Home » HP Manuals » Storage Devices » HP StorageWorks 4000s » Manual Viewer

HP StorageWorks 4000s NAS 4000s and 9000s Administration Guide - Page 176

NFS User and Group Mappings, Types of Mappings, Explicit Mappings, Simple Mappings

View all HP StorageWorks 4000s manuals

Add to My Manuals
Save this manual to your list of manuals

Page 176 highlights

Microsoft Services for NFS NFS User and Group Mappings When a fileserver exports files within a homogeneous environment, there are no problems with authentication. It is a simple matter of making a direct comparison to determine whether the user should be allowed access to the file, and what level of access to allow. However, when a fileserver works in a heterogeneous environment, some method of translating user access is required. User mapping is the process of translating the user security rights from one environment to another. User name mapping is the process of taking user and group identification from one environment and translating it into user identification in another environment. In the context of UNIX and NFS, user and group identification is a combination of a user ID (UID) and group ID (GID). In Windows environments, user identification is a Security ID (SID) or, in Windows Storage Server 2003, a Globally Unique Identifier (GUID). The server grants or denies access to the export based on machine name or IP address. However, after the client machine has access to the export, user-level permissions are used to grant or deny access to user files and directories. The NAS server is capable of operating in a heterogeneous environment, meaning that it is able to work with both UNIX and Windows clients. Because the files are stored in the native Windows NT file system, the server has to map the UNIX users to Windows users to determine the user access level of the files. Note: User mapping is not designed to address existing user database problems in the existing environment. All UIDs and GIDs must be unique across all NIS (Network Information Service) domains and all user names must be unique across all Windows NT domains. The NAS server supports mappings between one or more Windows domains and one or more NIS domains. The default setup supports multiple Windows NT domains to a single NIS domain. For information about users in multiple NIS domains, refer to the Supplemental Help section in the Services for NFS online help. Types of Mappings There are three types of mappings. These mappings are listed below in order of the most complex (with the greatest level of security) to the least complex (easiest to manage, but with little security): ■ Explicit mappings ■ Simple mappings ■ Squashed mappings Explicit Mappings Explicit mappings are created by the administrator to link Windows and UNIX users. They override simple mappings and are used to map users on the different systems that have unique names. Simple Mappings Simple mapping is a direct comparison of user names on the Windows system and the UNIX system. If the names match, the user is assumed to be authentic, and appropriate share access is granted. Simple mapping is an option that the administrator must turn on if it is to be used. 176 NAS 4000s and 9000s Administration Guide

