Avere Fxt Admin Smb Acl Guide

avere_fxt_admin_smb_acl_guide-2016

User Manual:

Open the PDF directly: View PDF .
Page Count: 4

FXT Admin SMB/CIFS ACLs Guide

Overview

ThisdocumentistoenableStorageAdministratorstoproperlyconfigureanAvereFXTclustertoprovide

SMB/CIFSACLenforcedaccesstoanNTFSsecuritystyleshareforWindowsclients.Aftercompletingthe

stepsinthisguide,theprocesscontinuesintheADAdministratorCIFSACLsGuide.



FXT Checklist

1. ConsultwithyourADAdministratorandverifythecorefiler’sfullyqualifiedServicePrincipalName

resolvesviaDNS.RefertotheADAdministratorguideformoreinformation.

2. Confirmajunctionisconfigured,alongwiththepathtotheCIFSshareonthecorefiler.

3. Adddirectoryservicesinformation,typicallybothActiveDirectoryandLDAP.

4. ProvideanADdomain.

5. CreateanADMachineaccountfortheFXTVServerandenableCIFSontheVServer.

6. CreateaCIFSsharefortheFXTVServerthatmapstotheCIFSshareonthecorefiler.



Configuring the Avere FXT Cluster

ThereareseveralareaswithintheAvereFXTcontrolpanelthatmustbeconfiguredtoenableCIFSACL

accessforWindowsclients.Configurationincludes:DNS,corefilers,VServers,junctions,directory

services(LDAP),binding,CIFSshares,ActiveDirectory,andmachineaccounts.



ConfirmDNS,CoreFiler,GNSVServer,andjunctionsareallconfigured.

1. ConfigureDNS(OpsGuideCh.2):Settings>Cluster>AdministrativeNetwork

2. AddcorefilerwithFQDN(OpsGuideCh.3):Settings>CoreFiler>ManageCoreFilers>Create

button>useFQDNinsteadofIP

3. Create(oruseexisting)GNSVServer(OpsGuideCh.4):Settings>VServer>ManageVServers

>Createbutton

4. AddajunctionwithadditionalinformationtosupportCIFSACLs(OpsGuideCh.4):Settings>

VServer>Namespace>AddNewJunction

a. CheckAdvanced

b. CIFSaccesscontrol:CIFSACLs

c. EntertheCIFSsharename,nottheNFSexportpathinthe“Corefilersharename”field.”

Forexample,ifthecorefilerexportis/vol/cifsdemoandtheCIFSsharenameis

cifsdemo,thenyouwouldentercifsdemo.





 





Copyright©20092016AvereSystems,Inc.Allrightsreserved.Specificationssubjecttochangewithoutnotice.



Adddirectoryservicesinformationforclientauthentication.Providelocationandcredentialsfordirectory

services.MostCIFSACLsinstallationsrelyonLDAPfortheUNIXidentityinformation.TheLDAPsetup

processisdescribedbelow.IfusingNISoraflatfile,refertochapter2oftheAvereOSOperationsGuide.

ThedirectoryservicecanbesetintheAvereControlpanelbynavigatingtotheSettingstab>Cluster>

DirectoryServices. 





ConfigureLDAPfordirectoryservices.

1. NavigatetotheSettingstab>Clustersection>DirectoryServices.

2. IntheLDAPsection,entertheservername(s)inIPaddressorFQDNformat.Example:10.0.0.7or

server.company.com

3. EntertheBaseDN,thebasenameoftheLDAPdomain,indistinguishedname(DN)format.

Example:dc=company,dc=com

4. CheckCredentialsbox.The“BindDN”and“BindPassword”fieldsappear.Thisenablessecure

exchangeofauthenticationinformationbetweentheLDAPandFXTservers.

5. IntheBindDNfield,provideanaccountthatcansecurelypollLDAPinformation(suchas

administrator)intheusername@domainoradistinguishedname(DN)format.Examples:

user@company.comorCN=user,DC=company,DC=com

6. EntertheBindpasswordforthataccount.

7. ClicktheSubmitbuttonatthebottomofthepage.

8. Optional:ValidatecredentialsbychangingtheSourceintheUserNamesectiontoLDAPand

clickingthePollNowbutton.ThelastpolldateshouldchangefromDec31,1969totoday’sdate.



ProvideanADdomain.

1. NavigatetotheSettingstab>Cluster>DirectoryServices

2. EntertheFQDNfortheADdomain.Forexample,domain.company.com.

3. ClicktheSubmitbutton.Otherfieldswillbecompletedautomatically.









Copyright©20092016AvereSystems,Inc.Allrightsreserved.Specificationssubjecttochangewithoutnotice.



EnableCIFSontheVServer.

1. NavigatetotheSettingstab>selectVServerundertheManageVServerssection>CIFS.



2. UndertheMachineAccountsection,entertheNamefortheCIFSserver.ThisistheNetBIOS

nameofthemachineaccountthatwillappearintheComputersOUinActiveDirectory.NetBIOS

namescannotexceed15charactersandmustbealphanumeric(nospecialsymbolsexcept

hyphens).

3. EntertheActiveDirectoryAdminusername.ThisisthenameofanActiveDirectoryWindowsuser

whohaspermissiontocreatethemachineaccountintheComputersOUintheActiveDirectory

domain.

4. EntertheADadminpasswordfortheADadminaccount.

5. Optional:IfthedesireistohavethemachineaccountinanOUotherthanComputers,checkthe

AdvancedbuttonandspecifythealternativeOU.

6. Click“UpdateCIFSConfiguration”button.ThepagewillreloadandtheCurrentJoinStatusshould

changeto“JOINED”afterafewseconds.

7. Inthe“Enable/Disable”section,checktheboxtoEnableCIFSontheVServer.







Copyright©20092016AvereSystems,Inc.Allrightsreserved.Specificationssubjecttochangewithoutnotice.





CreateaCIFSsharefortheFXTVServerthatmapstotheGNSjunctionthatwasconfiguredforCIFSACLs

access.Thisjunctionshouldhavethe“advanced”informationpopulatedwiththeCIFSsharenameonthe

corefiler.

1. NavigatetotheSettingstab>selectVServerundertheManageVServerssection>CIFSShares.

2. LeavetheSharetypeasRegularunlesscreatingahomeshareasharewithsubfoldersforeach

user,likevol/home/%Uwhichwouldcreatevol/home/jdoeforuserJohnDoe.

3. EnteranameforthenewshareintheCIFSsharenamefield.Thenamemustbeunique,not

containspecialcharacters,andiscasesensitive.

4. ForGNSVServers(recommended),thereisnoneedtoselectanNFSexport.ForSimple

VServers,clicktheNFSexportdropdownboxtoselecttheexport.

5. Optional:IfthecorefilerCIFSshareispointingtoasubdirectoryoftheNFSexport,thenenterthat

subdirectoryoftheexporthere.Forexample,iftheCIFSsharedefinedonthecorefilerispointing

to/vol/cifsdemo/dev,buttheNFSexportonthecorefileris“/vol/cifsdemo,”thenenter“dev”inthis

field.

6. ClicktheCreatebutton.















Copyright©20092016AvereSystems,Inc.Allrightsreserved.Specificationssubjecttochangewithoutnotice.

