Skip to main content

Welcome

Dell Sites

Dell Technologies
Premier Sign In
Partner Program Sign In
Dell Financial Services
Support

Dell Sites

Dell Technologies
Premier Sign In
Partner Program Sign In
Dell Financial Services
Support

Welcome to Dell

My Account

Place orders quickly and easily
View orders and track your shipping status
Enjoy members-only rewards and discounts
Create and access a list of your products
Manage your Dell EMC sites, products, and product-level contacts using Company Administration.

Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In

Your Dell.com Carts

Products
Solutions
Services
Contact Us

Support
Product Support
Manuals

PowerScale OneFS 9.3.0.0 CLI Administration Guide

Notes, cautions, and warnings
Introduction to this guide
- About this guide
- Scale-out NAS overview
- Where to get help
  - Additional options for getting help
PowerScale scale-out NAS
- OneFS storage architecture
- Node components
- Internal and external networks
- PowerScale cluster
- The OneFS operating system
  - Mixed data-access protocol environments
  - Identity management and access control
- Structure of the file system
- Data protection overview
- Data compression
- Software modules
Introduction to the OneFS command-line interface
- OneFS command-line interface overview
- Syntax diagrams
- Universal options
- Command-line interface privileges
- SmartLock compliance command permissions
- OneFS time values
General cluster administration
- General cluster administration overview
- User interfaces
- Connecting to the cluster
  - Log in to the web administration interface
  - Open an SSH connection to a cluster
- Licensing
- Certificates
- Cluster identity
  - Set the cluster name
- Cluster contact information
- Cluster date and time
  - Set the cluster date and time
  - Specify an NTP time server
- SMTP email settings
  - Configure SMTP email settings
  - View SMTP email settings
- Configuring the cluster join mode
  - Specify the cluster join mode
- File system settings
  - Specify the cluster character encoding
  - Enable or disable access time tracking
- Data compression settings and monitoring
- Events and alerts
- Security hardening
- Cluster configuration backup and restore
  - Cluster configuration backup and restore
- Cluster monitoring
  - Monitor the cluster
  - View node status
- Monitoring cluster hardware
- Cluster maintenance
- SRS Summary
Access zones
- Data Security overview
- Base directory guidelines
- Access zones best practices
- Access zones on a SyncIQ secondary cluster
- Access zone limits
- Quality of service
- Zone-based Role-based Access Control (zRBAC)
  - Integrated roles in non-System zones
- Zone-specific authentication providers
- Managing access zones
Authentication
- Authentication overview
- Authentication provider features
- Security Identifier (SID) history overview
- Supported authentication providers
- Active Directory
- LDAP
- NIS
- Kerberos authentication
  - Keytabs and SPNs overview
  - MIT Kerberos protocol support
- File provider
- Local provider
- Multi-factor Authentication (MFA)
- Multi-instance active directory
- LDAP public keys
- Managing Active Directory providers
  - Configure an Active Directory provider
  - Modify an Active Directory provider
  - Specify support for RFC 2307 to an Active Directory provider
  - Delete an Active Directory provider
- Managing LDAP providers
  - Configure an LDAP provider
  - Modify an LDAP provider
  - Delete an LDAP provider
  - Configure the LDAP provider to use TLS connections
- Managing NIS providers
  - Configure an NIS provider
  - Modify an NIS provider
  - Delete an NIS provider
- Managing MIT Kerberos authentication
  - Managing MIT Kerberos realms
  - Managing MIT Kerberos providers
  - Managing MIT Kerberos domains
  - Managing SPNs and keys
- Managing file providers
  - Configure a file provider
  - Generate a password file
  - Modify a file provider
  - Delete a file provider
  - Password file format
  - Group file format
  - Netgroup file format
- Managing local users and groups
  - View a list of users and groups by provider
  - Create a local user
  - Create a local group
  - Naming rules for local users and groups
  - Configure or modify a local password policy
  - Local password policy settings
