates like an SMB server and provides the file sharing service. When you access CSG from a Windows client, CSG receives a request from the client and returns a response.

To use the SMB services, you must configure a shared file directory in the Cloud Storage Gateway console, create an SMB user, and specify user permissions.

Create an SMB share

  1. On the SMB page, click Create in the upper-right corner.
  2. In the Create SMB Share dialog box, configure the following parameters.
    Parameter Description
    Share Name The name of the SMB share.
    Read-only Users The list of users who have read-only access to the SMB share.
    Read/Write Users The list of users who have read/write access to the SMB share.
    Enabled Specifies whether to enable SMB sharing.

    If you do not want to enable SMB sharing, you can select No to disable SMB sharing.

    Discoverable Specifies whether the SMB share can be discovered by network neighbors.
    Data Access Mode Cache Mode and Replication Mode are available.
    • Replication Mode: In this mode, two backups of all data are created. One is stored in the local cache disk and the other one is stored in the OSS bucket.
    • Cache Mode: In this mode, the backup stored in the local cache disk only contains the metadata and frequently accessed user data. The backup stored in the OSS bucket contains all data.
    Enable Remote Sync Specifies whether to synchronize metadata of the local cache disk with metadata stored in the OSS bucket This feature can be applied in disaster recovery, data restoration, and data sharing scenarios.
    Note During remote synchronization, the system scans all objects in the bucket. If the number of objects is large, fees incurred from making OSS API requests may be high. For more information, see OSS Pricing.
    Encryption No Encryption and Server Encryption are available.

    If you select Server Encryption, you must set the CMK ID parameter. You can log on to the KMS console, and create a key. For more information, see Create a CMK.

    After you enable OSS server encryption, you can provide your own key. The system supports the key imported from Key Management Service (KMS).

    With OSS server encryption enabled, the system automatically uses the imported key to encrypt the files uploaded to OSS through the shared directory. You can call the GetObject operation to check whether the specified file has been encrypted. In the response header, if the x-oss-server-side-encryption field value is KMS and the x-oss-server-side-encryption-key-id field value is the key ID, this response indicates that the file has been encrypted.

    Note
    • Only whitelisted users can use this feature.
    • When you create a key in the KMS console, you must select the same region as the target OSS bucket.
    Cloud Resource Select an existing bucket.
    Path Prefix Specifies a subdirectory of the target bucket.

    The path field supports letters and digits only.

    Note For version 1.0.38 and later, you can map a root directory of the file system to a subdirectory of a bucket to allow separate file access between users.

    You can specify an existing subdirectory or a subdirectory that does not exist in the bucket. After you create the share, the specified subdirectory works as the root directory, and stores all related files and directories.

    Cache Use Specifies whether to enable metadata disks. If you use metadata disks, data disks are separated from metadata disks, and metadata disks are used to store metadata of shared directories.
    • If you select Yes, you must configure the corresponding Metadata and Data parameters.
    • If you select No, you must set the Cache Disk parameter.
    Note Only whitelisted users can use this feature.
    Ignore Delete During the data synchronization process, the OSS buckets ignore all data deletion operations. The backup stored in the OSS bucket contains all data.
    Sync Delay Specifies a delay before the system uploads the file that you have modified and closed. The Sync Delay feature avoids OSS file fragmentation caused by frequent local modifications. The default value is 5 seconds and the maximum is 120 seconds.
    Max Write Speed Specifies the maximum speed of writing data. Valid values: 0 to 1280. Unit: MB/s. The default value is 0. which indicates that the write speed is not limited.
    Max Upload Speed Specifies the maximum speed of uploading data. Valid values: 0 to 1280. Unit: MB/s. The default value is 0, which indicates that the upload rate is not limited.
    Note When you customize the maximum write and upload rates, make sure that the maximum upload rate is not lower than the maximum write rate.
    Fragment Optimization Specifies whether to optimize the performance for some applications that frequently and randomly read and write small amounts of data. You can enable this feature based on your needs.
    Direct_IO Releases the cache in real time. You can enable this feature when you only synchronize backups to the cloud.

