Heterogeneous file serving on
HPE StoreEasy Storage using SMB
and NFS protocols
Contents
Introduction .................................................................................................................................................................................................................................................................................... 2
Objective of this white paper ................................................................................................................................................................................................................................... 2
Authentication methods ..................................................................................................................................................................................................................................................... 2
User mapping methods ....................................................................................................................................................................................................................................................... 2
File system permissions ...................................................................................................................................................................................................................................................... 3
Setting up multi-protocol access to a file share ............................................................................................................................................................................................ 4
SMB shares creation ........................................................................................................................................................................................................................................................ 4
NFS share creation ............................................................................................................................................................................................................................................................ 6
Configuring user mapping.......................................................................................................................................................................................................................................... 8
Issues with NFS export in UNIX ............................................................................................................................................................................................................................... 11
1. Restrict Chown ............................................................................................................................................................................................................................................................ 11
2. Enable NTFS Filename Case Sensitivity .............................................................................................................................................................................................. 13
3. NFS Filename Character Translation...................................................................................................................................................................................................... 14
Setting up Windows and UNIX user home directories........................................................................................................................................................................ 17
Add and remove users ..................................................................................................................................................................................................................................................... 20
Summary ....................................................................................................................................................................................................................................................................................... 20
Resources ..................................................................................................................................................................................................................................................................................... 20
Technical white paper
Technical white paper
Page 2
Introduction
In heterogeneous environments, client systems running Windows® or Mac OS X operating systems generally use the Server Message Block
(SMB) protocol to access files on a network storage file server, whereas Network File System (NFS) protocol is typically used in networks with
computers running UNIX® or Linux® operating systems. Sharing data between the different operating systems can be challenging in
heterogeneous computing environments that include both UNIX and PC/Windows hosts. The administrator must take into account the different
methods of authenticating users, file permissions, and network protocols.
HPE StoreEasy Storage is capable of using multi-protocol access to the same file share over both the SMB and NFS protocols. Organizations with
heterogeneous environments that consist of both Windows and other operating systems can take advantage of this by deploying HPE StoreEasy
Storage’s multi-protocol solution. Typically, when you deploy a Windows file server in this scenario, you want to facilitate collaboration between
users on Windows and UNIX-based computers. When a file share is configured, it is shared with both the SMB and NFS protocols, with Windows
users accessing their files over the SMB protocol, and users on UNIX-based computers typically access their files over the NFS protocol.
HPE StoreEasy Storage requires only a few and simple steps to configure the file share in a heterogeneous environment.
Objective of this white paper
File system permissions and user authentication using user mapping between UNIX and Windows are the two important configuration
considerations in a heterogeneous environment.
This document provides configuration best practices for HPE StoreEasy Storage to provision storage via the SMB and NFS protocols. The
configuration steps also include creating High Availability (HA) SMB and NFS shares on HPE StoreEasy 3000 clustered systems.
This document also includes some of the relevant use cases, such as configuring user home directories for Windows and UNIX clients, adding
and removing users.
Authentication methods
In heterogeneous environments, in order to get a user authenticated to access a file share, HPE StoreEasy Storage and Windows client
computers must be joined to the Active Directory Domain Services (AD DS).
There are different mechanisms available for NFS authentication on HPE StoreEasy Storage. The AUTH_SYS mechanism is one of the commonly
used methods and involves identifying both the user and the group by means of a 32-bit unsigned integer known as UID and GID respectively.
Special meaning is attached to a UID value of “0” (zero) and is used to indicate the “root” superuser.
The RPCSEC_GSS mechanism is a Kerberos v5 based protocol, which uses Kerberos credentials to identify the user. It provides several levels of
protection to the connection between an NFS client and an NFS server.
User mapping methods
HPE StoreEasy Storage runs the Windows Storage Server 2016 operating system, which represents users and groups with a unique Security
Identifier (SID), while UNIX operating systems represent users with User Identifiers (UIDs) and Group Identifiers (GIDs). Account mapping is the
process of correlating the UNIX UIDs and GIDs to corresponding Windows user and group SIDs.
You must select and configure the appropriate NFS account mapping method. After completing this task, users on computers with an NFS client
can access files and folders stored on HPE StoreEasy Storage using the NFS protocol.
