Home » Dell Manuals » Storage Devices » Dell PowerVault NX3610 » Manual Viewer

Dell PowerVault NX3610 User Manual - Page 33

Setting Access Control Lists And Share Level Permissions On FluidFS

View all Dell PowerVault NX3610 manuals

Add to My Manuals
Save this manual to your list of manuals

Page 33 highlights

This is the account that creates the folders (either using a user create script or manually) for each users home share. 6. Disconnect or unmount the user share, and remount it as an account that has ownership of it, as previously set (as a Domain Admin, Storage Admin, or specific account ownership was set to). 7. In the NAS Manager, create a new CIFS share, and select the share type CIFS share containing a user-based directory tree. 8. Previously, the general access share titled users was created at the path /users. In Path template, enter /users and then select if you want the users folders to take the form of /users/username or /users/domain/username. 9. Click Save Changes. 10. Using Windows Explorer, for each user that you wish to be given a home share, create a folder for them that conforms to the Path template: you selected in the previous step. This can be done manually or with a user create script. Setting Access Control Lists And Share Level Permissions On FluidFS You can set up access control lists (ACLs) and share level permissions (SLP) on Fluid File System (FluidFS). It is recommended that a Windows administrator follows the best practices as defined by Microsoft. Both ACLs and SLPs are supported by FluidFS. However, SLPs are limited as they only address full control, modify and read rights for any given user or group. CIFS Storage Administrator Account A built-in local CIFS storage administrator account serves the primary purpose of setting ownership of the CIFS share. The account can also be used to set ACLs when the NAS service is not joined to an Active Directory domain. This builtin account has a randomly generated password for security purposes. You must change this password before attempting to set any ACLs or SLPs. CIFS Full Access User Account (Backup User) The Full Access User account is a special purpose account that is to be used by backup administrators. The system must be a member of an Active Directory (AD) to associate this privilege with an AD account. The Full Access User privilege gives the AD account full access to all data on all shares, and all volumes, regardless of the file ACL definitions. However, the SLP settings do apply on the AD account granted Full Access User privilege. It is the job of the NAS system administrator to verify the AD account set for full access user has all relevant SLPs. To manage the Full Access User: 1. Open a connection to the CLI using a direct KVM connection or through SSH to the management VIP. 2. To set the Full Access User account, or overwrite the current entry, in the CLI, run the command: system authentication full-access-account set DOMAIN+username 3. To verify if Full Access User account is properly set, run the command: system authentication full-access-account view 4. To delete the Full Access User, run the command: system authentication full-access-account delete Active Directory Configuration FluidFS has the ability to join an Active Directory domain. This can be done using the NAS Manager or the CLI. 33

