Knowledge Center Monthly Newsletter - September 2025

Stay up to date with the latest from the Knowledge Center. See all new Knowledge Center articles published in the last month, and re:Post’s top contributors.

How do I mount an FSx for ONTAP CIFS share on a Linux EC2 instance that's not joined to an Active Directory?

6 minute read

I want to use Amazon FSx for NetApp ONTAP to mount a Common Internet File System (CIFS) share on my Amazon Elastic Compute Cloud (Amazon EC2) Linux instance. My instance isn't joined to the Microsoft Active Directory.

Resolution

Note: The following resolution is for EC2 instances that run Amazon Linux 2023 (AL2023) where the instance client isn't joined to the Active Directory.

Prerequisites:

The instance allows outbound traffic on TCP port 445.
The NetApp ONTAP file system allows inbound traffic on TCP port 445.

Create the CIFS share on the FSx NetApp ONTAP filesystem

Complete the following steps:

Log in to the FSx for ONTAP file system so that you can access the ONTAP command line interface (CLI).
To verify your configuration, run the following commands.
To check for Active Directory integration for the Storage Virtual Machine (SVM), run the following command:
```
vserver services name-service dns show
```
To check the CIFS server configuration, run the following command:
```
vserver cifs show
```
Note: If the preceding commands show that you must set up your configuration, then configure your Active Directory or CIFS server.

To verify that the volume uses the NTFS security style, run the following command:

volume show -fields security-style, junction-path, size, available, state

If the volume doesn't use the NTFS security style, then run the following command to create a new volume with the NTFS security style:

volume create -volume volume-name -vserver svm-name -junction-path junction-path-of-volume -state online -size size-of-volume -aggregate aggregate-ID -security-style ntfs

Note: Replace volume-name with the volume name, svm-name with the SVM name, and junction-path-of-volume with the volume junction path. Also, replace size-of-volume with your volume size and aggregate-ID with the volume aggregate ID.

To use the volume's junction path to create a CIFS share on the volume, run the following command:

vserver cifs share create -share-name cifs-share-name -path junction-path-of-volume -share-properties oplocks,browsable,changenotify,show-previous-versions -symlink-properties symlinks

Note: Replace the cifs-share-name with the CIFS share name and junction-path-of-volume with the volume junction path. You use the cifs-share-name to mount the file system in the following section.

To validate the CIFS share configuration, run the following command:

vserver cifs share show

Mount the CIFS share of the ONTAP volume on your AL2023 instance

Complete the following steps:

To install the required packages, run the following command:

sudo yum install -y cifs-utils

To create a mount point, run the following command:

sudo mkdir /mnt/fsx-cifs

To create the credentials file in the /home/ec2-user directory, run the following command:

sudo vi /home/ec2-user/creds.txt

Add the following content to the creds.txt file so that you can see passwords in plaintext:

username=usernameexample
password=passwordexample
domain=EXAMPLE.COM

Note: Replace usernameexample with your username, passwordexample with a password, and EXAMPLE.COM with your domain.

To configure permissions for the credentials file, run the following command:
```
 chmod 700 /home/ec2-user/creds.txt
```
Note: Replace EXAMPLE.COM with your domain. When prompted, enter the username and password for your Active Directory user.

To check the maximum buffer size that the kernel for CIFS supports, run the following command:

modinfo cifs | grep CIFSMaxBufSize

Example output:

parm: CIFSMaxBufSize:Network buffer size (not including header). Default: 16384 Range: 8192 to 130048 (uint)

Note: In the preceding example, the maximum supported buffer size is 130048.

To mount the CIFS share, run the following command:

sudo mount -t cifs //W.X.Y.Z/cifs-share-name /mnt/fsx-cifs -o sec=ntlmsspi, cred=/home/ec2-user/creds.txt,vers=3.1.1, rsize=130048,wsize=130048,cache=none

Note: Replace W.X.Y.Z with the SMB DNS name or the SVM's SMB IP address. If you use the Active Directory DNS servers, then you can use the SVM's SMB DNS name. Otherwise, use the SMB IP address. Also, replace 3.1.1 with your version of the SMB protocol and cifs-share-name with the name of the CIFS share.