Broadly, there are two category of user mapping methods: Mapped and unmapped user access. To maintain consistency of user and group
owner of files and their permissions across Windows and UNIX clients, it’s important to configure only mapped user access. This mapping method
includes:
• AD DS mapped user access, which maps UNIX identities to Windows identities. Use AD DS user mapping, when UNIX UIDs and GIDs need to
be mapped to specific Windows domain user or group accounts.
• Active Directory Lightweight Directory Services (AD LDS) mapped user access, which maps UNIX identities to Windows identities. Use AD LDS
user mapping when you have multiple computers running services for NFS that need to share the same mapping information, and when you
have computers that are members of a workgroup, not AD DS. AD LDS option is not recommended when NFS is configured in a High
Availability (HA) environment, where Windows failover cluster is deployed.
Technical white paper
Page 3
• Use local password and group mapping files, when files and folders are shared comparably in smaller configurations where mapping between
UID/GID and Windows accounts is still required. This is mainly used where clients for NFS and or server for NFS are standalone configurations
and Windows domains are not readily available. This method of user mapping access can also be used for domain joined systems.
Figure 1. NFS account mapping
File system permissions
The file system permission for the shared folder plays an important role in heterogeneous environments. Once the users are mapped
appropriately, a user can access files and folders on HPE StoreEasy Storage from any client system. This includes Windows and other operating
systems, such as UNIX or Linux-based client or Mac computers. Incorrect file system permissions may result in access from one client and not
from other.
Note
It is recommended that the setting of permissions be administered through the Windows Storage Server and not through NFS clients.
Permission setting is primarily driven by your organization’s security policy. Table 1 is an example of an NTFS file system permission for a shared
folder, where the user has full access to all its files and folders but only read and execute permission to others.
Table 1. NTFS file system permissions
User account
Minimum permission required
Applies to
Creator/Owner
Full control
Subfolders and files only
System
Full control
Subfolders and files only
Administrators
Full control
This folder only
User group needing to put data on share
List folder/read data Create folders/append data
This folder only
Everyone
Read and execute list folder content read
This folder, subfolders, and files
Technical white paper
Page 4
If you prefer not to provide read and execute permission to all users, then provide only the root user or its group this folder permission in order
to allow mounting the NFS volume from UNIX clients.
It is also important to verify umask setting for users on UNIX or Linux-based client systems. This setting controls the default file permissions of
files and directories when they are created. Most UNIX client systems have a default umask setting of 022, which creates folders with permissions
of (777-022) = 755 (rwxr-xr-x) and files with (666-022) = 644 (rw-r--r--).
If your organization has different requirements, you may need to change this umask setting in user profile settings.
Setting up multi-protocol access to a file share
HPE StoreEasy Storage allows an administrator to share a single folder via both SMB and NFS protocols. This section guides you to create SMB
and NFS shares along with selecting the authentication method, user mapping, and file system permission settings for multi-protocol access of
the shared folder.
Multi-protocol configuration with HPE StoreEasy Storage has the following software requirements:
• It is recommended that HPE StoreEasy Storage and Windows client computers must be joined to the AD DS. This is usually done as part of the
initial configuration of the storage system, either using Initial Configuration Tasks (ICT) or Server Manager (SM). However, user mapping can
also be done with local users.
• Users and their groups must be configured for Windows and UNIX clients. It is best to keep the same user and group names in UNIX and
Windows for easy administration. You must also create a user called root and a group for it to allow mounting the NFS share on UNIX clients.
Windows does not allow user names and group names to be the same, whereas UNIX does. For an example, the root user typically belongs to
the root group on a UNIX system. You might need change the root group to root in Windows.
• Set the group as the Primary Group.
• If you are planning to configure home directories for users, a computer must be available with Group Policy Management and Active Directory
Administration Center installed.
• User name and group names cannot be the same—unique names for the groups and users must be chosen. This can be accomplished by
adding group to the end of a UNIX group name, or similar.
• Beginning with Microsoft® Windows Server® 2012 and NFS 4.1, Microsoft Services for NFS does not support the implementation of NTFS
volume mount points. More details on this issue can be found at support.microsoft.com/en-us/help/2028639/microsoft-services-for-nfs-doesnot-support-ntfs-volume-mount-points.
SMB shares creation
HPE StoreEasy Storage runs Windows Storage Server 2016 with SMB 3.1 file server features, including SMB Transparent Failover,
Scale Out, Multichannel, and Encryption. To take advantage of these features, the SMB client and SMB server must support SMB 3.1 or above.
