Heterogeneous file serving on HPE StoreEasy Storage using SMB and NFS protocols Contents Introduction .................................................................................................................................................................................................................................................................................... 2 Objective of this white paper ................................................................................................................................................................................................................................... 2 Authentication methods ..................................................................................................................................................................................................................................................... 2 User mapping methods ....................................................................................................................................................................................................................................................... 2 File system permissions ...................................................................................................................................................................................................................................................... 3 Setting up multi-protocol access to a file share ............................................................................................................................................................................................ 4 SMB shares creation ........................................................................................................................................................................................................................................................ 4 NFS share creation ............................................................................................................................................................................................................................................................ 6 Configuring user mapping.......................................................................................................................................................................................................................................... 8 Issues with NFS export in UNIX ............................................................................................................................................................................................................................... 11 1. Restrict Chown ............................................................................................................................................................................................................................................................ 11 2. Enable NTFS Filename Case Sensitivity .............................................................................................................................................................................................. 13 3. NFS Filename Character Translation...................................................................................................................................................................................................... 14 Setting up Windows and UNIX user home directories........................................................................................................................................................................ 17 Add and remove users ..................................................................................................................................................................................................................................................... 20 Summary ....................................................................................................................................................................................................................................................................................... 20 Resources ..................................................................................................................................................................................................................................................................................... 