Section	Page
Contents	3
Introduction	11
Terms Used In The Document	11
Dell FluidFS NAS Solutions Architecture	12
Key Features	13
NAS Cluster Solution Views	14
Client View	14
Administrator View	14
System Components	14
NAS Appliance	14
Storage Arrays	15
SAN Network	15
Interconnect Network	15
LAN Or Client Network	15
Other Information You May Need	16
Monitoring The FluidFS NAS Solution	17
Dashboard	17
Status	17
Capacity	17
Current Performance	17
Recent Performance	18
Load Balancing	18
Events Viewer	18
Viewing Events In The Event Viewer	18
Network Performance	18
Load Balancing	19
Viewing Load Balancing Over Time	19
Client Connections	19
Viewing Client Connections	19
Migrating Clients To Another Controller	20
Setting The Migration Policy	20
Managing CIFS Connections	21
Hardware	21
Viewing System Validation Status	21
Viewing Detailed Component Status	21
Capacity	22
Viewing Space Utilized	22
Viewing Quota Usage	22
Replication	22
NDMP	23
Using Volumes Shares And Quotas	25
NAS Volumes	25
Usage Considerations	25
Solution 1	26
Solution 2	26
Solution 3	27
Managing NAS Volumes	27
Adding A NAS Volume	27
Modifying A NAS Volume	27
Removing A NAS Volume	28
Shares And Exports	28
Managing NFS Exports	28
Adding An NFS Export To The NAS Cluster Solution	28
Modifying An NFS Export	29
Removing An NFS Export	29
Access Using NFS	29
Managing CIFS Shares	30
Viewing The Properties And Status Of CIFS Shares	30
Adding A CIFS Share	30
Modifying A CIFS Share	32
Removing A CIFS Share	32
Creating Home Shares	32
Setting Access Control Lists And Share Level Permissions On FluidFS	33
CIFS Storage Administrator Account	33
CIFS Full Access User Account (Backup User)	33
Active Directory Configuration	33
Setting ACLs Or SLPs On A CIFS Share	34
Using An Active Directory Account Set As The Domain Administrators Group	34
Mapping A Network Drive To The CIFS Share	34
Access Using CIFS	34
Option 1	34
Option 2	34
Option 3	35
Option 4	35
Configuring CIFS Shares Level Permissions	35
Access Based Share Enumeration	36
Resetting CIFS Local Administrator Password	36
Quotas	36
Managing Default Quotas	36
Managing User Or Group Specific Quotas	37
Viewing Existing User/Group Specific Quotas	37
Quota Types	37
Adding User/Group Specific Quotas	37
Modifying User/Group Specific Quotas	37
Deleting A Quota	38
Protecting Data On The FluidFS NAS Cluster Solution	39
Snapshots	39
Adding Or Modifying A Snapshot Policy	39
Creating A Snapshot (Without A Policy)	40
Accessing Snapshots	40
Modifying A Snapshot	40
Restoring Data	41
Deleting A Snapshot	41
Restoring A NAS Volume From A Snapshot	41
Replication	41
Replication Partners	42
Viewing Existing Replication Partners	43
Setting Up a Replication Partner	43
Modifying A Replication Partner Configuration	43
Removing A Replication Partner	44
NAS Replication Policies	44
Adding A Replication Policy	44
Modifying Replication Policies	45
Pausing, Resuming, And Running The NAS Replication	45
Deleting A Replication Policy	45
Disaster Recovery Using Replication	46
Phase 1—Build Replication Partnership Between Source Cluster A And Backup Cluster B	46
Phase 2—Cluster A Fails And Client Requests Fail Over To Backup Cluster B	47
Phase 3—Restore Cluster A Fail Back From Cluster B To Cluster A	48
Backing Up And Restoring Data	49
Backing Up Replication Target NAS Volumes	49
NDMP Design Considerations	49
Supported Applications	49
Enabling NDMP Support	50
Changing NDMP Password And Backup Username	50
Modifying DMA Servers List	50
Adding DMA Servers	50
Removing DMA Servers	51
Specifying NAS Volume For Backup	51
Displaying Active NDMP Jobs	51
Terminating An Active NDMP Job	51
Using Antivirus Applications	51
Viewing Existing Antivirus Hosts	52
Adding Antivirus Hosts	52
Removing An Antivirus Host	52
Enabling Antivirus Support Per CIFS Share	52
Managing The FluidFS NAS Solution	53
Managing The System	53
Managing Client Access	53
Viewing The Defined Subnets	53
Adding A Subnet	53
Modifying A Subnet	54
Removing A Subnet	54
Managing Administrator Users	54
Viewing Administrator Users	54
Adding An Administrator	55
Modifying An Administrator	55
Changing The Administrator Password	56
Removing An Administrator	56
Managing Local Users For CIFS And NFS Access	56
Viewing Local Users	57
Adding Local Users	57
Modifying Local Users	57
Deleting Local Users	58
Changing The Password	58
Managing Local Groups	58
Viewing Local Groups	58
Adding A Local Group	58
Deleting A Local Group	59
Authentication	59
Configuring An Identity Management Database	59
Enabling User Authentication Through An NIS Database	59
Enabling User Authentication Through An LDAP Database	60
Disabling The Use Of An External UNIX Identity Management Database	60
Active Directory	60
Synchronizing The NAS Cluster Solution With The Active Directory Server	60
Configuring The Active Directory Service	60
Network Configuration Overview	61
Performance And Static Routes	62
Configuring DNS	63
Viewing DNS Servers	63
Adding DNS Servers And DNS Suffixes	63
Removing DNS Servers And DNS Suffixes	63
Managing Static Routes	63
Viewing Static Routes	64
Adding Static Routes	64
Modifying A Static Route	64
Deleting A Static Route	64
Defining File System Protocols	64
Configuring CIFS Parameters	65
Configuring General CIFS Parameters	65
Denying Users From Accessing Files Using The CIFS Protocol	65
Configuring Advanced CIFS Parameters	65
Configuring System Time Parameters	66
Changing The Time Zone	66