On HPE StoreEasy 3000 clustered systems, configure Failover Cluster before proceeding with the below steps:
1. Open Server Manager. Server Manager automatically opens up when ICT is closed or you could open by clicking on the Server Manager icon
available on the taskbar. Navigate to File and Storage Services in the left pane and select Shares.
2. Click on Tasks > New Shares. It would open the New Share Wizard.
Technical white paper
Page 5
3. On the Select Profile page of the wizard, click SMB Share—Quick. The File Server Resource Manager is installed by default, and if you would
like to configure quotas and use folder management properties, choose SMB Share—Advanced instead.
4. On the Share Location page, select the server and provide the location of the share. In case of non-clustered server, the Server is selected by
default, use the Browse button to provide the location of the folder you wish to share. For clustered solutions, choose the file server role
name under Server Name and then select the location.
Note
Clustered Shared Volumes (CSVs) are not supported for NFS shares, so you cannot use CSVs for multi-protocol configuration.
Technical white paper
Page 6
5. Provide the Share name; by default the Folder name is populated. You could add the Share description in the text box provided. The local
path and remote path of the share would be listed based on the Share name and location provided.
6. In the Other Settings page, leave the default selection Allow caching of share.
7. In the Permissions page, click Customize permissions. The Advanced Security Settings dialog box appears. Click Disable Inheritance, and
then click “Convert inherited permissions into explicit permission on this object.”
Set the permissions as described in File System Permission section on page 3, remove permissions for unlisted groups and accounts, and add
special permissions to the users group. Once you complete the selection, click on Apply.
8. Proceed and complete the remaining steps of the wizard.
NFS share creation
HPE StoreEasy Storage supports NFSv2, NFSv3, and NFSv4.1 protocol versions. NFSv4.1 adds significant capability to improve weaknesses
within NFSv4. NFSv4.1 builds a session layer on top of the transport layer to improve the reliability of the NFSv4 protocol.
1. Go to Server Manager > File and Storage Services > Shares.
2. Click on Tasks > New Share > NFS Share. Choose “NFS Share—Quick.”
Technical white paper
Page 7
3. On the Share Location page, select the share location that you selected to create the SMB share in the above section.
Selecting the authentication method
4. For mapped user access, you can either select Kerberos authentication (RPCSEC_GSS) or no server authentication (AUTH_SYS). Make sure
that the Enable unmapped user access check box is cleared.
Technical white paper
Page 8
Setting up NFS permissions for clients
5. At this stage, you grant permissions to clients to access the NFS Shares. If you do not have any specific requirements, for simplicity in
administration, you may wish to grant Read/Write permission to all Machines.
6. On the permissions page, keep the customized permissions that were created during SMB share creation.
7. Complete the wizard.
Configuring user mapping
UNIX client user access requests include the UID and GID of the user initiating the access request. HPE StoreEasy Storage running Server for
NFS sends a query to AD DS for the SAM Account Name that matches the UID and GID provided. Based on the response, Server for NFS grants
access to the file resources in the NFS shared directory.
AD DS
If you implement mapped user access using AD DS, follow these steps:
1. Join HPE StoreEasy Storage (NFS server) to an Active Directory domain.
2. Go to Server Roles > File and Storage Services > File and iSCSI Services.
Technical white paper
Page 9
3. Invoke Services for NFS, right click on Server for NFS, select Properties and go to the Netgroups tab and configure the Active Directory
domain to be used by Server for NFS for identity lookup.
4. Go to Server Manager > File and Storage Services > Servers. Right click on Server > NFS Settings > Identity Mapping Source Section.
Technical white paper
Page 10
5. Go to Server Manager > File and Storage Services > Servers. Right click on Server > NFS Identity Mapping.
6. Identify the UNIX password and group files that contain the UIDs and GIDs for the user and group accounts that will be used to access shares
exported by Server for NFS.
The UIDs and GIDs could also come from an LDAP or NIS service. Review the configuration of the UNIX environment to determine the
appropriate source for UIDs and GIDs.
7. In order to allow mounting the NFS share on UNIX client, you must add the root user and its group.
Technical white paper
Page 11
Local file based user mapping
As an alternative to the method above, you can simply copy the /etc/ password and /etc/group files to the
%SystemRoot%\system32\drivers\etc\ directory of the StoreEasy system.
