Home » HP Manuals » Desktops » HP DL160 » Manual Viewer

HP DL160 HP ProLiant Storage Server User Guide (440584-004, February 2008) - Page 102

Server for NFS Authentication DLL versus Service for User for Active Directory domain controllers

UPC - 883585847174

Add to My Manuals
Save this manual to your list of manuals

Page 102 highlights

UNIX computers follow advisory locking for all lock requests. This means that the operating system does not enforce lock semantics on a file, and applications that check for the existence of locks can use these locks effectively. However, Server for NFS implements mandatory locks even for those locking requests that are received through NFS. This ensures that locks acquired through NFS are visible through the server message block (SMB) protocol and to applications accessing the files locally. Mandatory locks are enforced by the operating system. Server for NFS Authentication DLL versus Service for User for Active Directory domain controllers On a Windows Storage Server 2003 R2 storage server, Server for NFS depends on a domain controller feature called Service for User (S4U) to authenticate UNIX users as their corresponding Windows users. Windows Server operating systems prior to Windows Server 2003 and Windows Storage Server 2003 do not support S4U. Also, in mixed domain environments, legacy Services for UNIX (SFU), Services for NFS and Windows Storage Server 2003 NFS deployments do not use the S4U feature and still depend on the Server for NFS Authentication DLL being installed on domain controllers. Therefore, the administrator needs to install the Server for NFS Authentication DLL on Windows 2000 domain controllers when: • The NFS file serving environment uses previous NFS releases (NAS, SFU, and so on). • The Windows domain environment uses pre-2003 domain controllers. See Table 21 for guidance as to when to use NFS Authentication DLL instead of S4U legacy NFS and R2 MSNFS. Table 21 Authentication table Domain controller type Legacy NFS (pre-WSS2003 R2) MSNFS (WSS2003 R2) Legacy domain controller Requires NFS Authentication Requires NFS Authentication DLL on domain (pre-WSS2003) DLL on domain controller controller Recent domain controllers (WSS2003 and later) Requires NFS Authentication DLL on domain controller Uses the built-in S4U (on the domain controller). It is unaffected by the NFS Authentication DLL on the domain controller. The S4U set of extensions to the Kerberos protocol consists of the Service-for-User-to-Proxy (S4U2Proxy) extension and the Service-for-User-to-Self (S4U2Self) extension. For more information about the S4U2 extensions, see the Kerberos articles at the following URLs: http:// searchwindowssecurity.techtarget.com/originalContent/0,289142,sid45_gci1013484,00.html (intended for IT professionals) and http://msdn.microsoft.com/msdnmag/issues/03/04/SecurityBriefs/ default.aspx (intended for developers). Installing NFS Authentication DLL on domain controllers NOTE: If the authentication software is not installed on all domain controllers that have user name mappings, including primary domain controllers, backup domain controllers, and Active Directory domains, then domain user name mappings will not work correctly. You need to install the version of NFS Authentication included with Services for UNIX 3.5. You can download Services for UNIX 3.5 at no charge from http://go.microsoft.com/fwlink/?LinkId=44501. 102 Microsoft Services for Network File System (MSNFS)

