Avere Fxt Admin Smb Acl Guide
avere_fxt_admin_smb_acl_guide-2016
User Manual:
Open the PDF directly: View PDF .
Page Count: 4
Download | |
Open PDF In Browser | View PDF |
FXT Admin SMB/CIFS ACLs Guide Overview This document is to enable Storage Administrators to properly configure an Avere FXT cluster to provide SMB/CIFS ACLenforced access to an NTFS security style share for Windows clients. After completing the steps in this guide, the process continues in the AD Administrator CIFS ACLs Guide. FXT Checklist 1. 2. 3. 4. 5. 6. Consult with your AD Administrator and verify the core filer’s fully qualified Service Principal Name resolves via DNS. Refer to the AD Administrator guide for more information. Confirm a junction is configured, along with the path to the CIFS share on the core filer. Add directory services information, typically both Active Directory and LDAP. Provide an AD domain. Create an AD Machine account for the FXT VServer and enable CIFS on the VServer. Create a CIFS share for the FXT VServer that maps to the CIFS share on the core filer. Configuring the Avere FXT Cluster There are several areas within the Avere FXT control panel that must be configured to enable CIFS ACL access for Windows clients. Configuration includes: DNS, core filers, VServers, junctions, directory services (LDAP), binding, CIFS shares, Active Directory, and machine accounts. Confirm DNS, Core Filer, GNS VServer, and junctions are all configured. 1. Configure DNS (Ops Guide Ch. 2): Settings > Cluster > Administrative Network 2. Add core filer with FQDN (Ops Guide Ch. 3): Settings > Core Filer > Manage Core Filers > Create button > use FQDN instead of IP 3. Create (or use existing) GNS VServer (Ops Guide Ch. 4): Settings > VServer > Manage VServers > Create button 4. Add a junction with additional information to support CIFS ACLs (Ops Guide Ch. 4): Settings > VServer > Namespace > Add New Junction a. Check Advanced b. CIFS access control: CIFS ACLs c. Enter the CIFS share name, not the NFS export path in the “Core filer share name” field.” For example, if the core filer export is /vol/cifsdemo and the CIFS share name is cifsdemo, then you would enter cifsdemo. Copyright © 20092016 Avere Systems, Inc. All rights reserved. Specifications subject to change without notice. Add directory services information for client authentication. Provide location and credentials for directory services. Most CIFS ACLs installations rely on LDAP for the UNIX identity information. The LDAP setup process is described below. If using NIS or a flat file, refer to chapter 2 of the Avere OS Operations Guide. The directory service can be set in the Avere Control panel by navigating to the Settings tab > Cluster > Directory Services. Configure LDAP for directory services. 1. Navigate to the Settings tab > Cluster section > Directory Services. 2. In the LDAP section, enter the server name(s) in IP address or FQDN format. Example: 10.0.0.7 or server.company.com 3. Enter the Base DN, the base name of the LDAP domain, in distinguished name (DN) format. Example: dc=company,dc=com 4. Check Credentials box. The “Bind DN” and “Bind Password” fields appear. This enables secure exchange of authentication information between the LDAP and FXT servers. 5. In the Bind DN field, provide an account that can securely poll LDAP information (such as administrator) in the username @ domain or a distinguished name (DN) format. Examples: user@company.com or CN=user,DC=company,DC=com 6. Enter the Bind password for that account. 7. Click the Submit button at the bottom of the page. 8. Optional: Validate credentials by changing the Source in the User Name section to LDAP and clicking the Poll Now button. The last poll date should change from Dec 31, 1969 to today’s date. Provide an AD domain. 1. Navigate to the Settings tab > Cluster > Directory Services 2. Enter the FQDN for the AD domain. For example, domain.company.com. 3. Click the Submit button. Other fields will be completed automatically. Copyright © 20092016 Avere Systems, Inc. All rights reserved. Specifications subject to change without notice. Enable CIFS on the VServer. 1. Navigate to the Settings tab > select VServer under the Manage VServers section > CIFS. 2. 3. 4. 5. 6. 7. Under the Machine Account section, enter the Name for the CIFS server. This is the NetBIOS name of the machine account that will appear in the Computers OU in Active Directory. NetBIOS names cannot exceed 15 characters and must be alphanumeric (no special symbols except hyphens). Enter the Active Directory Admin username. This is the name of an Active Directory Windows user who has permission to create the machine account in the Computers OU in the Active Directory domain. Enter the AD admin password for the AD admin account. Optional: If the desire is to have the machine account in an OU other than Computers, check the Advanced button and specify the alternative OU. Click “Update CIFS Configuration” button. The page will reload and the Current Join Status should change to “JOINED” after a few seconds. In the “Enable / Disable” section, check the box to Enable CIFS on the VServer. Copyright © 20092016 Avere Systems, Inc. All rights reserved. Specifications subject to change without notice. Create a CIFS share for the FXT VServer that maps to the GNS junction that was configured for CIFS ACLs access. This junction should have the “advanced” information populated with the CIFS share name on the core filer. 1. Navigate to the Settings tab > select VServer under the Manage VServers section > CIFS Shares. 2. Leave the Share type as Regular unless creating a home share a share with subfolders for each user, like vol/home/%U which would create vol/home/jdoe for user John Doe. 3. Enter a name for the new share in the CIFS share name field. The name must be unique, not contain special characters, and is case sensitive. 4. For GNS VServers (recommended), there is no need to select an NFS export. For Simple VServers, click the NFS export dropdown box to select the export. 5. Optional: If the core filer CIFS share is pointing to a subdirectory of the NFS export, then enter that subdirectory of the export here. For example, if the CIFS share defined on the core filer is pointing to /vol/cifsdemo/dev, but the NFS export on the core filer is “/vol/cifsdemo,” then enter “dev” in this field. 6. Click the Create button. Copyright © 20092016 Avere Systems, Inc. All rights reserved. Specifications subject to change without notice.
Source Exif Data:
File Type : PDF File Type Extension : pdf MIME Type : application/pdf PDF Version : 1.5 Linearized : Yes Producer : Skia/PDF m54 Page Count : 4EXIF Metadata provided by EXIF.tools