20 Technical white paper Technical white paper Page 2 Introduction In heterogeneous environments, client systems running Windows® or Mac OS X operating systems generally use the Server Message Block (SMB) protocol to access files on a network storage file server, whereas Network File System (NFS) protocol is typically used in networks with computers running UNIX® or Linux® operating systems. Sharing data between the different operating systems can be challenging in heterogeneous computing environments that include both UNIX and PC/Windows hosts. The administrator must take into account the different methods of authenticating users, file permissions, and network protocols. HPE StoreEasy Storage is capable of using multi-protocol access to the same file share over both the SMB and NFS protocols. Organizations with heterogeneous environments that consist of both Windows and other operating systems can take advantage of this by deploying HPE StoreEasy Storage’s multi-protocol solution. Typically, when you deploy a Windows file server in this scenario, you want to facilitate collaboration between users on Windows and UNIX-based computers. When a file share is configured, it is shared with both the SMB and NFS protocols, with Windows users accessing their files over the SMB protocol, and users on UNIX-based computers typically access their files over the NFS protocol. HPE StoreEasy Storage requires only a few and simple steps to configure the file share in a heterogeneous environment. Objective of this white paper File system permissions and user authentication using user mapping between UNIX and Windows are the two important configuration considerations in a heterogeneous environment. This document provides configuration best practices for HPE StoreEasy Storage to provision storage via the SMB and NFS protocols. The configuration steps also include creating High Availability (HA) SMB and NFS shares on HPE StoreEasy 3000 clustered systems. This document also includes some of the relevant use cases, such as configuring user home directories for Windows and UNIX clients, adding and removing users. Authentication methods In heterogeneous environments, in order to get a user authenticated to access a file share, HPE StoreEasy Storage and Windows client computers must be joined to the Active Directory Domain Services (AD DS). There are different mechanisms available for NFS authentication on HPE StoreEasy Storage. The AUTH_SYS mechanism is one of the commonly used methods and involves identifying both the user and the group by means of a 32-bit unsigned integer known as UID and GID respectively. Special meaning is attached to a UID value of “0” (zero) and is used to indicate the “root” superuser. The RPCSEC_GSS mechanism is a Kerberos v5 based protocol, which uses Kerberos credentials to identify the user. It provides several levels of protection to the connection between an NFS client and an NFS server. User mapping methods HPE StoreEasy Storage runs the Windows Storage Server 2016 operating system, which represents users and groups with a unique Security Identifier (SID), while UNIX operating systems represent users with User Identifiers (UIDs) and Group Identifiers (GIDs). Account mapping is the process of correlating the UNIX UIDs and GIDs to corresponding Windows user and group SIDs. You must select and configure the appropriate NFS account mapping method. After completing this task, users on computers with an NFS client can access files and folders stored on HPE StoreEasy Storage using the NFS protocol. Broadly, there are two category of user mapping methods: Mapped and unmapped user access. To maintain consistency of user and group owner of files and their permissions across Windows and UNIX clients, it’s important to configure only mapped user access. This mapping method includes: • AD DS mapped user access, which maps UNIX identities to Windows identities. Use AD DS user mapping, when UNIX UIDs and GIDs need to be mapped to specific Windows domain user or group accounts. • Active Directory Lightweight Directory Services (AD LDS) mapped user access, which maps UNIX identities to Windows identities. Use AD LDS user mapping when you have multiple computers running services for NFS that need to share the same mapping information, and when you have computers that are members of a workgroup, not AD DS. AD LDS option is not recommended when NFS is configured in a High Availability (HA) environment, where Windows failover cluster is deployed. Technical white paper Page 3 • Use local password and group mapping files, when files and folders are shared comparably in smaller configurations where mapping between UID/GID and Windows accounts is still required. This is mainly used where clients for NFS and or server for NFS are standalone configurations and Windows domains are not readily available. This method of user mapping access can also be used for domain joined systems. Figure 1. NFS account mapping File system