Section	Page
Administration Guide	1
Table of Contents	3
About this Guide	13
Overview	14
Intended Audience	14
Prerequisites	14
Conventions	15
Document Conventions	15
Text Symbols	15
Equipment Symbols	16
Rack Stability	17
Getting Help	17
HP Technical Support	17
HP Storage Website	17
HP Authorized Reseller	17
Chapter 1, System Overview	19
Product Definition and Information	19
Server Hardware and Software Features	19
Product Manageability	19
Product Redundancy	20
Deployment Scenarios	21
Configuration Options for the NAS Server	21
NAS Server as a Single Device	22
NAS Server as a Clustered Pair	23
Multi Node Support Beyond Two Nodes	23
Connecting NAS Servers to the Network	23
NAS Server Single Device Deployment	24
NAS Server Cluster Deployment	25
Environment Scenarios	26
Workgroup	26
Domain	26
User Interfaces	27
NAS Server Web-Based User Interface	27
Menu Tabs	27
Welcome Screen Contents	28
NAS Server Desktop	29
NAS Management Console	30
NIC Team Setup	30
Chapter 2, Basic Administrative Procedures and Setup Completion	31
Basic Administrative Procedures	31
Setting the System Date and Time	32
Shutting Down or Restarting the Server	33
Viewing and Maintaining Audit Logs	34
Using Remote Desktop	35
Improper Closure of Remote Desktop	35
Setting up E-mail Alerts	36
Changing System Network Settings	37
Setup Completion	38
Activating the iLO Port Using the License Key	38
Setting up Ethernet NIC Teams (Optional)	38
Installing the HP Network Teaming Utility	39
Opening the HP Network Teaming Utility	40
Adding and Configuring NICs in a Team	41
Configuring the NIC Team Properties	44
Checking the Status of the Team	47
NIC Teaming Troubleshooting	48
Using Secure Path	48
Clustering the NAS Server	49
Managing System Storage	49
Creating and Managing Users and Groups	49
Creating and Managing File Shares	49
Chapter 3, Storage Management Overview	51
Storage Management Process	51
Storage Elements Overview	53
Physical Hard Drives	53
Arrays	53
Logical Drives (LUNs)	55
Fault-Tolerance Methods	56
RAID 0-Data Striping	56
RAID 1+0-Drive Mirroring and Striping	57
RAID 5-Distributed Data Guarding	58
RAID ADG-Advanced Data Guarding and RAID 5DP-Double Parity	59
Online Spares	61
Physical Storage Best Practices	61
Logical Storage Elements Overview	61
Partitions	61
Volumes	62
Utilizing Storage Elements	62
Volume Shadow Copy Service Overview	63
File System Elements	63
File-Sharing Elements	63
Clustered Server Elements	64
Chapter 4, Disk Management	65
WebUI Disks Tab	65
Storage Configuration Overview	67
Array Configuration Utility (MSA1000 and internal OS drives only)	69
Using the ACU to Configure Storage	69
ACU Guidelines	72
Managing Disks	73
Creating a New Volume via the WebUI	74
Advanced Disk Management	75
Guidelines for Managing Disks	76
Volumes Page	77
Managing Volumes	79
Dynamic Growth	80
Scheduling Defragmentation	84
Managing Disks After Quick Restore	85
Disk Quotas	87
Enabling Quota Management	87
Setting User Quota Entries	88
DiskPart	90
Example of using DiskPart	91
Chapter 5, Shadow Copies	93
Overview	93
Shadow Copy Planning	94
Identifying the Volume	94
Allocating Disk Space	94
Identifying the Storage Area	96
Determining Creation Frequency	96
Shadow Copies and Drive Defragmentation	97
Mounted Drives	97
Managing Shadow Copies	98
The Shadow Copy Cache File	99
Enabling and Creating Shadow Copies	101
Viewing a List of Shadow Copies	101
Set Schedules	102
Scheduling Shadow Copies	102
Deleting a Shadow Copy Schedule	102
Viewing Shadow Copy Properties	102
Disabling Shadow Copies	104
Managing Shadow Copies from the NAS Desktop	105
Shadow Copies for Shared Folders	106
SMB Shadow Copies	106
NFS Shadow Copies	107
Recovery of Files or Folders	108
Recovering a Deleted File or Folder	109
Recovering an Overwritten or Corrupted File	110
Recovering a Folder	110
Backup and Shadow Copies	110
Chapter 6, User and Group Management	111
Domain Compared to Workgroup Environments	111
User and Group Name Planning	112
Managing User Names	112
Managing Group Names	112
Workgroup User and Group Management	113
Managing Local Users	113
Adding a New User	114
Deleting a User	115
Modifying a User Password	116
Modifying User Properties	116
Managing Local Groups	117
Adding a New Group	118
Deleting a Group	118
Modifying Group Properties	119
Chapter 7, Folder, Printer, and Share Management	121
Folder Management	121
Navigating to a Specific Volume or Folder	122
Creating a New Folder	123
Deleting a Folder	124
Modifying Folder Properties	124
Creating a New Share for a Volume or Folder	125
Managing Shares for a Volume or Folder	126
Managing File Level Permissions	127
Share Management	134
Share Considerations	134
Defining Access Control Lists	134
Integrating Local File System Security into Windows Domain Environments	135
Comparing Administrative (Hidden) and Standard Shares	135
Planning for Compatibility between File Sharing Protocols	135
NFS Compatibility Issues	136
Managing Shares	136
Creating a New Share	136
Deleting a Share	137
Modifying Share Properties	138
Protocol Parameter Settings	141
DFS Protocol Settings	142
Deploying DFS	142
DFS Administration Tool	143
Accessing the DFS Namespace from other Computers	143
Setting DFS Sharing Defaults	144
Creating a Local DFS Root	144
Deleting a Local DFS Root	145
Publishing a New Share in DFS	146
Publishing an Existing Share in DFS	147
Removing a Published Share from DFS	147
Storage Management	148
Directory Quotas	148
Establishing Directory Quotas	149
File Screening	151
Storage Reports	152
Print Services	153
Configuring the Print Server	153
Removing the Print Server Role	155
Adding an Additional Printer	155
Adding Additional Operating System Support	156
Installing Print Services for UNIX	156
Chapter 8, Microsoft Services for NFS	157
Server for NFS	157
Authenticating User Access	157
Indicating the Computer to Use for the NFS User Mapping Server	158
Logging Events	159
Server for NFS Server Settings	160
Installing NFS Authentication Software on the Domain Controllers and Active Directory Domain Controllers	162
Understanding NTFS and UNIX Permissions	164
NFS File Shares	164
Creating a New Share	164
Deleting a Share	166
Modifying Share Properties	166
Anonymous Access to an NFS Share	168
Encoding Types	169
NFS Only	169
NFS Protocol Properties Settings	169
NFS Async/Sync Settings	170
NFS Locks	171
NFS Client Groups	173
Adding a New Client Group	174
Deleting a Client Group	174
Editing Client Group Information	175
NFS User and Group Mappings	176
Types of Mappings	176
Explicit Mappings	176
Simple Mappings	176
Squashed Mappings	177
User Name Mapping Best Practices	177
Creating and Managing User and Group Mappings	178
General Tab	178
Simple Mapping Tab	179
Explicit User Mapping Tab	180
Explicit Group Mapping Tab	181
Backing up and Restoring Mappings	183
Backing up User Mappings	183
Restoring User Mappings	183
Creating a Sample NFS File Share	184
Remote Desktop	186
Using Remote Desktop	186
Chapter 9, NetWare File System Management	187
Installing Services for NetWare	188
Managing File and Print Services for NetWare	190
Creating and Managing NetWare Users	191
Adding Local NetWare Users	191
Enabling Local NetWare User Accounts	192
Managing NCP Volumes (Shares)	193
Creating a New NCP Share	193
Modifying NCP Share Properties	195
Chapter 10, Cluster Administration	197
Cluster Overview	197
Multi Node Support Beyond Two Nodes	197
Cluster Terms and Components	198
Nodes	198
Resources	198
Virtual Servers	199
Failover	199
Quorum Disk	199
Cluster Concepts	200
Sequence of Events for Cluster Resources	200
Hierarchy of Cluster Resource Components	202
Cluster Planning	203
Storage Planning	203
Network Planning	204
Protocol Planning	205
Preparing for Cluster Installation	206
Before Beginning Installation	206
HP StorageWorks NAS Software Updates	206
Checklists for Cluster Server Installation	207
Network Requirements	207
Shared Disk Requirements	207
Cluster Installation	208
Setting Up Networks	208
Configure the Private Network Adapter	209
Configure the Public Network Adapter	209
Rename the Local Area Network Icons	209
Verifying Connectivity and Name Resolution	209
Verifying Domain Membership	209
Setting Up a Cluster User Account	209
About the Quorum Disk	209
Configuring Shared Disks	210
Verifying Disk Access and Functionality	210
Install Cluster Service Software	211
Creating a Cluster	211
Adding Nodes to a Cluster	212
Geographically Dispersed Clusters	214
HP Storage Works NAS Software Updates	214
Cluster Groups and Resources, including File Shares	214
Cluster Group Overview	215
Node Based Cluster Groups	215
Load Balancing	215
Cluster Resource Overview	216
File Share Resource Planning Issues	216
Resource Planning	216
Permissions and Access Rights on Share Resources	217
NFS Cluster Specific Issues	217
Non Cluster Aware File Sharing Protocols	218
Creating a New Cluster Group	218
Adding New Storage to a Cluster	219
Creating Physical Disk Resources	219
Creating File Share Resources	221
Setting Permissions for a SMB File Share	222
Creating NFS Share Resources	223
Setting Permissions for an NFS Share	224
Creating IP Address Resources	226
Creating Network Name Resources	227
Basic Cluster Administration Procedures	228
Failing Over and Failing Back	228
Restarting One Cluster Node	228
Shutting Down One Cluster Node	229
Powering Down the Cluster	229
Powering Up the Cluster	230
Shadow Copies in a Clustered Environment	231
Creating a Cluster Printer Spooler	231
Chapter 11, Remote Access Methods and Monitoring	233
Web Based User Interface	234
Remote Desktop	234
Integrated Lights-Out Port	234
Features	235
Security Features	235
Manage Users Feature	235
Manage Alerts Feature	236
Integrated Lights-Out Port Configuration	236
Using the Integrated Lights-Out Port to Access the NAS Server	237
Telnet Server	238
Enabling Telnet Server	238
Sessions Information	238
HP Insight Manager Version 7	238