The local files mapping feature is automatically enabled if both the files exist in this case.
To verify HPE StoreEasy Storage is using local file based user mapping, check for event ID 4028 in “Event Viewer” in Computer Management.
The event is reported in Applications and Services Logs\Microsoft\Windows\ServicesForNfs-Server\IdentityMapping. There should be two
events for each file.
Issues with NFS export in UNIX
1. Restrict Chown
The default behavior of Windows Storage Server 2016 is to create NFS exports with Restrict Chown enabled, this prevents an NFS client user
from modifying the ownership or group membership of files they own It can also prevent a user from successfully copying files they own when
using ‘cp –p’, the ‘-p’ switch being used to preserve permissions and ownership of the copied files.
The following issues are present when accessing files on an NFS mounted export[unmapped@CentOS67 test]$ df
Filesystem
1K-blocks
Used Available Use% Mounted on
/dev/mapper/vg_centos67-lv_root
tmpfs
/dev/sda1
16.27.182.9:sladden
4936736
2392604
2286700
1962264
0
1962264
487652
42038
420014
536737792 211131488 325606304
52% /
0% /dev/shm
10% /boot
40% /mnt
[unmapped@CentOS67 test]$ pwd
/mnt/unmapped/test
[unmapped@CentOS67 test]$ ll
total 0
[unmapped@CentOS67 test]$ cp /etc/resolv.conf resolv.txt
[unmapped@CentOS67 test]$ ll
total 1
-rw-r--r--. 1 unmapped unmapped 50 May
4
2016 resolv.txt
[unmapped@CentOS67 test]$ chgrp unmapped1 resolv.txt
chgrp: changing group of `resolv.txt': Permission denied //Issue 1
[unmapped@CentOS67 test]$ chown unmapped1 resolv.txt
chown: changing ownership of `resolv.txt': Permission denied
//Issue 2
[unmapped@CentOS67 test]$ cp -p resolv.txt resolv //Intermittent Issue 3
Technical white paper
Page 12
Every NFS share that is created in Windows Storage Server 2016 is added to the server registry under this registry key:
PS C:\Users\Administrator> reg query HKLM\Software\Microsoft\ServerForNFS\CurrentVersion\Exports /s
In order to modify this default behavior you need to modify the RestrictChown registry entry for each NFS export changing the RestrictChown
DWORD value to 0.
PS C:\Users\Administrator> reg add HKLM\Software\Microsoft\ServerForNFS\CurrentVersion\Exports\0 /v
RestrictChown /t REG_DWORD /d 0
Verify with
PS C:\Users\sladden.EMEA> reg query HKLM\Software\Microsoft\ServerForNFS\CurrentVersion\Exports /s
Then restart Server for NFS to apply the change
[unmapped@CentOS67 test]$ chgrp unmapped1 resolv.txt
# Command works as expected
[unmapped@CentOS67 test]$ chown unmapped1 resolv.txt
# Command works as expected
[unmapped@CentOS67 test]$ cp -p resolv.txt resolv # Command works as expected
Technical white paper
Page 13
2. Enable NTFS Filename Case Sensitivity
By default case sensitivity is not enabled within an NTFS file system, hence files created on an NFS export take no notice of case.
Case sensitivity is enabled and a fundamental requirement for UNIX clients when working with filenames.
To Check the same form UNIX client follow the Steps:-
[unmapped@CentOS67 test]$ touch Pete
[unmapped@CentOS67 test]$ ll
total 0
-rw-rw-r--. 1 unmapped unmapped 0 May
4
2016 Pete
4
2016 pete
[unmapped@CentOS67 test]$ ll pete
-rw-rw-r--. 1 unmapped unmapped 0 May
[unmapped@CentOS67 test]$ cat /etc/fstab > pete
`pete`
# This file should not exist
# This command should create the file
[unmapped@CentOS67 test]$ ll
total 4
-rw-rw-r--. 1 unmapped unmapped 785 May
overwritten the file Pete
[unmapped@CentOS67 test]$ cat pete
4
2016 Pete
# But the redirect command has
# Hence the file Pete now contains data
# /etc/fstab
To enable the case sensitivity you need to add a registry key to indicate case sensitivity with the following command:
C:\Users\Administrator>reg add “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v
obcaseinsensitive /t REG_DWORD /d 0
Verify with
PS C:\Users\sladden.EMEA> reg query “HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\kernel" /v
obcaseinsensitive
Technical white paper
Page 14
A server reboot is needed to apply this change.
