Block Based Recovery settings

When recovering a Block-Based backup with CoBMR, changes are required to be set on the Cluster to allow full access to the VHDs for recovery. This is due to adjustments in the way Cohesity manages access to smb shares.

Please set the view and gflag options below using the Cohesity iris_cli:

1. Start the Cohesity DataPlatform CLI remotely or locally as described in Cohesity knowledgebase article: How to access the Cohesity DataPlatform CLI (Iris CLI)#:
   https://support.cohesity.com/s/article/How-to-access-the-Cohesity-DataPlatform-CLI-Iris-CLI.

2. Enable the option bridge_smb_portal_auth_local_authentication_enabled (one line): as per: https://support.cohesity.com/s/article/How-to-enable-local-user-authentication-to-a-Cohesity-SMB-View

cluster update-gflag gflag-name=bridge_smb_portal_auth_local_authentication_enabled
service-name=bridge effective-now=true reason=KB-3922 gflag-value=true

3. Set the view gflag

cluster update-gflag service-name=magneto gflag-name=magneto_physical_file_restore_try_local_user_for_smb gflag-value=true effective-now=true reason=Enable_local_authentication

4. User access

When using a domain user

Using a Domain user account is the simplest form.

In the Cohesity GUI under /views/global-settings set the SMB Options to enable SMB Authentication.

When using a local user only

Below is an example, please set your own username and password. To do this run iris_cli and log in with a suitable Admin User/password.

For a new user “blockuser” with a password of “P@ssw0rd”

user add user-name=blockuser password=P@ssw0rd primary-group-name=Users
user edit user-name=blockuser password=P@ssw0rd allow-smb-access-token=true
user edit user-name=blockuser roles=Admin

Roles access, set the prefferred Role for the user.

If some of the above commands have already been set e.g. local admin user has already been created or bridge is set, the only requirement is to configure anything new. However, running a command a second time will not break anything.