  - Modify a local user
  - Modify a local group
  - Delete a local user
  - Delete a local group
- SSH Authentication and Configuration
  - Pre-requisites for Multi-factor Authentication (MFA)
  - SSH configuration using password
  - SSH Configuration using public keys
Administrative roles and privileges
- Role-based access
- Roles
  - Custom roles
  - OneFS roles
- Privileges
- Managing roles
Identity management
- Identity management overview
- Identity types
- Access tokens
- Access token generation
- Managing ID mappings
- Managing user identities
Home directories
- Home directories overview
- Home directory permissions
- Authenticating SMB users
- Home directory creation through SMB
- Home directory creation through SSH and FTP
- Home directory creation in a mixed environment
- Interactions between ACLs and mode bits
- Default home directory settings in authentication providers
- Supported expansion variables
- Domain variables in home directory provisioning
Data access control
- Data access control overview
- ACLs
- UNIX permissions
- Mixed-permission environments
  - NFS access of Windows-created files
  - SMB access of UNIX-created files
- Managing access permissions
File sharing
- File sharing overview
  - Mixed protocol environments
  - Write caching with SmartCache
    - Write caching for asynchronous writes
    - Write caching for synchronous writes
- SMB security
- NFS security
- FTP
- HTTP and HTTPS security
File filtering
- File filtering in an access zone
- Enable and configure file filtering in an access zone
- Disable file filtering in an access zone
- View file filtering settings
Auditing and logging
- Auditing overview
- Syslog
  - Syslog forwarding
- Protocol audit events
- Supported audit tools
- Delivering protocol audit events to multiple CEE servers
- Supported event types
- Sample audit log
- Audit log purging
- Managing audit settings
- Integrating with the Common Event Enabler
- Tracking the delivery of protocol audit events
Snapshots
- Snapshots overview
- Data protection with SnapshotIQ
- Snapshot disk-space usage
- Snapshot schedules
- Snapshot aliases
- File and directory restoration
- Best practices for creating snapshots
- Best practices for creating snapshot schedules
- File clones
  - Shadow-store considerations
- Snapshot locks
- Snapshot reserve
- Writable snapshots
- SnapshotIQ license functionality
- Creating snapshots with SnapshotIQ
  - Create a SnapRevert domain
  - Create a snapshot schedule
  - Create a snapshot
  - Snapshot naming patterns
- Managing writable snapshots
  - Create a writable snapshot
  - Delete a writable snapshot
  - List writable snapshots
  - View writable snapshots
- Managing snapshots
  - Reducing snapshot disk-space usage
  - Delete a snapshot
  - Modify snapshot attributes
  - Modify a snapshot alias
  - View snapshots
  - Snapshot information
- Restoring snapshot data
  - Revert a snapshot
  - Restore a file or directory using Windows Explorer
  - Restore a file or directory through a UNIX command line
  - Clone a file from a snapshot
- Managing snapshot schedules
  - Modify a snapshot schedule
  - Delete a snapshot schedule
  - View snapshot schedules
- Managing snapshot aliases
  - Configure a snapshot alias for a snapshot schedule
  - Assign a snapshot alias to a snapshot
  - Reassign a snapshot alias to the live file system
  - View snapshot aliases
  - Snapshot alias information
- Managing with snapshot locks
  - Create a snapshot lock
  - Modify a snapshot lock expiration date
  - Delete a snapshot lock
  - Snapshot lock information
- Configure SnapshotIQ settings
  - SnapshotIQ settings
- Set the snapshot reserve
- Managing changelists
  - Create a changelist
  - Delete a changelist
  - View a changelist
  - Changelist information
- Managing writable snapshots
  - Create a writable snapshot
  - Delete a writable snapshot
  - List writable snapshots
  - View writable snapshots
Deduplication with SmartDedupe
- Deduplication overview
- Deduplication jobs
- Data replication and backup with deduplication
- Snapshots with deduplication
- Deduplication considerations
- Shadow-store considerations
- SmartDedupe license functionality
- Managing deduplication
Inline Data Deduplication
- Inline Data Deduplication overview
- Inline deduplication interoperability
