This video's purpose is to show how to create a manual mapping of users between Windows and UNIX authentication services. In addition, an example is shown of how to properly take ownership of a share and confirm the mapping is configured properly. Begin by clicking the system tab for the fluid Fs cluster inside enterprise manager. Next, select the directory services sub tab to review the directories available to the cluster. In this example, we have active directory configured for Windows users who will be mapped to a UNIX NIS directory server. In addition to NIS LDA is also supported by Fluid Fs.
After verifying directory services are configured properly, select the user mapping sub tab. The edit user mapping policy option allows the selection of manual or automatic user mapping. If automatic user mapping is selected, then users will be mapped based upon a case sensitive matching of their user name. It is still possible to manually map users even if the cluster has automatic mapping enabled. Once the policy is chosen, the option to create user mapping rule will allow the creation of manual mappings search for the users by the beginning of their user name corresponding to each of the directory services by default, the cluster is configured for two way permission mapping.
However, if all NAS volumes are configured for NTFS style permissions, then it is ideal to change the setting to enable UNIX to Windows mapping. Otherwise if all NAS volumes are configured for UNIX style permissions, the option to enable Windows to UNIX mapping is best after completing the manual mapping, enterprise manager will display the new entry in the list. Next, we demonstrate how this mapping works with a new SMB share and NFS export pointing to the same directory of data on the Fluid Fs cluster. First, a new NAS volume and share is created note the path being chosen next. Since Fluid Fs defaults the security style of NAS volumes to NTFS, we will take ownership of the share and define the permissions to the folder via windows.
The owner of the share is changed to the Windows user that was selected when creating the manual mapping. Earlier in the video, this will give the user full control of the share and its contents when accessing from a windows client to verify the AC L has been modified properly, close out of the share properties and open them. Once again, the root entries that were originally present should be replaced by a default set of Windows AC LS. In addition to our Windows user, next, we will create the NFS export that UNIX users will utilize to access the data. A new NFS export is created using the same NAS volume as the SMB share created before.
Note that the folder path is modified to match what was used in the SMB share. A new AC L entry is added to the NFS export to allow all users access from a specific client. From a Linux client. We are able to see the newly created export. Next, a new directory is created as a mount point for the export on the client system. Finally, the export is mounted note that this example makes use of NFS version three. However, fluid FS has full support for NFS version four as well. Extra configuration is required on the NF SS version four client to ensure proper permissions are displayed after changing directory to the location of our mounted export.
A directory listing allows us to see the owner of the exported directory. As expected. The UNIX user selected in the manual mapping is displayed.