permissions The file system permission for the shared folder plays an important role in heterogeneous environments. Once the users are mapped appropriately, a user can access files and folders on HPE StoreEasy Storage from any client system. This includes Windows and other operating systems, such as UNIX or Linux-based client or Mac computers. Incorrect file system permissions may result in access from one client and not from other. Note It is recommended that the setting of permissions be administered through the Windows Storage Server and not through NFS clients. Permission setting is primarily driven by your organization’s security policy. Table 1 is an example of an NTFS file system permission for a shared folder, where the user has full access to all its files and folders but only read and execute permission to others. Table 1. NTFS file system permissions User account Minimum permission required Applies to Creator/Owner Full control Subfolders and files only System Full control Subfolders and files only Administrators Full control This folder only User group needing to put data on share List folder/read data Create folders/append data This folder only Everyone Read and execute list folder content read This folder, subfolders, and files Technical white paper Page 4 If you prefer not to provide read and execute permission to all users, then provide only the root user or its group this folder permission in order to allow mounting the NFS volume from UNIX clients. It is also important to verify umask setting for users on UNIX or Linux-based client systems. This setting controls the default file permissions of files and directories when they are created. Most UNIX client systems have a default umask setting of 022, which creates folders with permissions of (777-022) = 755 (rwxr-xr-x) and files with (666-022) = 644 (rw-r--r--). If your organization has different requirements, you may need to change this umask setting in user profile settings. Setting up multi-protocol access to a file share HPE StoreEasy Storage allows an administrator to share a single folder via both SMB and NFS protocols. This section guides you to create SMB and NFS shares along with selecting the authentication method, user mapping, and file system permission settings for multi-protocol access of the shared folder. Multi-protocol configuration with HPE StoreEasy Storage has the following software requirements: • It is recommended that HPE StoreEasy Storage and Windows client computers must be joined to the AD DS. This is usually done as part of the initial configuration of the storage system, either using Initial Configuration Tasks (ICT) or Server Manager (SM). However, user mapping can also be done with local users. • Users and their groups must be configured for Windows and UNIX clients. It is best to keep the same user and group names in UNIX and Windows for easy administration. You must also create a user called root and a group for it to allow mounting the NFS share on UNIX clients. Windows does not allow user names and group names to be the same, whereas UNIX does. For an example, the root user typically belongs to the root group on a UNIX system. You might need change the root group to root in Windows. • Set the group as the Primary Group. • If you are planning to configure home directories for users, a computer must be available with Group Policy Management and Active Directory Administration Center installed. • User name and group names cannot be the same—unique names for the groups and users must be chosen. This can be accomplished by adding group to the end of a UNIX group name, or similar. • Beginning with Microsoft® Windows Server® 2012 and NFS 4.1, Microsoft Services for NFS does not support the implementation of NTFS volume mount points. More details on this issue can be found at support.microsoft.com/en-us/help/2028639/microsoft-services-for-nfs-doesnot-support-ntfs-volume-mount-points. SMB shares creation HPE StoreEasy Storage runs Windows Storage Server 2016 with SMB 3.1 file server features, including SMB Transparent Failover, Scale Out, Multichannel, and Encryption. To take advantage of these features, the SMB client and SMB server must support SMB 3.1 or above. On HPE StoreEasy 3000 clustered systems, configure Failover Cluster before proceeding with the below steps: 1. Open Server Manager. Server Manager automatically opens up when ICT is closed or you could open by clicking on the Server Manager icon available on the taskbar. Navigate to File and Storage Services in the left pane and select Shares. 2. Click on Tasks > New Shares. It would open the New Share Wizard. Technical white paper Page 5 3. On the Select Profile page of the wizard, click SMB Share—Quick. The File Server Resource Manager is installed by default, and if you would like to configure quotas and use folder management properties, choose SMB Share—Advanced instead. 