- Considerations for using inline deduplication
- Enable inline deduplication
- Verify inline deduplication is enabled
- View inline deduplication reports
- Disable or pause inline deduplication
- Remove deduplication
- Troubleshoot index allocation issues
Data replication with SyncIQ
- SyncIQ data replication overview
- Replication policies and jobs
  - SmartLock considerations for SyncIQ
  - Automated replication policies
  - Source and target cluster association
  - Configuring SyncIQ source and target clusters with NAT
  - Full and differential replication
  - Controlling replication job resource consumption
  - Replication policy priority
  - Replication reports
- Replication snapshots
  - Source cluster snapshots
  - Target cluster snapshots
- Data failover and failback with SyncIQ
  - Data failover
  - Data failback
  - SmartLock compliance mode failover and failback
  - SmartLock replication limitations
- Recovery times and objectives for SyncIQ
  - RPO Alerts
- Replication policy priority
- SyncIQ license functionality
- Replication for nodes with multiple interfaces
- Restrict SyncIQ source nodes
- Creating replication policies
  - Excluding directories in replication
  - Excluding files in replication
  - File criteria options
  - Configure default replication policy settings
  - Create a replication policy
  - Create a SyncIQ domain
  - Assess a replication policy
- Managing replication to remote clusters
  - Start a replication job
  - Pause a replication job
  - Resume a replication job
  - Cancel a replication job
  - View active replication jobs
  - Restrict SyncIQ to use the interfaces in the IP address pool
  - Modify the Restrict Target Network value
  - Replication job information
- Initiating data failover and failback with SyncIQ
  - Fail over data to a secondary cluster
  - Revert a failover operation
  - Fail back data to a primary cluster
  - Run the ComplianceStoreDelete job in a Smartlock compliance mode domain
- Performing disaster recovery for older SmartLock directories
  - Recover SmartLock compliance directories on a target cluster
  - Migrate SmartLock compliance directories
- Managing replication policies
  - Modify a replication policy
  - Delete a replication policy
  - Enable or disable a replication policy
  - View replication policies
  - Replication policy information
- Managing replication to the local cluster
  - Cancel replication to the local cluster
  - Break local target association
  - View replication policies targeting the local cluster
  - Remote replication policy information
- Managing replication performance rules
  - Create a network traffic rule
  - Create a file operations rule
  - Modify a performance rule
  - Delete a performance rule
  - Enable or disable a performance rule
  - View performance rules
- Managing replication reports
  - Configure default replication report settings
  - Delete replication reports
  - View replication reports
  - Replication report information
- Managing failed replication jobs
  - Resolve a replication policy
  - Reset a replication policy
  - Perform a full or differential replication
- Restrict SyncIQ to use the interfaces in the IP address pool
- Modify the Restrict Target Network value
Data Encryption with SyncIQ
- SyncIQ data encryption overview
- SyncIQ traffic encryption
  - Configure certificates
  - Create encrypted SyncIQ policies
- Per-policy throttling overview
  - Create a bandwidth rule
- Troubleshooting SyncIQ encryption
Data Compression
- Data compression
- Data compression settings and monitoring
- Enable or disable data compression
- View compression statistics
Data layout with FlexProtect
- FlexProtect overview
- File striping
- Requested data protection
- FlexProtect data recovery
  - Smartfail
  - Node failures
- Requesting data protection
- Requested protection settings
- Requested protection disk space usage
Large file size support
- Large file support
- Feature enablement requirements
- Restrictions after enabling large file support
- Enable large file support
- Check SyncIQ and cluster disk space compatibility
Administering NDMP
- NDMP backup and recovery overview
- NDMP two-way backup
- NDMP three-way backup
- Support for NDMP sessions on Generation 6 hardware
- Setting preferred IPs for NDMP three-way operations
