エクスポートポリシーでクライアントのアクセスが制限されないのはなぜですか?
に適用されます
ONTAP 9
問題
設定は以下のとおりです。
TEST-01::*> cifs share show -vserver test-fs02 -instance
Vserver: test-fs02
Share: test
CIFS Server NetBIOS Name: TEST-FS02
Path: /test
Share Properties: oplocks
browsable
changenotify
show-previous-versions
Symlink Properties: symlinks
File Mode Creation Mask: -
Directory Mode Creation Mask: -
Share Comment: -
Share ACL: Everyone / Full Control
File Attribute Cache Lifetime: -
Volume Name: test
Offline Files: manual
Vscan File-Operations Profile: standard
Maximum Tree Connections on Share: 4294967295
UNIX Group for File Create: -
Vserver: test-fs02
Share: qtree01
CIFS Server NetBIOS Name: TEST-FS02
Path: /test/qtree01
Share Properties: oplocks
browsable
changenotify
show-previous-versions
Symlink Properties: symlinks
File Mode Creation Mask: -
Directory Mode Creation Mask: -
Share Comment: -
Share ACL: Everyone / Full Control
File Attribute Cache Lifetime: -
Volume Name: test
Offline Files: manual
Vscan File-Operations Profile: standard
Maximum Tree Connections on Share: 4294967295
UNIX Group for File Create: -
TEST-01::*> qtree show -vserver test-fs02 -volume test -instance
Vserver Name: test-fs02
Volume Name: test
Qtree Name: ""
Actual (Non-Junction) Qtree Path: /vol/test
Security Style: ntfs
Oplock Mode: enable
Unix Permissions: -
Qtree Id: 0
Qtree Status: normal
Export Policy: default
Is Export Policy Inherited: true
Vserver Name: test-fs02
Volume Name: test
Qtree Name: qtree01
Actual (Non-Junction) Qtree Path: /vol/test/qtree01
Security Style: ntfs
Oplock Mode: enable
Unix Permissions: -
Qtree Id: 1
Qtree Status: normal
Export Policy: testpolicy
Is Export Policy Inherited: false
TEST-01::*> export-policy rule show -instance
Vserver: test-fs02
Policy Name: default
Rule Index: 1
Access Protocol: cifs
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 0.0.0.0/0
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: any
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true
NTFS Unix Security Options: fail
Vserver NTFS Unix Security Options: use_export_policy
Change Ownership Mode: restricted
Vserver Change Ownership Mode: use_export_policy
Vserver: test-fs02
Policy Name: testpolicy
Rule Index: 1
Access Protocol: cifs
List of Client Match Hostnames, IP Addresses, Netgroups, or Domains: 192.168.1.0/24
RO Access Rule: any
RW Access Rule: any
User ID To Which Anonymous Users Are Mapped: 65534
Superuser Security Types: none
Honor SetUID Bits in SETATTR: true
Allow Creation of Devices: true
NTFS Unix Security Options: fail
Vserver NTFS Unix Security Options: use_export_policy
Change Ownership Mode: restricted
Vserver Change Ownership Mode: use_export_policy
Windows クライアント( 192.168.2.1 ) Jumphost を CIFS 共有「 \\test-fs02\test 」に接続したあと、「 test 」フォルダの下にある「 qtree01 」フォルダを確認します。
これで、クライアントの IP アドレスが 192.168.1.x と同じサブネットではなくても、フォルダ「 qtree01 」を開くことができます