4. On the Share Location page, select the server and provide the location of the share. In case of non-clustered server, the Server is selected by default, use the Browse button to provide the location of the folder you wish to share. For clustered solutions, choose the file server role name under Server Name and then select the location. Note Clustered Shared Volumes (CSVs) are not supported for NFS shares, so you cannot use CSVs for multi-protocol configuration. Technical white paper Page 6 5. Provide the Share name; by default the Folder name is populated. You could add the Share description in the text box provided. The local path and remote path of the share would be listed based on the Share name and location provided. 6. In the Other Settings page, leave the default selection Allow caching of share. 7. In the Permissions page, click Customize permissions. The Advanced Security Settings dialog box appears. Click Disable Inheritance, and then click “Convert inherited permissions into explicit permission on this object.” Set the permissions as described in File System Permission section on page 3, remove permissions for unlisted groups and accounts, and add special permissions to the users group. Once you complete the selection, click on Apply. 8. Proceed and complete the remaining steps of the wizard. NFS share creation HPE StoreEasy Storage supports NFSv2, NFSv3, and NFSv4.1 protocol versions. NFSv4.1 adds significant capability to improve weaknesses within NFSv4. NFSv4.1 builds a session layer on top of the transport layer to improve the reliability of the NFSv4 protocol. 1. Go to Server Manager > File and Storage Services > Shares. 2. Click on Tasks > New Share > NFS Share. Choose “NFS Share—Quick.” Technical white paper Page 7 3. On the Share Location page, select the share location that you selected to create the SMB share in the above section. Selecting the authentication method 4. For mapped user access, you can either select Kerberos authentication (RPCSEC_GSS) or no server authentication (AUTH_SYS). Make sure that the Enable unmapped user access check box is cleared. Technical white paper Page 8 Setting up NFS permissions for clients 5. At this stage, you grant permissions to clients to access the NFS Shares. If you do not have any specific requirements, for simplicity in administration, you may wish to grant Read/Write permission to all Machines. 6. On the permissions page, keep the customized permissions that were created during SMB share creation. 7. Complete the wizard. Configuring user mapping UNIX client user access requests include the UID and GID of the user initiating the access request. HPE StoreEasy Storage running Server for NFS sends a query to AD DS for the SAM Account Name that matches the UID and GID provided. Based on the response, Server for NFS grants access to the file resources in the NFS shared directory. AD DS If you implement mapped user access using AD DS, follow these steps: 1. Join HPE StoreEasy Storage (NFS server) to an Active Directory domain. 2. Go to Server Roles > File and Storage Services > File and iSCSI Services. Technical white paper Page 9 3. Invoke Services for NFS, right click on Server for NFS, select Properties and go to the Netgroups tab and configure the Active Directory domain to be used by Server for NFS for identity lookup. 4. Go to Server Manager > File and Storage Services > Servers. Right click on Server > NFS Settings > Identity Mapping Source Section. Technical white paper Page 10 5. Go to Server Manager > File and Storage Services > Servers. Right click on Server > NFS Identity Mapping. 6. Identify the UNIX password and group files that contain the UIDs and GIDs for the user and group accounts that will be used to access shares exported by Server for NFS. The UIDs and GIDs could also come from an LDAP or NIS service. Review the configuration of the UNIX environment to determine the appropriate source for UIDs and GIDs. 7. In order to allow mounting the NFS share on UNIX client, you must add the root user and its group. Technical white paper Page 11 Local file based user mapping As an alternative to the method above, you can simply copy the /etc/ password and /etc/group files to the %SystemRoot%\system32\drivers\etc\ directory of the StoreEasy system. The local files mapping feature is automatically enabled if both the files exist in this case. To verify HPE StoreEasy Storage is using local file based user mapping, check for event ID 4028 in “Event Viewer” in Computer Management. The event is reported in Applications and Services Logs\Microsoft\Windows\ServicesForNfs-Server\IdentityMapping. There should be two