Thursday, December 13, 2012

Setting up SFTP on a NetApp Filer

I recently setup Secure FTP on our NetApp filer. Searching the web I found the instructions (even from NetApp) a bit confusing and contradictory, so I set to writing this how to.

I needed our SFTP to authenticate thru Active Directory so we needed to have CIFS licensed on the NetApp. This is not necessary for using SFTP but does make user accounts easier to setup and manage.

  1. If CIFS is not already setup on the NetApp, login to the console and run cifs setup. Connect the Filer to the current Active Directory. During the configuration, do not change the authentication to NTFS only.
  2. Set the following:
    options sftp.enable on
    options sftp.auth_style mixed
    options sftp.bypass_traverse_checking on
    options sftp.dir_restriction on
    options sftp.locking delete
    options sftp.log_enable on
    options sftp.max_connections 15
    (depends on number of users you plan on)
  3. Check to see if the cifs home directory has been setup: rdfile /etc/cifs_homedir.cfg
    Typically the CIFS setup will create a HOME share on the filer, but I found that it doesn't always setup the cifs_homedir value. The cifs_homedir.cfg needs to have the path to the volume where the cifs HOME share is set to.

    wrfile -a /etc/cifs_homedir.cfg /vol/vol0/home
  4. After updating the cifs_homedir.cfg, run the home directory update command:
    cifs homedir load
  5. From the active directory server, create a new user. For its home directory path, put in the UNC path to the filer's home directory:

  6. Now from a SFTP client connect to the filer. The username needs to be entered in this format: