Connecting to NSS share

To connect to NSS Share via SMB3, you must have received the following connection information from DIT Storage Service Staff. 

Details on your share are below:

Server:  cifs.isip01.nas.umd.edu

Share Name: TestShare

Description: DEPARTMENT,KFS_Number,shareadmin1@umd.edu,shareadmin2@umd.edu

 

Account	Account Type	Run as Root	Permission Type	Permission
AD\groupname	group	False	allow	full

 

Total: 1

Quota Hard Threshold : 64.000G

Snapshot Schedule: Every 1 days at 04:00

Backup Schedule: Not Requested

Replication Schedule: Every 8 hours from 00:00 to 23:59

 
It is assumed that users will be in the mapping permissions list as a user or as a member of a group that has 'change', 'readonly' or 'full' permissions.

This article is also targeted to NSS technical share administrators, but can be referenced by share users. Only share administrators are authorized to request changes to storage account settings, such as mapping permissions, and snapshot and replication configuration.

Top

Windows hosts

Instructions for accessing your share on Windows 10, 11, 2012, 2016, 2019, 2022 manually

1. Right-Click on the Windows icon on lower left corner. Click File Explorer.
   
   
2. Right click on This PC. Click Map Network Drive.

   

3. In the Map Network Drive dialog select the following.

   

   
   
   1. Drive: Any available drive letter.
   2. Folder:  \\<servername>\<sharename> where <sharename> is the provided sharename.
      
      • Optionally select Reconnect at Logon.
      • Optionally select Connect using different credentials, especially if you are not logged into ad.umd.edu domain.
4. Click Finish.
5. If permission is denied as current user or you selected "Connect using different credentials", you will be asked for your university credentials.

 Top

Using group policy objects to map shares on Windows 10, 11, Windows Server 2012, 2016, 2019, and 2022

As a share administrator, you may also have Organizational Unit (OU) administrative rights to manage objects in campus AD. If this is the case, consider using Group Policy Objects (GPO) applied to a target OU.

Top

Confirming SMB protocol security settings for Windows 10, 11, Windows Server 2012, 2016, 2019, and 2022

If you need to confirm that your connection to the NSS share is encrypted in-flight, follow this procedure:

1. Log in to the host connecting to the NSS share. Connect to the NSS share using one of the methods above.
2. Launch Powershell.exe as an administrator.
   
3. Run the following command:
   

   Get-SmbConnection | Select-Object -Property *

   
   and review the output to make sure Dialect is 3.1.1 and Encrypted is True :
   

    

   SmbInstance           : Default

   ContinuouslyAvailable : False

   Credential            : AD\user

   Dialect               : 3.1.1

   Encrypted             : True

   NumOpens              : 1

   Redirected            : False

   ServerName            : 10.101.130.250

   ShareName             : testsmb

   Signed                : False

   UserName              : AD\user

   PSComputerName        :

   CimClass              : ROOT/Microsoft/Windows/SMB:MSFT_SmbConnection

   CimInstanceProperties : {ContinuouslyAvailable, Credential, Dialect, Encrypted...}

   CimSystemProperties   : Microsoft.Management.Infrastructure.CimSystemProperties

Top

Mac hosts

Instructions for accessing your share on macOS manually

1. Open Finder.
2. Press Command-K and a Connect to Server window pops-up.

   

3. In the address bar, type in the share address: smb://<servername>/<sharename>.>
4. Optionally, click the + button to add as a favorite server.
5. Click Connect and the system will attempt to connect to the share.
6. If prompted, enter your university credentials. This is required if you do not have valid AD credentials from the current host.

Top 

Using Jamf Pro services to map shares to manage multiple mac hosts

As a share administrator, if your workflows require that numerous Mac hosts connect to a share, consider using UMD Jamf Pro Services to help manage share mappings on multiple Mac hosts.

Top

Confirming SMB protocol security settings for macOS

To confirm SMB protocol security settings for a share, use the following procedure.

1. Ensure you are connected to the share in question.
2. Open Terminal, by searching for it in Spotlight.

   

3. At the terminal prompt, type in the following command:
   

   Downloads user$ smbutil  statshares -a

   
   and review the output to make sure SMB_VERSION is SMB_3.02 and ENCRYPTION_SUPPORTED is TRUE.
   
   

   SHARE	ATTRIBUTE TYPE	VALUE
   testshare	SERVER_NAME	cifs.isip01.nas.umd.edu
   	USER_ID	1346562590
   	SMB_NEGOTIATE	SMBV_NEG_SMB3_ENABLED
   	SMB_VERSION	SMB_3.02
   	SMB_SHARE_TYPE	DISK
   	SIGNING_SUPPORTED	TRUE
   	EXTENDED_SECURITY_SUPPORTED	TRUE
   	LARGE_FILE_SUPPORTED	TRUE
   	FILE_IDS_SUPPORTED	TRUE
   	FILE_LEASING_SUPPORTED	TRUE
   	MULTI_CREDIT_SUPPORTED	TRUE
   	PERSISTENT_HANDLES_SUPPORTED	TRUE
   	ENCRYPTION_SUPPORTED	TRUE

Top

Chromebook hosts

Pre-requisite

You must Connect to GlobalProtect Virtual Private Network first.

Instructions for accessing your share on ChromeOS 71 or above

1. Install the app/extension Network File Share for Chrome OS from Chrome Web Store.
2. After installation, click on the Menu icon and launch the Network File Share app.
3. In the Share Path field, type in the SMB share address.
4. Under the Username field, please enter the domain and then the user id (for instance, AD\testuser).
5. Click on Mount after entering the password.

    

   
6. Your network share will now show up on the left side of your Files app.

Top

Additional notes

• As you set-up your shares for departmental use, you can manipulate file-level access control lists to manage a shared directory structure.  These ACL's are Windows NTFS permissions that, as a share administrator, you can manipulate as needed for your group workflows.  It is possible to accidentally remove permissions enough to lock out any access to your files from anyone.  If you find yourself without permissions, please have your share administrator reach out to storage-help@umd.edu to regain access. 
• Share administrators can request additional AD groups or users to be able to map a share.  Please contact your share administrator to contact storage-help@umd.edu to determine the best way to allow access to a share.
• Access to the share from off-campus is through the UMD VPN client.
• Automated capacity notifications are not available. Please monitor share capacity.
• Unless otherwise requested, snapshots are automatically configured with a policy that will snapshot your share or export nightly with a retention of two weeks.
• Unless otherwise requested, replication is automatically configured.  Standard replication policies replicate data to a secondary data center cluster two times a day.
• Unless otherwise indicated, backups are not automatically configured.  The recommended data protection method for NSS Shares is to ensure snapshot and replication policies of the NSS meet your file-level recovery needs.

Top