Dell PowerStore 1200T EMC PowerStore Configuring NFS - Page 12

3. Enable either NFSv3, NFSv4, or both. 4. Optionally, disable, or enable Secure NFS. Extended UNIX credentials are also enabled. 5. Enable or disable Extend Unix credentials. NOTE: Secure NFS supports NFS credentials with more than 16 groups, which is equivalent to the extended UNIX credentials option. ● If this field is selected, the NAS server uses the User ID (UID) to obtain the primary Group ID (GID) and all group GIDs to which it belongs. The NAS server obtains the GIDs from the local password file or UDS. ● If this field is cleared, the UNIX credential of the NFS request is directly unzipped from the network information that is contained in the frame. This method has better performance, but it is limited to including up to only 16 group GIDs. 6. In the Credential Cache Retention, enter a time period (in minutes) for which access credentials are retained in the cache. 7. Apply the changes. Configure FTP, or SFTP sharing protocol You can configure FTP or FTP over SSH (SFTP) settings for an existing NAS server only. Passive mode FTP is not supported. FTP access can be authenticated using the same methods as NFS. Once authentication is complete, access is the same as NFS for security and permission purposes. If the format is anything other than user@domain or domain\user, NFS authentication is used. NFS authentication uses local files, LDAP, NIS, or local files with LDAP or NIS. To use local files for NFS, FTP access, the passwd file must include an encrypted password for the users. This password is used for FTP access only. The passwd file uses the same format and syntax as a standard Unix system, so you can leverage this to generate the local passwd file. On a Unix system, use useradd to add a new user and passwd to set the password for that user. Then, copy the hashed password from the /etc/shadow file, add it to the second field in the /etc/passwd file, and upload the /etc/passwd file to the NAS server. 1. Select the Storage > NAS Servers > [nas server] > Sharing Protocols > FTP tab. 2. Under FTP, if Disabled in on, slide the button to Enable. 3. Optionally also enable SSH FTP. Under SFTP, if Disabled in on, slide the button to Enable. 4. Under FTP/SFTP Server Access, Select which type of authenticated users have access to the files. 5. Optionally, show the Home Directory and Audit options. ● Select or clear the Home directory restrictions. If disabled, enter the Default home directory. ● Select or clear Enable FTP/SFTP Auditing. If checked, enter the directory location of where to save the audit files, and the maximum size allowed for the audit file. 6. Optionally, Show Messages, and enter a default Welcome message, and Message of the day. 7. Optionally, Show Access Control List to provide access or deny access to Filtered Users, Filtered Groups, and Filtered hosts. 8. Click Apply. Configure Kerberos for NAS server Security You can configure the NAS Server with Kerberos. Kerberos is a distributed authentication service designed to provide strong authentication with secret-key cryptography. It works on the basis of "tickets" that allow nodes communicating over a non-secure network to prove their identity in a secure manner. When configured to act as a secure NFS server, the NAS server uses the RPCSEC_GSS security framework and Kerberos authentication protocol to verify users and services. If the NAS server has been configured with NFS only, and you are configuring Secure NFS, or LDAP with Kerberos, you must configure Kerberos with a custom realm before configuring security in PowerStore. If the NAS server has been configured with both the NFS and SMB protocol, you have the option of using Kerberos that is inherited with AD since the domain joined SMB server exists on the NAS server. The storage system must be configured with an NTP server. Kerberos relies on the correct time synchronization between the KDC, servers, and client on the network. 12 Create NAS servers