After which case sensitivity is present for NFS exports
[unmapped@CentOS67 test]$ touch Pete
[unmapped@CentOS67 test]$ ll
total 0
-rw-rw-r--. 1 unmapped unmapped 0 May
4
2016 Pete
# file created as expected
[unmapped@CentOS67 test]$ cat /etc/fstab > pete
[unmapped@CentOS67 test]$ ll
total 1
-rw-rw-r--. 1 unmapped unmapped 785 May
called pete
4
2016 pete
-rw-rw-r--. 1 unmapped unmapped
4
2016 Pete
0 May
# now the redirect writes to the file
[unmapped@CentOS67 test]$ cat Pete
file Pete is empty
# this should provide no output as the
[unmapped@CentOS67 test]$ cat pete
/etc/fstab
# this should provide the contents of
# /etc/fstab
3. NFS Filename Character Translation
Both UNIX and Windows include a set of valid file name characters; however, these sets are different for each program. If you do not turn on and
configure character translation, Server for NFS cannot create some valid UNIX file names and you may receive an error message if you try to
create a file
The NTFS characters not supported in filenames are:
Illegal NTFS File Characters
1. / (forward slash)
0x2f
2. \ (backslash)
0x5c
3. : (colon)
0x3a
4. * (asterisk)
0x2a
5. ? (question mark)
0x3f
6. < (less than)
0x3c
7. > (greater than)
0x3e
8. ” (double quote)
0x22
9. | (vertical bar or pipe)
0x7c
Technical white paper
Page 15
Note
For more information refer to this link for Character support—“Character Sets And Code Pages At The Push Of A Button” and select ISO/IEC
8859-1 Latin 1
With NFS version 3 you have the option of resolving this by creating a translation file in NFS share (Windows) named NFS-Translation.txt. In this
file you need to have the information included as indicated below.
NFS-Translation.txt
0x00 0x2f : 0x00 0xD7 ; replace client “/" with server “Multiplication Sign"
0x00 0x5c : 0x00 0xA1 ; replace client “\" with server “Inverted Exclamation Mark"
0x00 0x3a : 0x00 0xA8 ; replace client “:" with server “Diaeresis"
0x00 0x2a : 0x00 0xB1 ; replace client “*" with server “Plus-Minus Sign"
0x00 0x3f : 0x00 0xBF ; replace client “?" with server “Inverted Question Mark"
0x00 0x3c : 0x00 0xAB ; replace client “<" with server “Left-Pointing Double Angle Quotation Mark"
0x00 0x3e : 0x00 0xBB ; replace client “>" with server “Right-Pointing Double Angle Quotation Mark"
0x00 0x22 : 0x00 0xF7 ; replace client “"" with server “Division Sign"
0x00 0x7c : 0x00 0xA6 ; replace client “|" with server “Broken Bar"
create a test folder on a Linux server of the form:
[bttv@centos5-01 rsyncshare]$ ll /tmp/translation/
total 48
drwxr-xr-x
2 root root
drwxrwxrwt 14 root root
4096 Apr 28 17:16 .
4096 Apr 28 17:16 ..
-rw-r--r--
1 bttv vosp2
0 Apr 28 15:50 file<
-rw-r--r--
1 bttv vosp2
0 Apr 28 15:50 file>
-rw-r--r--
1 bttv vosp2
0 Apr 28 15:51 file|
-rw-r--r--
1 bttv vosp2
0 Apr 28 15:50 file:
-rw-r--r--
1 bttv vosp2
0 Apr 28 15:51 file?
-rw-r--r--
1 bttv vosp2
0 Apr 28 15:51 file"
-rw-r--r--
1 bttv vosp2
0 Apr 28 15:51 file*
-rw-r--r--
1 bttv vosp2
0 Apr 28 15:51 file\
Technical white paper
Page 16
Copy the test folder content to share in UNIX
bttv@centos5-01 rsyncshare]$ df -hm
Filesystem
1M-blocks
Used Available Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
15840
3619
11405
99
41
53
878
0
878
16122
185
15119
10237
659
9579
/dev/sda1
tmpfs
25% /
44% /boot
0% /dev/shm
centos5-02:/data1/unix1
win2k12r2:rsyncshare
2% /centos5-02/unix1
7% /win2k12r2/rsyncshare
[bttv@centos5-01 rsyncshare]$ pwd
/win2k12r2/rsyncshare
[bttv@centos5-01 rsyncshare]$ cp /tmp/translation/* .
