Configuring Multiprotocol File Sharing ... Configuring user mappings for multiprotocol NAS servers

  • View
    2

  • Download
    0

Embed Size (px)

Text of Configuring Multiprotocol File Sharing ... Configuring user mappings for multiprotocol NAS servers

  • Dell EMC Unity™ Family Version 4.5

    Configuring Multiprotocol File Sharing H16551

    REV 04

  • Copyright © 2017-2019 Dell Inc. or its subsidiaries. All rights reserved.

    Published January 2019

    Dell believes the information in this publication is accurate as of its publication date. The information is subject to change without notice.

    THE INFORMATION IN THIS PUBLICATION IS PROVIDED “AS-IS.“ DELL MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND

    WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF

    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. USE, COPYING, AND DISTRIBUTION OF ANY DELL SOFTWARE DESCRIBED

    IN THIS PUBLICATION REQUIRES AN APPLICABLE SOFTWARE LICENSE.

    Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be the property

    of their respective owners. Published in the USA.

    Dell EMC Hopkinton, Massachusetts 01748-9103 1-508-435-1000 In North America 1-866-464-7381 www.DellEMC.com

    2 Unity Family 4.5 Configuring Multiprotocol File Sharing

  • 5

    7

    9

    Multiprotocol file sharing 11 About multiprotocol file sharing in Unity..................................................... 12

    Deep dive: File system security and access in a multiprotocol environment 17 Security on file system objects................................................................... 18 File system access...................................................................................... 18 User mapping.............................................................................................. 18 Access policies for NFS, SMB, and FTP..................................................... 22 Credentials for file level security.................................................................23 Multiprotocol file system security settings................................................. 25

    Configure a NAS server for multiprotocol file sharing 27 Overview of configuring NAS servers for multiprotocol file sharing............28 Create a NAS server for multiprotocol file sharing (SMB and NFS)........... 29 Configure NAS server sharing protocols and FTP/SFTP support................31 Configure a NAS server Unix Directory Service..........................................32 Upload an LDAPS CA certificate for a NAS server..................................... 35 Change NAS server Unix credential settings.............................................. 35 View the active LDAPS CA certificate for a NAS server............................. 36 Configuring user mappings for multiprotocol NAS servers......................... 36 Change NAS server user mappings.............................................................37

    Configure a file system for multiprotocol file sharing 41 Create a file system....................................................................................42 Advanced SMB file system settings............................................................42 Multiprotocol file system security settings................................................. 43

    Configure shares 45 Share local paths and export paths.............................................................46 Create an SMB share................................................................................. 46 Advanced SMB share properties.................................................................47 Create an NFS share.................................................................................. 49

    Enable multiprotocol file sharing on an existing NAS server 51

    Figures

    Tables

    Preface

    Chapter 1

    Chapter 2

    Chapter 3

    Chapter 4

    Chapter 5

    Chapter 6

    CONTENTS

    Unity Family 4.5 Configuring Multiprotocol File Sharing 3

  • Enable multiprotocol file sharing on an existing NFS-enabled NAS server.... 52 Enable multiprotocol file sharing on an existing SMB-enabled NAS server.... 53

    Configure Distributed File System and widelinks 55 About Distributed File System.................................................................... 56 About configuring DFS roots...................................................................... 56 About widelinks.......................................................................................... 56

    Troubleshooting a multiprotocol configuration 59 Service commands for troubleshooting a multiprotocol configuration........ 60

    Chapter 7

    Chapter 8

    CONTENTS

    4 Unity Family 4.5 Configuring Multiprotocol File Sharing

  • High-level steps for configuring multiprotocol file sharing...........................................13 Process for resolving an SID to a UID, primary GID mapping.......................................21 Process used to resolve a UID to an SID mapping.......................................................22

    1 2 3

    FIGURES

    Unity Family 4.5 Configuring Multiprotocol File Sharing 5

  • FIGURES

    6 Unity Family 4.5 Configuring Multiprotocol File Sharing

  • LDAP authentication...................................................................................................34 NAS server Unix credential settings........................................................................... 35

    1 2

    TABLES

    Unity Family 4.5 Configuring Multiprotocol File Sharing 7

  • TABLES

    8 Unity Family 4.5 Configuring Multiprotocol File Sharing

  • Additional resources

    As part of an improvement effort, revisions of the software and hardware are periodically released. Therefore, some functions described in this document might not be supported by all versions of the software or hardware currently in use. The product release notes provide the most up-to-date information on product features. Contact your technical support professional if a product does not function properly or does not function as described in this document.

    Where to get help Support, product, and licensing information can be obtained as follows:

    Product information For product and feature documentation or release notes, go to Unity Technical Documentation at: www.emc.com/en-us/documentation/unity-family.htm.

    Troubleshooting For information about products, software updates, licensing, and service, go to Online Support (registration required) at: https://Support.EMC.com. After logging in, locate the appropriate Support by Product page.

    Technical support For technical support and service requests, go to Online Support at: https:// Support.EMC.com. After logging in, locate Create a service request. To open a service request, you must have a valid support agreement. Contact your Sales Representative for details about obtaining a valid support agreement or to answer any questions about your account.

    Special notice conventions used in this document

    DANGER

    Indicates a hazardous situation which, if not avoided, will result in death or serious injury.

    WARNING

    Indicates a hazardous situation which, if not avoided, could result in death or serious injury.

    CAUTION

    Indicates a hazardous situation which, if not avoided, could result in minor or moderate injury.

    NOTICE

    Addresses practices not related to personal injury.

    Note

    Presents information that is important, but not hazard-related.

    Unity Family 4.5 Configuring Multiprotocol File Sharing 9

    https://www.emc.com/en-us/documentation/unity-family.htm https://Support.EMC.com https://Support.EMC.com https://Support.EMC.com

  • Additional resources

    10 Unity Family 4.5 Configuring Multiprotocol File Sharing

  • CHAPTER 1

    Multiprotocol file sharing

    l About multiprotocol file sharing in Unity............................................................. 12

    Multiprotocol file sharing 11

  • About multiprotocol file sharing in Unity To access data files shared by a NAS server over a network, host clients mainly use two file protocols: SMB and NFS. The SMB protocol is used mainly by Windows clients, and the NFS protocol is used mainly by UNIX clients. The NFS and SMB protocols have many differences, including those described in the following table:

    NFS SMB

    Lock policy Uses a User Identifier (UID) and Group Identifier (GID). NFSv3 range locks are advisory and NFSv4 range locks are advisory or mandatory (default).

    Uses a security Identifier (SID). SMB range locks are mandatory.

    User authentication

    Handled by one of the following:

    l A previous local login to another Unix system

    l A UNIX Directory Service (NIS or LDAP), which looks up a user's UID/GID

    l Local password and group files, which look up a user's UID/GID

    Handled by Active Directory, which looks up a user's SID. This requires NTP and DNS.

    Security rules Uses the UNIX credential associated with the authenticated user to check mode bits (NFSv3) or to check access rights in the NFSv4 ACL.

    Uses the Windows credential associated with the authenticated user to check the SMB Access ACL.

    Rename policy Allows renaming a component of an open file.

    Forbids renaming a component of an open file.

    Unity supports a mixed NFS and SMB environment by providing simultaneous access to the same data for both NFS (v3 and v4) and SMB. You configure multiprotocol functionality by creating a NAS server that is enabled for m