events for each file. Issues with NFS export in UNIX 1. Restrict Chown The default behavior of Windows Storage Server 2016 is to create NFS exports with Restrict Chown enabled, this prevents an NFS client user from modifying the ownership or group membership of files they own It can also prevent a user from successfully copying files they own when using ‘cp –p’, the ‘-p’ switch being used to preserve permissions and ownership of the copied files. The following issues are present when accessing files on an NFS mounted export[unmapped@CentOS67 test]$ df Filesystem 1K-blocks Used Available Use% Mounted on /dev/mapper/vg_centos67-lv_root tmpfs /dev/sda1 16.27.182.9:sladden 4936736 2392604 2286700 1962264 0 1962264 487652 42038 420014 536737792 211131488 325606304 52% / 0% /dev/shm 10% /boot 40% /mnt [unmapped@CentOS67 test]$ pwd /mnt/unmapped/test [unmapped@CentOS67 test]$ ll total 0 [unmapped@CentOS67 test]$ cp /etc/resolv.conf resolv.txt [unmapped@CentOS67 test]$ ll total 1 -rw-r--r--. 1 unmapped unmapped 50 May 4 2016 resolv.txt [unmapped@CentOS67 test]$ chgrp unmapped1 resolv.txt chgrp: changing group of `resolv.txt': Permission denied //Issue 1 [unmapped@CentOS67 test]$ chown unmapped1 resolv.txt chown: changing ownership of `resolv.txt': Permission denied //Issue 2 [unmapped@CentOS67 test]$ cp -p resolv.txt resolv //Intermittent Issue 3 Technical white paper Page 12 Every NFS share that is created in Windows Storage Server 2016 is added to the server registry under this registry key: PS C:\Users\Administrator> reg query HKLM\Software\Microsoft\ServerForNFS\CurrentVersion\Exports /s In order to modify this default behavior you need to modify the RestrictChown registry entry for each NFS export changing the RestrictChown DWORD value to 0. PS C:\Users\Administrator> reg add HKLM\Software\Microsoft\ServerForNFS\CurrentVersion\Exports\0 /v RestrictChown /t REG_DWORD /d 0 Verify with PS C:\Users\sladden.EMEA> reg query HKLM\Software\Microsoft\ServerForNFS\CurrentVersion\Exports /s Then restart Server for NFS to apply the change [unmapped@CentOS67 test]$ chgrp unmapped1 resolv.txt # Command works as expected [unmapped@CentOS67 test]$ chown unmapped1 resolv.txt # Command works as expected [unmapped@CentOS67 test]$ cp -p resolv.txt resolv # Command works as expected Technical white paper Page 13 2. Enable NTFS Filename Case Sensitivity By default case sensitivity is not enabled within an NTFS file system, hence files created on an NFS export take no notice of case. Case sensitivity is enabled and a fundamental requirement for UNIX clients when working with filenames. To Check the same form UNIX client follow the Steps:- [unmapped@CentOS67 test]$ touch Pete [unmapped@CentOS67 test]$ ll total 0 -rw-rw-r--. 1 unmapped unmapped 0 May 4 2016 Pete 4 2016 pete [unmapped@CentOS67 test]$ ll pete -rw-rw-r--. 1 unmapped unmapped 0 May [unmapped@CentOS67 test]$ cat /etc/fstab > pete `pete` # This file should not exist # This command should create the file [unmapped@CentOS67 test]$ ll total 4 -rw-rw-r--. 1 unmapped unmapped 785 May overwritten the file Pete [unmapped@CentOS67 test]$ cat pete 4 2016 Pete # But the redirect command has # Hence the file Pete now contains data # /etc/fstab To enable the case sensitivity you need to add a registry key to indicate case sensitivity with the following command: C:\Users\Administrator>reg add “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v obcaseinsensitive /t REG_DWORD /d 0 Verify with PS C:\Users\sladden.EMEA> reg query “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v obcaseinsensitive Technical white paper Page 14 A server reboot is needed to apply this change. After which case sensitivity is present for NFS exports [unmapped@CentOS67 test]$ touch Pete [unmapped@CentOS67 test]$ ll total 0 -rw-rw-r--. 1 unmapped unmapped 0 May 4 2016 Pete # file created as expected [unmapped@CentOS67 test]$ cat /etc/fstab > pete [unmapped@CentOS67 test]$ ll total 1 -rw-rw-r--. 1 unmapped unmapped 785 May called pete 4 2016 pete -rw-rw-r--. 1 unmapped unmapped 4 2016 Pete 0 May # now the redirect writes to the file [unmapped@CentOS67 test]$ cat Pete file Pete is empty # this should provide no output as the [unmapped@CentOS67 test]$ cat pete /etc/fstab # this should provide the contents of # /etc/fstab 3. NFS Filename Character Translation Both UNIX and Windows include a set of valid file name characters; however, these sets are different for each program. If you do not turn on and configure character translation, Server for NFS cannot create some valid UNIX file names and you may receive an error message if you try to create a file The NTFS characters not supported in filenames are: Illegal NTFS File Characters 1. / (forward slash) 0x2f 2. \ (backslash) 0x5c 3. : (colon) 0x3a 