- NDMP multi-stream backup and recovery
- Snapshot-based incremental backups
- NDMP backup and restore of SmartLink files
- NDMP protocol support
- Supported DMAs
- NDMP hardware support
- NDMP backup limitations
- NDMP performance recommendations
- Excluding files and directories from NDMP backups
- Configuring basic NDMP backup settings
  - Configure and enable NDMP backup
  - Disable NDMP backup
  - NDMP backup settings
  - View NDMP backup settings
- Managing NDMP user accounts
  - Create an NDMP user account
  - Modify the password of an NDMP user account
  - Delete an NDMP user account
  - View NDMP user accounts
- Managing NDMP backup devices
  - Detect NDMP backup devices
  - Modify an NDMP backup device entry name
  - Delete a device entry for a disconnected NDMP backup device
  - View NDMP backup devices
- Managing NDMP Fibre Channel ports
  - Modify NDMP backup port settings
  - Enable or disable an NDMP backup port
  - View NDMP backup ports
  - NDMP backup port settings
- Managing NDMP preferred IP settings
  - Create an NDMP preferred IP setting
  - Modify an NDMP preferred IP setting
  - List NDMP preferred IP settings
  - View NDMP preferred IP settings
  - Delete NDMP preferred IP settings
- Managing NDMP sessions
  - End an NDMP session
  - View NDMP sessions
  - NDMP session information
- Managing NDMP restartable backups
  - Configure NDMP restartable backups for NetWorker
  - View NDMP restartable backup contexts
  - Delete an NDMP restartable backup context
  - Configure NDMP restartable backup settings
  - View NDMP restartable backup settings
- NDMP restore operations
  - NDMP parallel restore operation
  - NDMP serial restore operation
  - Specify a NDMP serial restore operation
- Managing default NDMP variables
  - Specify the default NDMP variable settings for a path
  - Modify the default NDMP variable settings for a path
  - View the default NDMP settings for a path
  - NDMP environment variables
  - Setting environment variables for backup and restore operations
- Managing snapshot based incremental backups
  - Enable snapshot-based incremental backups for a directory
  - Delete snapshots for snapshot-based incremental backups
  - View snapshots for snapshot-based incremental backups
- Managing cluster performance for NDMP sessions
  - Enable NDMP Redirector to manage cluster performance
- Managing CPU usage for NDMP sessions
  - Enable NDMP Throttler
- View NDMP backup logs
File retention with SmartLock
- SmartLock overview
- Compliance mode
- Enterprise mode
- SmartLock directories
- Replication and backup with SmartLock
- SmartLock license functionality
- SmartLock considerations
- Delete WORM domain and directories
- Set the compliance clock
- View the compliance clock
- Creating a SmartLock directory
- Managing SmartLock directories
- Managing files in SmartLock directories
Data Removal with Instant Secure Erase (ISE)
- Instant Secure Erase
- ISE during drive smartfail
- Enable Instant Secure Erase (ISE)
- View current ISE configuration
- Disable Instant Secure Erase (ISE)
Protection domains
- Protection domains overview
- Protection domain considerations
- Create a protection domain
- Delete a protection domain
Data-at-rest-encryption
- Data-at-rest encryption overview
- Self-encrypting drives
- Data security on self-encrypting drives
- Data migrations and upgrades to a cluster with self-encrypting drives
- Enabling external key management
- Migrate nodes and SEDs to external key management
- Chassis and drive states
- Smartfailed drive REPLACE state
- Smartfailed drive ERASE state
SmartQuotas
- SmartQuotas overview
- Quota types
- Default quota type
- Usage accounting and limits
- Disk-usage calculations
- Quota notifications
- Quota notification rules
- Quota reports
- Creating quotas
  - Create an accounting quota
  - Create an enforcement quota
- Managing quotas
Storage Pools
- Storage pools overview
- Storage pool functions
- Autoprovisioning
- Node pools
  - Compatibilities
  - Compatibility restrictions
  - Manual node pools
- Virtual hot spare
- Spillover
- Suggested protection
- Protection policies
- SSD strategies
- Other SSD mirror settings
- Global namespace acceleration
- L3 cache overview
  - Migration to L3 cache
  - L3 cache on archive-class node pools
