Dell PowerVault 700N Dell PowerVault Network Attached Storage (NAS) Systems Ad - Page 22

Authorizing Appropriate Access To The ADS LDS Namespace Object, Configuring The Mapping Source

Get Dell PowerVault 700N PDF manuals and user guides View all Dell PowerVault 700N manuals
Add to My Manuals
Save this manual to your list of manuals

Page 22 highlights

Authorizing Appropriate Access To The ADS LDS Namespace Object To connect to the Configuration partition: 1. Click Start, right-click Command Prompt, and click Run as administrator to open an elevated command prompt. 2. Navigate to the C:\WINDOWS\ADAM directory, and run the dsacls command to grant the Everyone group read access to the mapping data store as follows: dsacls "\\server1:389\CN=nfsadldsinstance,dc=server1" /G everyone:GR /I:T 3. Optionally, if you are setting up a shared AD LDS store to allow multiple NFS servers to query the account mapping database, add the mapping data store to the ACL to allow Read permissions for the Anonymous Logon account as follows: dsacls "\\server1:389\CN=nfsadldsinstance,dc=server1" /G "anonymous logon":GR /I:T NOTE: You can skip this step if there is no shared access between computers to the mapping data store. Configuring The Mapping Source To configure the mapping source: 1. Click Start, right-click Command Prompt, and click Run as administrator to open an elevated command prompt. 2. Run the following command, where is the name of the computer where the AD LDS instance was created, and where is the port that the AD LDS instance uses: nfsadmin mapping config adlookup=yes addomain=: NOTE: For this example, use the following: nfsadmin mapping config adlookup=yes addomain=server1:389 3. Test the setup by accessing the NFS resources and verifying that the user and group account mappings work as expected. Debug Notes For NFS Account Mapping Problems Server for NFS can be made to log account mapping failures to the Windows Event Log service by setting the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nfsserver\Parameters \VerboseMappingFailureLogging INVALID USE OF SYMBOLS REG_DWORD = 1 After you create the key, you must restart the Server for NFS. Restarting The Server For NFS To restart the server for NFS: 1. Click Start, right-click Command Prompt, and click Run as administrator to open an elevated command prompt. 2. Run the following command: nfsadmin server stop && nfsadmin server start 22

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
Authorizing Appropriate Access To The ADS LDS Namespace Object
To connect to the Configuration partition:
1.
Click
Start
, right-click
Command Prompt
, and click
Run as administrator
to open an elevated command prompt.
2.
Navigate to the
C:\WINDOWS\ADAM
directory, and run the
dsacls
command to grant the
Everyone
group read
access to the mapping data store as follows:
dsacls "\\server1:389\CN=nfsadldsinstance,dc=server1" /G everyone:GR /I:T
3.
Optionally, if you are setting up a shared AD LDS store to allow multiple NFS servers to query the account mapping
database, add the mapping data store to the ACL to allow Read permissions for the Anonymous Logon account as
follows:
dsacls "\\server1:389\CN=nfsadldsinstance,dc=server1" /G "anonymous
logon":GR /I:T
NOTE:
You can skip this step if there is no shared access between computers to the mapping data store.
Configuring The Mapping Source
To configure the mapping source:
1.
Click
Start
, right-click
Command Prompt
, and click
Run as administrator
to open an elevated command prompt.
2.
Run the following command, where
<Computer>
is the name of the computer where the AD LDS instance was
created, and where
<Port>
is the port that the AD LDS instance uses:
nfsadmin mapping config adlookup=yes addomain=<Computer>:<Port>
NOTE:
For this example, use the following:
nfsadmin mapping config adlookup=yes addomain=server1:389
3.
Test the setup by accessing the NFS resources and verifying that the user and group account mappings work as
expected.
Debug Notes For NFS Account Mapping Problems
Server for NFS can be made to log account mapping failures to the Windows Event Log service by setting the following
registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nfsserver\Parameters
\VerboseMappingFailureLogging INVALID USE OF SYMBOLS REG_DWORD = 1
After you create the key, you must restart the Server for NFS.
Restarting The Server For NFS
To restart the server for NFS:
1.
Click
Start
, right-click
Command Prompt
, and click
Run as administrator
to open an elevated command prompt.
2.
Run the following command:
nfsadmin server stop && nfsadmin server start
22