4. * (asterisk) 0x2a 5. ? (question mark) 0x3f 6. < (less than) 0x3c 7. > (greater than) 0x3e 8. ” (double quote) 0x22 9. | (vertical bar or pipe) 0x7c Technical white paper Page 15 Note For more information refer to this link for Character support—“Character Sets And Code Pages At The Push Of A Button” and select ISO/IEC 8859-1 Latin 1 With NFS version 3 you have the option of resolving this by creating a translation file in NFS share (Windows) named NFS-Translation.txt. In this file you need to have the information included as indicated below. NFS-Translation.txt 0x00 0x2f : 0x00 0xD7 ; replace client “/" with server “Multiplication Sign" 0x00 0x5c : 0x00 0xA1 ; replace client “\" with server “Inverted Exclamation Mark" 0x00 0x3a : 0x00 0xA8 ; replace client “:" with server “Diaeresis" 0x00 0x2a : 0x00 0xB1 ; replace client “*" with server “Plus-Minus Sign" 0x00 0x3f : 0x00 0xBF ; replace client “?" with server “Inverted Question Mark" 0x00 0x3c : 0x00 0xAB ; replace client “<" with server “Left-Pointing Double Angle Quotation Mark" 0x00 0x3e : 0x00 0xBB ; replace client “>" with server “Right-Pointing Double Angle Quotation Mark" 0x00 0x22 : 0x00 0xF7 ; replace client “"" with server “Division Sign" 0x00 0x7c : 0x00 0xA6 ; replace client “|" with server “Broken Bar" create a test folder on a Linux server of the form: [bttv@centos5-01 rsyncshare]$ ll /tmp/translation/ total 48 drwxr-xr-x 2 root root drwxrwxrwt 14 root root 4096 Apr 28 17:16 . 4096 Apr 28 17:16 .. -rw-r--r-- 1 bttv vosp2 0 Apr 28 15:50 file< -rw-r--r-- 1 bttv vosp2 0 Apr 28 15:50 file> -rw-r--r-- 1 bttv vosp2 0 Apr 28 15:51 file| -rw-r--r-- 1 bttv vosp2 0 Apr 28 15:50 file: -rw-r--r-- 1 bttv vosp2 0 Apr 28 15:51 file? -rw-r--r-- 1 bttv vosp2 0 Apr 28 15:51 file" -rw-r--r-- 1 bttv vosp2 0 Apr 28 15:51 file* -rw-r--r-- 1 bttv vosp2 0 Apr 28 15:51 file\ Technical white paper Page 16 Copy the test folder content to share in UNIX bttv@centos5-01 rsyncshare]$ df -hm Filesystem 1M-blocks Used Available Use% Mounted on /dev/mapper/VolGroup00-LogVol00 15840 3619 11405 99 41 53 878 0 878 16122 185 15119 10237 659 9579 /dev/sda1 tmpfs 25% / 44% /boot 0% /dev/shm centos5-02:/data1/unix1 win2k12r2:rsyncshare 2% /centos5-02/unix1 7% /win2k12r2/rsyncshare [bttv@centos5-01 rsyncshare]$ pwd /win2k12r2/rsyncshare [bttv@centos5-01 rsyncshare]$ cp /tmp/translation/* . [bttv@centos5-01 rsyncshare]$ ll total 13 drwxrwxrwx 2 4294967294 4294967294 4096 Apr 28 18:21 . drwxr-xr-x 5 root root 4096 Apr 28 17:16 .. -rw-r--r-- 1 bttv vosp2 0 Apr 28 18:36 file< -rw-r--r-- 1 bttv vosp2 0 Apr 28 18:36 file> -rw-r--r-- 1 bttv vosp2 0 Apr 28 18:36 file| -rw-r--r-- 1 bttv vosp2 0 Apr 28 18:36 file: -rw-r--r-- 1 bttv vosp2 0 Apr 28 18:36 file? -rw-r--r-- 1 bttv vosp2 0 Apr 28 18:36 file" -rw-r--r-- 1 bttv vosp2 0 Apr 28 18:36 file* -rw-r--r-- 1 bttv vosp2 0 Apr 28 18:36 file\ -rw-rw-r-- 1 bttv vosp2 130 Apr 28 13:48 unmapped-resolv.conf -rw-rw-r-- 1 bttv vosp2 130 Apr 28 13:48 unmapped-resolv-copy.txt Technical white paper Page 17 VerifyD:\rsyncshare>dir Volume in drive D is Data Volume Serial Number is 6EE8-E4D2 Directory of D:\rsyncshare 28/04/2016 18:21 <DIR> . 28/04/2016 18:21 <DIR> .. 28/04/2016 18:21 0 file¡ 28/04/2016 18:21 0 file¦ 28/04/2016 18:21 0 file¨ 28/04/2016 18:21 0 file« 28/04/2016 18:21 0 file± 28/04/2016 18:21 0 file» 28/04/2016 18:21 0 file¿ 28/04/2016 18:21 0 file÷ 28/04/2016 13:48 130 unmapped-resolv-copy.txt 28/04/2016 13:48 130 unmapped-resolv.conf Setting up Windows and UNIX user home directories This section describes the configuration procedure for Windows and UNIX user home directories. With a home directory configured, a user has access to his same set of files and folders irrespective of the type of client used for access. There are several methods available to configure a user home directory. The easiest method with the least administrative overhead is to configure a home directory using Group Policy. 1. Open Server Manager on a computer with Group Policy Management installed. 2. From the Tools menu click Group Policy Management. Group Policy Management appears. 3. Right click the domain and then click Create a Group Policy Object (GPO) in this domain, and Link it here. 4. In the New GPO dialog box, type a name for the GPO (for example, Home Folder), and then click OK. 5. Right click the newly created GPO and then clear the Link Enabled checkbox. This prevents the GPO from being applied until you finish configuring it. 6. Select the GPO. In the Security Filtering section of the Scope tab, remove the Authenticated Users and User Group that you created at the beginning (for example, TestGroup). 7. In Group Policy Management, right click the GPO you created, and then click Edit. 8. Navigate to User Configuration > Preferences > Windows Settings > Folders. 