Manually Configuring The Current Date And Time	66
Removing An NTP Server	66
Synchronizing The NAS Cluster Solution With A Local NTP Server	67
Managing Licenses	67
Viewing Licenses	67
Adding A License	67
Removing A License	67
Configuring E-mail Parameters On PowerVault NX3500/NX3600/NX3610 NAS Solutions	68
Viewing SMTP Servers	68
Configuring An SMTP Server	68
Modifying An SMTP Server Configuration	69
Delete An E-mail Sender	69
Configuring An E-mail Sender	69
Configuring Advanced Options	69
Configuring SNMP	69
Troubleshooting	71
Troubleshooting CIFS Issues	71
Misconfigured AV Host Settings Result In Access Denied To CIFS files	71
CIFS Access Denied	71
CIFS ACL Corruption	71
CIFS Client Clock Skew	72
CIFS Client Disconnection On File Read	72
CIFS Client General Disconnection	72
CIFS Client Login Failure	72
CIFS Connection Failure	73
CIFS Delete On Close Denial	73
CIFS File Access Denied	73
CIFS File Sharing Conflict	73
CIFS Guest Account Invalid	74
CIFS Locking Inconsistency	74
CIFS Maximum Connections Reached	74
CIFS Share Does Not Exist	74
CIFS Path Share Not Found	75
CIFS Write To Read Only Volume	75
Troubleshooting NFS Issues	76
Cannot Mount NFS Export	76
NFS Export Does Not Exist	77
NFS File Access Denied	77
NFS Insecure Access To Secure Export	78
NFS Mount Fails Due To Export Options	78
NFS Mount Fails Due To Netgroup Failure	78
NFS Mount Path Does Not Exist	79
NFS Owner Restricted Operation	80
NFS Write To Read-Only Export	80
NFS Write To Read-Only Volume	80
NFS Write To Snapshot	80
NFS Access Denied To A File Or Directory	81
Troubleshooting Replication Issues	81
Replication Configuration Error	81
Replication Destination Cluster Is Busy	81
Replication Destination FS Is Busy	82
Replication Destination Is Down	82
Replication Destination Is Not Optimal	82
Replication Destination Volume Is Busy Reclaiming Space	82
Replication Destination Volume Is Detached	83
Replication Disconnection	83
Replication Incompatible Versions	83
Replication Internal Error	83
Replication Jumbo Frames Blocked	84
Replication Destination Does Not Have Enough Space	84
Replication Source Is Busy	84
Replication Source Is Down	84
Replication Source Is Not Optimal	85
Replication Source Volume Is Busy Reclaiming Space	85
Troubleshooting Active Directory Issues	85
Group Quota For An Active Directory User Does Not Work	85
Active Directory Authentication	86
Troubleshooting Active Directory Configuration	86
Troubleshooting NAS File Access And Permissions Issues	87
Cannot Change The Ownership Of A File Or A Folder	87
Cannot Modify NAS Files	87
Mixed File Ownership Denied	87
Problematic SMB Access From A Linux Client	88
Strange UID And GID Numbers On Dell NAS System Files	88
Troubleshooting Networking Issues	88
Name Server Unresponsive	88
Specific Subnet Clients Cannot Access The NAS Cluster Solution	89
Troubleshooting DNS Configurations	89
Determining The IQN Of The NAS Cluster Solution Controllers Using CLI	89
Troubleshooting RX And TX Pause Warning Messages	90
Troubleshooting NAS Manager Issues	90
NAS Dashboard Is Delayed	90
NAS System Time Is Wrong	90
Cannot Connect To The NAS Manager	91
Blank Login Screen	91
Troubleshooting Backup Issues	92
Troubleshooting Snapshots	92
Troubleshooting An NDMP Internal Error	92
Troubleshooting System Issues	93
Troubleshooting System Shutdown	93
NAS Container Security Violation	94
Multiple Errors Received During File System Format	94
Associating LUN Names To Virtual Disks	96
NAS IDU Failed To Discover Any Controllers	96
Attach Operation Fails	96
Controller Taking Long Time To Boot Up After Service Pack Upgrade	97
Troubleshooting Dell NAS Initial Deployment Utility (IDU) Issues	97
Error Received While Running The Dell NAS Initial Deployment Utility	97
Cannot Launch Dell NAS Initial Deployment Utility (IDU)	98
Maintaining The NAS Cluster Solution	99
Shutting Down The NAS Cluster Solution	99
Turning On The NAS Cluster Solution	99
Restoring NAS Volume Configuration	100
Restoring Cluster Configuration	100
Formatting File System	101
Installing The Service Pack	101
Upgrading The Service Pack Using The NAS Manager	101
Expanding The NAS Cluster Storage Capacity	102
Expanding The NAS Pool On The Dell PowerVault NX3500/NX3600/NX3610 NAS Solution	102
Expanding The NAS Pool On The FS8600 NAS Solution	102
Adding LUNs To The PowerVault NX3500/NX3600/NX3610 NAS Cluster Solution	103
Running Diagnostics	103
Online Diagnostics	103
Offline Diagnostics	104
MP Memory	104
Running The Embedded System Diagnostics	104
Reinstalling The NAS Cluster Solution	105
Expanding The NAS Cluster	105
Adding An Additional NAS Appliance To The NAS Cluster	105
Creating A Host In PowerVault NX3500/NX3600/NX3610	107
Replacing A NAS Cluster Solution Controller	107
Prerequisites	107
Detaching The FluidFS NAS Cluster Solution Controller	108
Detaching A Controller Using The NAS Manager	108
Removing And Replacing The NAS Cluster Solution Controller	108
Attaching The NAS Cluster Solution Controller	108
Attaching A Controller Using The NAS Manager	108
NAS Manager Features In Degraded Mode	109
Internationalization	111
Overview	111
Unicode Client Support Overview	111
NFS Clients	111
CIFS Clients	111
Unicode Configuration Parameters	111
Unicode Configuration Limitations	112
File Size And Directory Name	112
Clients Compatibility Problems	112
Japanese Compatibility Issues	112
Frequently Asked Questions	115
NDMP	115
Replication	115
Getting Help	117