(Optional) To set up automatic mount during the boot process, add the following line to the /etc/fstab file:

//W.X.Y.Z/cifs-share-name /mnt/fsx-cifs cifs sec=ntlmsspi,_netdev,auto,x-systemd.automount,x-systemd.requires=network-online.target,cred=/home/ec2-user/creds.txt,rsize=130048,wsize=130048,cache=none,vers=3.1.1, 0 0

Note: Replace W.X.Y.Z with the SMB DNS name or the SVM's SMB IP address. If you use the Active Directory DNS servers, then you can use the DNS name. Otherwise, use the SMB IP address. Also, replace 3.1.1 with your version of the SMB protocol and cifs-share-name with the name of the CIFS share.

Troubleshoot CIFS mount issues

Important: It's a best practice to create an account on NetApp. You must have a NetApp account to access NetApp troubleshooting documentation.

If you experience issues when you mount your file system, then take the following troubleshooting actions:

To check connectivity on the required port, run the following command:
```
telnet W.X.Y.Z 445
```
Note: Replace W.X.Y.Z with your SVM SMB IP address.
To verify your credentials, run the following command:
```
smbclient //W.X.Y.Z/share -U username
```
Note: Replace W.X.Y.Z with your SVM SMB IP address and username with your username.

To use the --verbose option to check for errors, run the following command:

sudo mount -t cifs //W.X.Y.Z/cifs-share-name /mnt/fsx-cifs --verbose -o sec=ntlmsspi, cred=/home/ec2-user/creds.txt,vers=3.1.1, rsize=130048,wsize=130048,cache=none

Note: Replace W.X.Y.Z with the SMB DNS name or the SVM's SMB IP address. Also, replace cifs-share-name with the name of the CIFS share and 3.1.1 with your version of the SMB protocol.

To check the logs for errors, run one of the following commands:

dmesg | grep CIFS

journalctl | grep -i cifs

Verify the FSx for ONTAP server configuration

To check whether your security style affects your permissions, run the following command on the FSx for ONTAP file system:

volume show -volume volume_name -fields security-style

Note: Replace volume_name with file system's volume name. For more information, see Learn about ONTAP NAS security styles on the NetApp website.

To check your network connectivity to the domain controllers, run the following command:

network ping -node node_name -destination dc_ip

Note: Replace node_name with your node name and dc_ip with the Active Directory IP address.

Topics: Compute
Tags: Linux Amazon EC2
Language: English

AWS OFFICIALUpdated 3 months ago

No comments

Relevant content

"mount.nfs: Connection timed out" Facing The above Error when trying to Mount an Amazon FSx for NetApp ONTAP on my EC2 linux instance via PuTTY SSH connection from my Local Computer.
Praveenkumar
asked 7 months ago
IAM permission to mount FSx NetApp ONTAP on EC2
raghavendra
asked 6 months ago
FSx for NetApp ONTAP - Can't join domain
Accepted Answer
mark_ccx
asked 4 years ago
Not seeing the mount point for file share on an Amazon Linux EC2 instance
SAM
asked 2 years ago
Mount FSx File System on Windows EC2 Instance
rePost-User-3570919
asked 6 months ago
How do I configure SVM with AWS Managed Microsoft AD for CIFS shares on FSx for ONTAP?
AWS OFFICIALUpdated 3 years ago
How do I use NVMe over TCP to mount an FSx for ONTAP file system on an EC2 Linux instance?
AWS OFFICIALUpdated 3 months ago
Why can't I mount my FSx for ONTAP file system on my EC2 Linux instance?
AWS OFFICIALUpdated 2 years ago
How do I use iSCSI to mount an FSx for ONTAP iSCSI LUN on an EC2 Linux instance?
AWS OFFICIALUpdated 3 months ago
Knowledge Center Monthly Newsletter - August 2025
EXPERT
Shannon Lewis
published 2 months ago