Section	Page
HP ProLiant Storage Server	1
Table of Contents	3
About this guide	13
Intended audience	13
Related documentation	13
Document conventions and symbols	13
Rack stability	14
HP technical support	15
Customer self repair	15
Product warranties	15
Subscription service	15
HP websites	16
Documentation feedback	16
1 Installing and configuring the server	17
Setup overview	17
Planning for installation	17
Planning a network configuration	18
Configuration checklist	19
Installing the server	19
Locating and writing down the serial number	19
Checking kit contents	20
Powering on the server	20
Factory image	20
Physical configuration	21
Default boot sequence	22
Accessing the HP Storage Server Management console	22
Using the direct attach method	23
Using the remote browser method	23
Using the Remote Desktop method	25
Logging off and disconnecting	26
Telnet Server	26
Enabling Telnet Server	27
Sessions information	27
Using remote management methods	27
Using the Lights-Out 100 method	27
Using the Integrated Lights-Out 2 method	28
Configuring the server on the network	30
Before you begin	30
Running the Rapid Startup Wizard	31
Completing system configuration	32
2 Server components	33
ML110 G5 hardware components	33
DL160 G5 hardware components	36
ML350 G5 hardware components	38
DL380 G5 hardware components	40
DL585 G2 hardware components	44
SAS and SATA hard drive LEDs	46
Systems Insight Display LEDs and internal health LED combinations	48
3 Storage management overview	51
Storage management elements	51
Storage management example	51
Physical storage elements	52
Arrays	53
Fault tolerance	54
Online spares	54
Logical storage elements	54
Logical drives (LUNs)	54
Partitions	55
Volumes	55
File system elements	56
File sharing elements	56
Volume Shadow Copy Service overview	56
Using storage elements	57
Clustered server elements	57
Network adapter teaming	57
Management tools	57
HP Systems Insight Manager	57
Management Agents	58
4 File server management	59
File services features in Windows Storage Server 2003 R2	59
Storage Manager for SANs	59
Single Instance Storage	59
File Server Resource Manager	59
Windows SharePoint Services	60
HP Storage Server Management Console	60
File services management	60
Configurable and pre-configured storage	61
Storage management utilities	61
Array management utilities	61
Array Configuration Utility	62
Disk Management utility	63
Guidelines for managing disks and volumes	63
Scheduling defragmentation	63
Disk quotas	64
Adding storage	65
Expanding storage	65
Extending storage using Windows Storage Utilities	65
Extend volumes using Disk Management	66
Expanding storage for EVA arrays using Command View EVA	66
Expanding storage using the Array Configuration Utility	66
Expand logical drive	66
Volume shadow copies	67
Shadow copy planning	67
Identifying the volume	67
Allocating disk space	68
Identifying the storage area	69
Determining creation frequency	69
Shadow copies and drive defragmentation	69
Mounted drives	70
Managing shadow copies	70
The shadow copy cache file	71
Enabling and creating shadow copies	72
Viewing a list of shadow copies	73
Set schedules	73
Viewing shadow copy properties	73
Redirecting shadow copies to an alternate volume	74
Disabling shadow copies	74
Managing shadow copies from the storage server desktop	75
Shadow Copies for Shared Folders	75
SMB shadow copies	76
NFS shadow copies	77
Recovery of files or folders	78
Recovering a deleted file or folder	78
Recovering an overwritten or corrupted file	79
Recovering a folder	79
Backup and shadow copies	80
Shadow Copy Transport	80
Folder and share management	81
Folder management	81
Share management	87
Share considerations	87
Defining Access Control Lists	88
Integrating local file system security into Windows domain environments	88
Comparing administrative (hidden) and standard shares	88
Managing shares	89
File Server Resource Manager	89
Quota management	89
File screening management	90
Storage reports	90
Other Windows disk and data management tools	90
Additional information and references for file services	90
Backup	90
HP StorageWorks Library and Tape Tools	91
Antivirus	91
Security	91
More information	91
5 Print services	93
Microsoft Print Management Console	93
New or improved HP print server features	93
HP Web Jetadmin	93
HP Install Network Printer Wizard	93
HP Download Manager for Jetdirect Printer Devices	93
Microsoft Print Migrator utility	93
Network printer drivers	94
Print services management	94
Microsoft Print Management Console	94
HP Web Jetadmin installation	94
Web-based printer management and Internet printing	94
Planning considerations for print services	95
Print queue creation	95
Sustaining print administration tasks	96
Driver updates	96
Print drivers	96
User-mode vs. kernel-mode drivers	96
Kernel-mode driver installation blocked by default	96
HP Jetdirect firmware	96
Printer server scalability and sizing	97
Backup	97
Best practices	97
Troubleshooting	98
Additional references for print services	98
6 Microsoft Services for Network File System (MSNFS)	99
MSNFS Features	99
UNIX Identity Management	99
MSNFS use scenarios	100
MSNFS components	100
Administering MSNFS	101
Server for NFS	101
Server for NFS Authentication DLL versus Service for User for Active Directory domain controllers	102
Installing NFS Authentication DLL on domain controllers	102
Elevate S4U2 functionality on Windows Server 2003 domain controllers	103
Server for NFS administration	104
Accessing NFS resources for Windows users and groups	104
Managing access using the .maphosts file	105
Allowing anonymous access to resources by NFS clients	105