[bttv@centos5-01 rsyncshare]$ ll
total 13
drwxrwxrwx 2 4294967294 4294967294 4096 Apr 28 18:21 .
drwxr-xr-x 5 root
root
4096 Apr 28 17:16 ..
-rw-r--r-- 1 bttv
vosp2
0 Apr 28 18:36 file<
-rw-r--r-- 1 bttv
vosp2
0 Apr 28 18:36 file>
-rw-r--r-- 1 bttv
vosp2
0 Apr 28 18:36 file|
-rw-r--r-- 1 bttv
vosp2
0 Apr 28 18:36 file:
-rw-r--r-- 1 bttv
vosp2
0 Apr 28 18:36 file?
-rw-r--r-- 1 bttv
vosp2
0 Apr 28 18:36 file"
-rw-r--r-- 1 bttv
vosp2
0 Apr 28 18:36 file*
-rw-r--r-- 1 bttv
vosp2
0 Apr 28 18:36 file\
-rw-rw-r-- 1 bttv
vosp2
130 Apr 28 13:48 unmapped-resolv.conf
-rw-rw-r-- 1 bttv
vosp2
130 Apr 28 13:48 unmapped-resolv-copy.txt
Technical white paper
Page 17
VerifyD:\rsyncshare>dir
Volume in drive D is Data
Volume Serial Number is 6EE8-E4D2
Directory of D:\rsyncshare
28/04/2016
18:21
<DIR>
.
28/04/2016
18:21
<DIR>
..
28/04/2016
18:21
0 file¡
28/04/2016
18:21
0 file¦
28/04/2016
18:21
0 file¨
28/04/2016
18:21
0 file«
28/04/2016
18:21
0 file±
28/04/2016
18:21
0 file»
28/04/2016
18:21
0 file¿
28/04/2016
18:21
0 file÷
28/04/2016
13:48
130 unmapped-resolv-copy.txt
28/04/2016
13:48
130 unmapped-resolv.conf
Setting up Windows and UNIX user home directories
This section describes the configuration procedure for Windows and UNIX user home directories. With a home directory configured, a user has
access to his same set of files and folders irrespective of the type of client used for access.
There are several methods available to configure a user home directory. The easiest method with the least administrative overhead is to
configure a home directory using Group Policy.
1. Open Server Manager on a computer with Group Policy Management installed.
2. From the Tools menu click Group Policy Management. Group Policy Management appears.
3. Right click the domain and then click Create a Group Policy Object (GPO) in this domain, and Link it here.
4. In the New GPO dialog box, type a name for the GPO (for example, Home Folder), and then click OK.
5. Right click the newly created GPO and then clear the Link Enabled checkbox. This prevents the GPO from being applied until you finish
configuring it.
6. Select the GPO. In the Security Filtering section of the Scope tab, remove the Authenticated Users and User Group that you created at the
beginning (for example, TestGroup).
7. In Group Policy Management, right click the GPO you created, and then click Edit.
8. Navigate to User Configuration > Preferences > Windows Settings > Folders.
9. Right click on Folders and New > Folder. The General tab should have a Create Action and the Path should read
\\MYSTOREESYSERVER\MYSHARE\%LogonUser%. In the Common tab, enable the Run in logged-on user’s security context option.
Technical white paper
Page 18
This allows your users to create the folder via the GPO, however they will not be able to browse the share, or view any folder other than
their own.
10. Similarly you can add a drive mapping preference item to your GPO, mapping the path
\\MYSTOREASYSERVER\MYSHARE\%LogonUser%.
When a user logs in from any Windows client, this GPO setting will automatically create a folder for the user with exclusive user access and map
the drive for users who are a member of your TestGroup group.
11. Once you have completed configuring the Home folder setting in Group Policy, the next step is to enable the GPO, permitting it to be applied
to affected users. Right click the GPO that you created and then click Link Enabled.
A checkbox appears next to the menu item.