Match case Limit results 1 per page

This is the account that creates the folders (either using a user create script or manually) for each users home

share.

Disconnect or unmount the

user

share, and remount it as an account that has ownership of it, as previously set (as

a Domain Admin, Storage Admin, or specific account ownership was set to).

In the

NAS Manager

, create a new CIFS share, and select the share type

CIFS share containing a user-based

directory tree

Previously, the general access share titled

users

was created at the path

/users

. In

Path template

, enter

/users

and

then select if you want the users folders to take the form of

/users/username

/users/domain/username

Click

Save Changes

10.

Using

Windows Explorer

, for each user that you wish to be given a home share, create a folder for them that

conforms to the Path template: you selected in the previous step.

This can be done manually or with a user create script.

Setting Access Control Lists And Share Level Permissions On

FluidFS

You can set up access control lists (ACLs) and share level permissions (SLP) on Fluid File System (FluidFS). It is

recommended that a Windows administrator follows the best practices as defined by Microsoft.

Both ACLs and SLPs are supported by FluidFS. However, SLPs are limited as they only address full control, modify and

read rights for any given user or group.

CIFS Storage Administrator Account

A built-in local CIFS storage administrator account serves the primary purpose of setting ownership of the CIFS share.

The account can also be used to set ACLs when the NAS service is not joined to an Active Directory domain. This built-

in account has a randomly generated password for security purposes. You must change this password before

attempting to set any ACLs or SLPs.

CIFS Full Access User Account (Backup User)

The

Full Access User

account is a special purpose account that is to be used by backup administrators. The system

must be a member of an

Active Directory

(AD) to associate this privilege with an AD account. The Full Access User

privilege gives the AD account full access to all data on all shares, and all volumes, regardless of the file ACL definitions.

However, the SLP settings do apply on the AD account granted

Full Access User

privilege. It is the job of the NAS

system administrator to verify the AD account set for full access user has all relevant SLPs.

To manage the Full Access User:

Open a connection to the CLI using a direct KVM connection or through SSH to the management VIP.

To set the

Full Access User

account, or overwrite the current entry, in the CLI, run the command:

system authentication full-access-account set DOMAIN+username

To verify if

Full Access User

account is properly set, run the command:

system authentication full-access-account view

To delete the

Full Access User

, run the command:

system authentication full-access-account delete

Active Directory Configuration

FluidFS has the ability to join an Active Directory domain. This can be done using the NAS Manager or the CLI.