Best practices for running Server for NFS	106
User Name Mapping	106
User Name Mapping Administration	107
Best practices for User Name Mapping	107
Microsoft Services for NFS troubleshooting	108
Microsoft Services for NFS command-line tools	108
Optimizing Server for NFS performance	108
Print services for UNIX	108
Point and print from UNIX to Windows Server 2003	109
Additional resources	109
7 Other network file and print services	111
File and Print Services for NetWare (FPNW)	111
Installing Services for NetWare	111
Managing File and Print Services for NetWare	112
Creating and managing NetWare users	113
Adding local NetWare users	114
Enabling local NetWare user accounts	114
Managing NCP volumes (shares)	115
Creating a new NCP share	116
Modifying NCP share properties	116
Print Services for NetWare	116
Point and Print from Novell to Windows Server 2003	116
Additional resources	117
AppleTalk and file services for Macintosh	117
Installing the AppleTalk protocol	117
Installing File Services for Macintosh	117
Completing setup of AppleTalk protocol and shares	117
Print services for Macintosh	118
Installing Print Services for Macintosh	118
Point and Print from Macintosh to Windows Server 2003	118
8 Enterprise storage servers	119
Windows Server Remote Administration Applet	119
Microsoft iSCSI Software Target	120
Virtual disk storage	120
Snapshots	120
Wizards	121
Create iSCSI Target Wizard	121
Create Virtual Disk Wizard	122
Import Virtual Disk Wizard	123
Extend Virtual Disk Wizard	123
Schedule Snapshot Wizard	123
Hardware provider	124
Cluster support	124
9 Cluster administration	125
Cluster overview	125
Cluster terms and components	126
Nodes	126
Resources	126
Cluster groups	127
Virtual servers	127
Failover and failback	127
Quorum disk	127
Cluster concepts	128
Sequence of events for cluster resources	128
Hierarchy of cluster resource components	129
Cluster planning	129
Storage planning	130
Network planning	130
Protocol planning	131
Preparing for cluster installation	132
Before beginning installation	132
Using multipath data paths for high availability	132
Enabling cluster aware Microsoft Services for NFS (optional)	132
Checklists for cluster server installation	133
Network requirements	133
Shared disk requirements	134
Cluster installation	134
Setting up networks	135
Configuring the private network adapter	135
Configuring the public network adapter	135
Renaming the local area connection icons	135
Verifying connectivity and name resolution	135
Verifying domain membership	136
Setting up a cluster account	136
About the Quorum disk	136
Configuring shared disks	136
Verifying disk access and functionality	136
Configuring cluster service software	136
Using Cluster Administrator	137
Using Cluster Administrator remotely	137
The HP Storage Server Management Console	137
Creating a cluster	137
Adding nodes to a cluster	137
Geographically dispersed clusters	138
Cluster groups and resources, including file shares	138
Cluster group overview	138
Node-based cluster groups	138
Load balancing	139
File share resource planning issues	139
Resource planning	139
Permissions and access rights on share resources	139
NFS cluster-specific issues	140
Non cluster aware file sharing protocols	140
Adding new storage to a cluster	140
Creating physical disk resources	141
Creating file share resources	141
Creating NFS share resources	141
Shadow copies in a cluster	141
Extend a LUN in a cluster	142
MSNFS administration on a server cluster	142
Best practices for running Server for NFS in a server cluster	142
Print services in a cluster	143
Creating a cluster printer spooler	143
Advanced cluster administration procedures	144
Failing over and failing back	144
Restarting one cluster node	144
Shutting down one cluster node	144
Powering down the cluster	145
Powering up the cluster	145
Additional information and references for cluster services	146
10 Troubleshooting, servicing, and maintenance	147
Troubleshooting the storage server	147
WEBES (Web Based Enterprise Services)	148
Maintenance and service	148
Maintenance and service documentation	148
Maintenance updates	148
System updates	148
Firmware updates	148
Certificate of Authenticity	149
11 System recovery	151
The System Recovery DVD	151
To restore a factory image	151
Systems with a DON'T ERASE partition	151
Managing disks after a restoration	151
A Configuring storage server for Web access (optional)	153
Setting up an Internet connection	153
B Regulatory compliance and safety	155
Federal Communications Commission notice	155
Class A equipment	155
Class B equipment	155
Declaration of conformity for products marked with the FCC logo, United States only	156
Modifications	156
Cables	156
Laser compliance	156
International notices and statements	157
Canadian notice (Avis Canadien)	157
Class A equipment	157
Class B equipment	157
European Union notice	157
BSMI notice	158
Japanese notice	158
Korean notice A&B	158
Class A equipment	158
Class B equipment	158
Safety	159
Battery replacement notice	159
Taiwan battery recycling notice	159
Power cords	159
Japanese power cord notice	160
Electrostatic discharge	160
Preventing electrostatic discharge	160
Grounding methods	160
Waste Electrical and Electronic Equipment (WEEE) directive	160
Czechoslovakian notice	160
Danish notice	161
Dutch notice	161
English notice	161
Estonian notice	162
Finnish notice	162
French notice	162
German notice	162
Greek notice	163
Hungarian notice	163
Italian notice	163
Latvian notice	163
Lithuanian notice	164
Polish notice	164
Portuguese notice	164
Slovakian notice	165
Slovenian notice	165
Spanish notice	165
Swedish notice	165