AD/LADP

Active Directory (AD) and Lightweight Directory Access Protocol (LDAP) are standard application protocols used to query and change directory information. Select the AD or LDAP service that you want to join and configure the settings.

  • You can join an AD domain only after you complete the DNS settings.
  • You can join either an AD or LDAP service, but not both.
  • The permissions of the current AD domain user, LDAP user, and local user override each other and whichever configured last takes effect. After you join or leave an AD domain, or connect to or disconnect from an LDAP server, the user permissions configured in the CIFS share are automatically removed.
  • Currently, the AD feature supports 64-bit Windows Server 2016 Datacenter and Windows Server 2012 R2 Datacenter.
  • Currently, the LDAP feature supports 64-bit CentOS 7.4 with OpenLDAP 2.4.44.

Configure AD settings

  1. Configure the DNS server.
    1. In the local gateway console, click About.
    2. In the Network Configuration section, click Update DNS.
    3. In the Update DNS dialog box that appears, enter the IP addresses of DNS servers, and click OK.
      In the DNS server text box, specify the IP address of the AD server to resolve the AD domain name.
  2. Join an AD domain.
    1. Choose SMB > AD/LDAP.
    2. In the Windows AD section, click Join AD.
    3. In the Join AD dialog box that appears, configure the following parameters, and click OK.
      • Server IP: Enter the IP address of the AD server.
      • User Name: Enter the administrator username.
      • Password: Enter the administrator password.

      After the connection is established, the status of Joined under AD becomes Yes.

      Note After you join the AD domain, the local user permissions configured in the SMB share are removed.

Configure LDAP

  1. In the local gateway console, choose SMB > AD/LDAP.
  2. In the LDAP section, click Join LDAP.
  3. In the Connect LDAP dialog box that appears, set the following parameters and click OK.
    • Server IP: Enter the IP address of the LDAP server, which is the directory system agent.
    • Support TLS: Specify the method used by the system to communicate with the LDAP server.
    • Base DN: Specify the LDAP domain, for example, dc=iftdomain, or dc=ift.local.
    • Root DN: Specify the root DN, for example, cn=admin, dc=iftdomain, or dc=ift.local.
    • Password: Enter the password of the root directory.

    After the connection is established, the status of Joined under LDAP becomes Yes.

    Note After you join the LDAP domain, the local user permissions configured in the SMB share are removed.

Add an SMB user

If you have not joined any domain, you can create an SMB user to access Cloud Storage Gateway.
  • If you have joined an AD domain, on the SMB Users page, you can view all AD users.
  • If you have joined an LDAP domain, on the SMB Users page, you can view all LDAP users that have configured a Samba password.
  • If a user has joined an LDAP domain but has not configured a Samba password, on the SMB user page, click Create to add a Samba password for the LDAP user.

    We recommend that you specify the same password for both Samba and LDAP.

  1. In the local gateway console, choose SMB > SMB Users.
  2. Click Create.
  3. In the Add SMB user dialog box, set the name and password.
  4. Click OK.

Other supported operations

On the SMB page, you can also perform the following operations.

Operation Description
Disable an SMB share On the SMB page, you can disable the toggle on the upper-left side of the page to disable NFS sharing.

If you want to disable a single SMB share, you can use the following method.

On the SMB page, find the target NFS share. Click Settings and set Enabled to No.

Delete an SMB share On the SMB Shares tab, find the target SMB share, and click Delete to delete the SMB share.
Note After the SMB share is deleted, the Windows mount point or mapped network drive immediately becomes ineffective.
Modify an SMB share On the SMB Shares tab, find the target SMB share, and click Settings or Advanced Settings to modify an SMB share.
Cache Refresh On the SMB Shares tab, find the target SMB share, and click Cache Refresh to refresh the cache.
Delete an SMB user On the SMB Shares tab, find the target SMB user, and click Delete to delete the SMB user.
Disable a connection On the AD/LDAP tab, click Disconnect to disable the AD or LDAP connection.

What to do next

Access SMB shares