Match case Limit results 1 per page

Microsoft Services for NFS

176

NAS 4000s and 9000s Administration Guide

NFS User and Group Mappings

When a fileserver exports files within a homogeneous environment, there are no problems with

authentication. It is a simple matter of making a direct comparison to determine whether the

user should be allowed access to the file, and what level of access to allow.

However, when a fileserver works in a heterogeneous environment, some method of

translating user access is required. User mapping is the process of translating the user security

rights from one environment to another.

User name mapping is the process of taking user and group identification from one

environment and translating it into user identification in another environment. In the context of

UNIX and NFS, user and group identification is a combination of a user ID (UID) and group

ID (GID). In Windows environments, user identification is a Security ID (SID) or, in Windows

Storage Server 2003, a Globally Unique Identifier (GUID).

The server grants or denies access to the export based on machine name or IP address.

However, after the client machine has access to the export, user-level permissions are used to

grant or deny access to user files and directories.

The NAS server is capable of operating in a heterogeneous environment, meaning that it is

able to work with both UNIX and Windows clients. Because the files are stored in the native

Windows NT file system, the server has to map the UNIX users to Windows users to determine

the user access level of the files.

Note:

User mapping is not designed to address existing user database problems in the existing

environment. All UIDs and GIDs must be unique across all NIS (Network Information Service)

domains and all user names must be unique across all Windows NT domains.

The NAS server supports mappings between one or more Windows domains and one or more

NIS domains. The default setup supports multiple Windows NT domains to a single NIS

domain. For information about users in multiple NIS domains, refer to the Supplemental Help

section in the Services for NFS online help.

Types of Mappings

There are three types of mappings. These mappings are listed below in order of the most

complex (with the greatest level of security) to the least complex (easiest to manage, but with

little security):

■

Explicit mappings

■

Simple mappings

■

Squashed mappings

Explicit Mappings

Explicit mappings are created by the administrator to link Windows and UNIX users. They

override simple mappings and are used to map users on the different systems that have unique

names.

Simple Mappings

Simple mapping is a direct comparison of user names on the Windows system and the UNIX

system. If the names match, the user is assumed to be authentic, and appropriate share access

is granted. Simple mapping is an option that the administrator must turn on if it is to be used.