9. Right click on Folders and New > Folder. The General tab should have a Create Action and the Path should read \\MYSTOREESYSERVER\MYSHARE\%LogonUser%. In the Common tab, enable the Run in logged-on user’s security context option. Technical white paper Page 18 This allows your users to create the folder via the GPO, however they will not be able to browse the share, or view any folder other than their own. 10. Similarly you can add a drive mapping preference item to your GPO, mapping the path \\MYSTOREASYSERVER\MYSHARE\%LogonUser%. When a user logs in from any Windows client, this GPO setting will automatically create a folder for the user with exclusive user access and map the drive for users who are a member of your TestGroup group. 11. Once you have completed configuring the Home folder setting in Group Policy, the next step is to enable the GPO, permitting it to be applied to affected users. Right click the GPO that you created and then click Link Enabled. A checkbox appears next to the menu item. Technical white paper Page 19 12. Add the Linux user’s UID in NFS Identity Mapping or update the password file in %SystemRoot%\system32\drivers\etc\ depending on the method you selected for user mapping. Here is an example to show creation of a user with a specified UID and GID and setting home directory on a file share configured on HPE StoreEasy Storage. # df -k /userdata Filesystem 1K-blocks Used Available Use% Mounted on HomeDir.bitscnas.com:/userdata 3801973760 2399319520 1402654240 64% /userdata # adduser testuser -u 507 -g 506 # usermod -d /userdata/testuser testuser # ls -al /home/testuser/ total 28 drwx------ 4 testuser testgroup 4096 May 21 14:15 . drwxr-xr-x. 5 root root 4096 May 21 14:15 .. -rw-r--r-- 1 testuser testgroup 18 Apr 23 2012 .bash_logout -rw-r--r-- 1 testuser testgroup 176 Apr 23 2012 .bash_profile -rw-r--r-- 1 testuser testgroup 124 Apr 23 2012 .bashrc drwxr-xr-x 2 testuser testgroup 4096 Jul 14 2010 .gnome2 drwxr-xr-x 4 testuser testgroup 4096 May 7 2012 .mozilla May 21 14:18 Windir May 21 14:18 . drwxr-xr-x 2 4294967294 4294967294 64 May 21 13:50 .. -rw------- 1 testuser testgroup 81 May 21 14:18 .bash_history -rw-r--r-- 1 testuser testgroup 18 May 21 14:17 .bash_logout -rw-r--r-- 1 testuser testgroup 176 May 21 14:17 .bash_profile -rw-r--r-- 1 testuser testgroup 124 May 21 14:17 .bashrc drwxr-xr-x 2 testuser testgroup 64 May 21 14:17 .gnome2 drwxr-xr-x 2 testuser testgroup 64 May 21 14:17 .mozilla drwxr-xr-x 2 testuser testgroup 64 May 21 14:18 Windir # su – testuser -bash-4.1$ cp /home/testuser/.b* . -bash-4.1$ cp -r /home/testuser/.g* . -bash-4.1$ cp -r /home/testuser/.m* . -bash-4.1$ logout # su - testuser [testuser@rhel63host ~]$ pwd /userdata/testuser [testuser@rhel63host ~]$ ls -l total 1 drwxr-xr-x 2 testuser testgroup 64 [testuser@rhel63host ~]$ ls -la total 8 drwxr-xr-x 2 testuser testgroup [testuser@rhel63host ~]$ 4096 Technical white paper Add and remove users It’s recommended that you configure file system permissions and GPO configurations using User Group. This provides the flexibility of adding and removing users with minimal administrative tasks. Creating a new user: 1. Create a new user AD DS. 2. Add the user to a group that has permission to access the file share. 3. Set the group as the Primary Group for the user. 4. Create a UNIX user. 5. Depending on the method you selected, add the UID and GID in NFS Identity Mapping or update password and group files in %SystemRoot%\system32\drivers\etc\. Deleting a user: 1. Delete the user from AD DS. 2. Delete the UNIX user. 3. Remove the UID entry in NFS Identity Mapping or update the password and group files in %SystemRoot%\system32\drivers\etc\. Summary The HPE StoreEasy Storage product family provides SMB and NFS target server capabilities that enables storage provisioning over TCP/IP Network using multi-protocol support in heterogeneous environment. This solution allows customers to connect SMB, and NFS clients to HPE StoreEasy Storage and deploy a heterogeneous NAS solution. This document guides users to configure HPE StoreEasy Storage to access file shares from client systems running Windows, Mac and other operating systems, such as UNIX or Linux-based client. Resources The Storage Team at Microsoft®—File Cabinet Blog: aka.ms/nfs Learn more at hpe.com/storage/StoreEasy1000 hpe.com/storage/StoreEasy3000 Sign up for updates © Copyright 2013–2017 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Microsoft, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. UNIX is a registered trademark of The Open Group. Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. All other third-party trademark(s) is/are property of their respective owner(s). 4AA4-7478ENW, April 2017, Rev. 5
© Copyright 2024 Paperzz