Technical white paper
Page 19
12. Add the Linux user’s UID in NFS Identity Mapping or update the password file in %SystemRoot%\system32\drivers\etc\ depending
on the method you selected for user mapping.
Here is an example to show creation of a user with a specified UID and GID and setting home directory on a file share configured on
HPE StoreEasy Storage.
# df -k /userdata
Filesystem
1K-blocks
Used Available Use% Mounted on
HomeDir.bitscnas.com:/userdata
3801973760 2399319520 1402654240 64% /userdata
# adduser testuser -u 507 -g 506
# usermod -d /userdata/testuser testuser # ls -al /home/testuser/ total 28
drwx------
4
testuser
testgroup
4096
May
21
14:15 .
drwxr-xr-x.
5
root
root
4096
May
21
14:15 ..
-rw-r--r--
1
testuser
testgroup
18
Apr
23
2012 .bash_logout
-rw-r--r--
1
testuser
testgroup
176
Apr
23
2012 .bash_profile
-rw-r--r--
1
testuser
testgroup
124
Apr
23
2012 .bashrc
drwxr-xr-x
2
testuser
testgroup
4096
Jul
14
2010 .gnome2
drwxr-xr-x
4
testuser
testgroup
4096
May
7
2012 .mozilla
May
21
14:18 Windir
May
21
14:18 .
drwxr-xr-x 2 4294967294 4294967294 64
May
21
13:50 ..
-rw------- 1 testuser testgroup
81
May
21
14:18 .bash_history
-rw-r--r-- 1 testuser testgroup
18
May
21
14:17 .bash_logout
-rw-r--r-- 1 testuser testgroup
176
May
21
14:17 .bash_profile
-rw-r--r-- 1 testuser testgroup
124
May
21
14:17 .bashrc
drwxr-xr-x 2 testuser testgroup
64
May
21
14:17 .gnome2
drwxr-xr-x 2 testuser testgroup
64
May
21
14:17 .mozilla
drwxr-xr-x 2 testuser testgroup
64
May
21
14:18 Windir
# su – testuser
-bash-4.1$ cp /home/testuser/.b* .
-bash-4.1$ cp -r /home/testuser/.g* .
-bash-4.1$ cp -r /home/testuser/.m* .
-bash-4.1$ logout
# su - testuser [testuser@rhel63host ~]$ pwd
/userdata/testuser
[testuser@rhel63host ~]$ ls -l total 1
drwxr-xr-x 2 testuser
testgroup
64
[testuser@rhel63host ~]$ ls -la total 8
drwxr-xr-x 2 testuser testgroup
[testuser@rhel63host ~]$
4096
Technical white paper
Add and remove users
It’s recommended that you configure file system permissions and GPO configurations using User Group. This provides the flexibility of adding
and removing users with minimal administrative tasks.
Creating a new user:
1. Create a new user AD DS.
2. Add the user to a group that has permission to access the file share.
3. Set the group as the Primary Group for the user.
4. Create a UNIX user.
5. Depending on the method you selected, add the UID and GID in NFS Identity Mapping or update password and group files in
%SystemRoot%\system32\drivers\etc\.
Deleting a user:
1. Delete the user from AD DS.
2. Delete the UNIX user.
3. Remove the UID entry in NFS Identity Mapping or update the password and group files in %SystemRoot%\system32\drivers\etc\.
Summary
The HPE StoreEasy Storage product family provides SMB and NFS target server capabilities that enables storage provisioning over TCP/IP
Network using multi-protocol support in heterogeneous environment. This solution allows customers to connect SMB, and NFS clients to
HPE StoreEasy Storage and deploy a heterogeneous NAS solution.
This document guides users to configure HPE StoreEasy Storage to access file shares from client systems running Windows, Mac and other
operating systems, such as UNIX or Linux-based client.
Resources
The Storage Team at Microsoft®—File Cabinet Blog: aka.ms/nfs
Learn more at
hpe.com/storage/StoreEasy1000
hpe.com/storage/StoreEasy3000
Sign up for updates
© Copyright 2013–2017 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without
notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard
Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
Microsoft, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States
and/or other countries. UNIX is a registered trademark of The Open Group. Linux is the registered trademark of Linus Torvalds in the U.S.
and other countries. All other third-party trademark(s) is/are property of their respective owner(s).
4AA4-7478ENW, April 2017, Rev. 5