Match case Limit results 1 per page

UNIX computers follow advisory locking for all lock requests. This means that the operating system

does not enforce lock semantics on a file, and applications that check for the existence of locks can

use these locks effectively. However, Server for NFS implements mandatory locks even for those

locking requests that are received through NFS. This ensures that locks acquired through NFS are

visible through the server message block (SMB) protocol and to applications accessing the files locally.

Mandatory locks are enforced by the operating system.

Server for NFS Authentication DLL versus Service for User for Active Directory domain controllers

On a Windows Storage Server 2003 R2 storage server, Server for NFS depends on a domain

controller feature called Service for User (S4U) to authenticate UNIX users as their corresponding

Windows users. Windows Server operating systems prior to Windows Server 2003 and Windows

Storage Server 2003 do not support S4U. Also, in mixed domain environments, legacy Services for

UNIX (SFU), Services for NFS and Windows Storage Server 2003 NFS deployments do not use the

S4U feature and still depend on the Server for NFS Authentication DLL being installed on domain

controllers.

Therefore, the administrator needs to install the Server for NFS Authentication DLL on Windows 2000

domain controllers when:

•

The NFS file serving environment uses previous NFS releases (NAS, SFU, and so on).

•

The Windows domain environment uses pre-2003 domain controllers.

See

Table 21

for guidance as to when to use NFS Authentication DLL instead of S4U legacy NFS and

R2 MSNFS.

Table 21 Authentication table

MSNFS (WSS2003 R2)

Legacy NFS

(pre-WSS2003 R2)

Domain controller type

Requires NFS Authentication DLL on domain

controller

Requires NFS Authentication

DLL on domain controller

Legacy domain controller

(pre-WSS2003)

Uses the built-in S4U (on the domain controller). It

is unaffected by the NFS Authentication DLL on the

domain controller.

Requires NFS Authentication

DLL on domain controller

Recent domain

controllers (WSS2003

and later)

The S4U set of extensions to the Kerberos protocol consists of the Service-for-User-to-Proxy (S4U2Proxy)

extension and the Service-for-User-to-Self (S4U2Self) extension. For more information about the S4U2

extensions, see the Kerberos articles at the following URLs:

tp://

ear

indo

.co

m/o

ginalC

t/0,2

914

,si

5_gc

i1013

00.h

tml

(intended for IT professionals) and

tp://msdn

.mi

.co

m/msdnmag/is

sue

s/0

3/0

4/S

yBr

ult

(intended for developers).

Installing NFS Authentication DLL on domain controllers

NOTE:

If the authentication software is not installed on all domain controllers that have user name mappings,

including primary domain controllers, backup domain controllers, and Active Directory domains, then

domain user name mappings will not work correctly.

You need to install the version of NFS Authentication included with Services for UNIX 3.5. You can download

Services for UNIX 3.5 at no charge from

tp://g

.mi

.co

m/f

link/?L

inkId=4

Microsoft Services for Network File System (MSNFS)

102