- Tiers
- File pool policies
  - FilePolicy job
- Managing node pools through the command-line interface
  - Delete an SSD compatibility
  - Create a node pool manually
  - Add a node to a manually managed node pool
  - Add a new node type to an existing node pool
  - Remove a node type from a node pool
  - Change the name or protection policy of a node pool
  - Remove a node from a manually managed node pool
  - Remove a node pool from a tier
  - View node pool settings
  - Modify default storage pool settings
  - SmartPools settings
- Managing L3 cache from the command-line interface
  - Set L3 cache as the default for new node pools
  - Enable L3 cache on a specific node pool
  - Restore SSDs to storage drives for a node pool
- Managing tiers
  - Create a tier
  - Add or move node pools in a tier
  - Rename a tier
  - Delete a tier
- Creating file pool policies
  - Create a file pool policy
  - Valid wildcard characters
  - Default file pool requested protection settings
  - Default file pool I/O optimization settings
- Managing file pool policies
  - Modify a file pool policy
  - Configure default file pool policy settings
  - Prioritize a file pool policy
  - Delete a file pool policy
- Monitoring storage pools
  - Monitor storage pools
  - View the health of storage pools
  - View results of a SmartPools job
Pool-based tree reporting in FSAnalyze (FSA)
- FSAnalyze (FSA)
- Pool-based tree reporting in FSAnalyze (FSA)
- Enable pool-based tree reporting in FSA
- Disable pool-based tree reporting in FSA
System jobs
- System jobs overview
- System jobs library
- Job operation
- Job performance impact
- Job priorities
- Managing system jobs
- Modify job type settings
- Managing impact policies
- Viewing job reports and statistics
  - View statistics for a job in progress
  - View a report for a completed job
S3 support
- S3
  - S3 concepts
- Server Configuration
- Bucket handling
  - Managing buckets
- Object handling
- Authentication
- Access key management
  - Managing keys
Small Files Storage Efficiency for archive workloads
- Overview
- Requirements
- Upgrades and rollbacks
- Interoperability
- Managing Small Files Storage Efficiency
- Reporting features
- File system structure
  - Viewing file attributes
- Defragmenter overview
- Managing the defragmenter
- CLI commands for Small Files Storage Efficiency
- Troubleshooting Small Files Storage Efficiency
  - Log files
  - Fragmentation issues
Networking
- Networking overview
- About the internal network
  - Internal IP address ranges
  - Internal network failover
- About the external network
- Managing internal network settings
- Managing groupnets
- Managing external network subnets
- Managing Multi-SSIP
- Managing IP address pools
- Managing SmartConnect Settings
- Managing connection rebalancing
  - Configure an IP rebalance policy
  - Manually rebalance IP addresses
- Managing network interface members
- Managing node provisioning rules
- Managing routing options
  - Enable or disable source-based routing
  - Add or remove a static route
- Managing DNS cache settings
  - DNS cache settings
NFS3oRDMA
- RDMA support for NFSoRDMA
- Enable RDMA feature for NFSv3 protocol
- Disable RDMA feature for NFSv3 protocol
- View RDMA flag on network interface cards
- Create an IP address pool with RDMA support
- Modify an IP address pool with RDMA support
Partitioned Performance Monitoring
- Partitioned Performance Monitoring
- Workload monitoring
- Create a standard dataset
- Pin a workload
- Create a dataset with filters
- Apply filter(s) to a dataset
- View statistics
- Additional information
IPMI
- IPMI overview
- Enable IPMI
- Enable IPMI power control and Serial over LAN
- Configure IPMI username and password
Antivirus
- Antivirus overview
- On-access scanning
- ICAP Antivirus policy scanning
- Individual file scanning using ICAP
- WORM files and antivirus
- Antivirus scan reports
- ICAP servers
- CAVA servers
- ICAP threat responses
- CAVA threat responses
- Configuring global antivirus settings
- Managing ICAP servers
- Managing CAVA servers
- Create an ICAP antivirus policy
- Managing ICAP antivirus policies
- Managing antivirus scans
- Managing antivirus threats
- Managing antivirus reports
  - View antivirus reports
  - View antivirus events

PDF

Loading, Please wait

Kerberos authentication

Kerberos is a network authentication provider that negotiates encryption tickets for securing a connection. OneFS supports Microsoft Kerberos and MIT Kerberos authentication providers on a cluster. If you configure an Active Directory provider, support for Microsoft Kerberos authentication is provided automatically. MIT Kerberos works independently of Active Directory.

For MIT Kerberos authentication, you define an administrative domain known as a realm. Within this realm, an authentication server has the authority to authenticate a user, host, or service; the server can resolve to either IPv4 or IPv6 addresses. You can optionally define a Kerberos domain to allow additional domain extensions to be associated with a realm.

The authentication server in a Kerberos environment is called the Key Distribution Center (KDC) and distributes encrypted tickets. When a user authenticates with an MIT Kerberos provider within a realm, a cryptographic ticket-granting ticket (TGT) is created. The TGT enables the user access to a service principal name (SPN).

Each MIT Kerberos provider is associated with a groupnet. The groupnet is a top-level networking container that manages hostname resolution against DNS nameservers. It contains subnets and IP address pools. The groupnet specifies which networking properties the Kerberos provider uses when it communicates with external servers. The groupnet associated with the Kerberos provider cannot be changed. Instead, delete the Kerberos provider and create it again with the new groupnet association.

You can add an MIT Kerberos provider to an access zone as an authentication method for clients connecting through the access zone. An access zone may include at most one MIT Kerberos provider. The access zone and the Kerberos provider must reference the same groupnet. You can discontinue authentication through an MIT Kerberos provider by removing the provider from associated access zones.

NOTE: Do not use the NULL account with Kerberos authentication. Using the NULL account for Kerberos authentication can cause issues.

Data is not available for the Topic

Rate this content

All fields are required unless marked otherwise.

Accurate

not accurate

somewhat accurate

mostly accurate

accurate

very accurate

Useful

not useful

somewhat useful

mostly useful

useful

very useful

Easy to understand

not easy

somewhat easy

mostly easy

easy

very-easy

Was this article helpful?

Yes

No

Send us feedback (Optional)

0/3000 characters

Comments cannot contain these special characters: <>()\

Sorry, our feedback system is currently down. Please try again later.

Thank you for your feedback.

Please provide ratings (1-5 stars).

Please provide ratings (1-5 stars).

Please provide ratings (1-5 stars).

Please select whether the article was helpful or not.

Comments cannot contain these special characters: <>()\

Account

My Account
Order Status
Profile Settings
My Products
Make a Payment
Dell Rewards Balance

Support

Support Home
Contact Technical Support
Returns

Connect with Us

Community
Contact Us
X (Twitter)
LinkedIn
Instagram
YouTube

Our Offerings

Artificial Intelligence
Products
Solutions
Services
Deals

Our Company

Who We Are
Careers
Dell Technologies Capital
Investors
Newsroom
Perspectives
Recycling
ESG & Impact
Customer Stories

Our Partners

Find a Partner
Find a Reseller
OEM Solutions
Partner Program

Resources

Blog
Dell Rewards
Events
Email Sign-Up
Dell Learning Center
Glossary
Privacy Center
Resource Library
Security & Trust Center
Trial Software Downloads

Dell Technologies
Dell Premier
Dell Financial Services

Copyright © 2024 Dell Inc.
Terms of Sale
Privacy Statement
Do Not Sell or Share My Personal Information
Cookies, Ads & Emails
Legal & Regulatory
Accessibility
Anti-Slavery & Human Trafficking