- Notes, cautions, and warnings
- Additional Resources
- Overview
- Deep dive: File system security and access in a multiprotocol environment
- Configure a NAS server for multiprotocol file sharing
- Configuring NAS servers for multiprotocol file sharing
- Create a NAS server for multiprotocol file sharing (SMB and NFS)
- Configure a NAS server UNIX Directory Service
- Upload or view an LDAPS CA certificate for a NAS server
- Change NAS server UNIX credential settings
- Configuring user mappings for multiprotocol NAS servers
- Change NAS server user mappings
- Configure a file system for multiprotocol file sharing
- Configure shares
- Enable multiprotocol file sharing on an existing NAS server
- Configure distributed file system and widelinks
- Troubleshooting a multiprotocol configuration
Dell PowerStore Configuring Multiprotocol File Sharing
Granting access to unmapped users
Multiprotocol requires the following:
- A Windows user must be mapped to a UNIX user.
- A UNIX user must be mapped to a Windows user in order to build the Windows credential when the user is accessing a file system that has a Windows access policy.
Two properties are associated to the NAS server regarding unmapped users:
- The default UNIX user
- The default Windows user
When an unmapped Windows user attempts to connect to a multiprotocol file system and the default UNIX user account is configured for the NAS server, the user identifier (UID) and primary group identifier (GID) of the default UNIX user are used in the Windows credential. Similarly, when an unmapped UNIX user attempts to connect to a multiprotocol file system and the default Windows user account is configured for the NAS server, the Windows credential of the default Windows user is used.
NOTE: If the default UNIX user is not set in the UNIX Directory Services (UDS), SMB access is denied for unmapped users. If the default Windows user is not found in the Windows DC or the LGDB, NFS access on a file system that has a Windows access policy is denied for unmapped users.
NOTE: The default UNIX user can be a valid existing UNIX account name or follow the new format
@uid=xxxx,gid=yyyy@, where
xxxx and
yyyy are the decimal numerical values of the UID and the primary GID, respectively, and can be configured on the system using CLI.
Since the PowerStore file system is UNIX-based, all data that is written must be associated with a valid UID and primary GID. NFS users have a UID and primary GID natively available. However, SMB users must have a mapping that converts their native SID to a UID and primary GID. A reverse mapping from UID to SID is only required if Windows permissions are enforced (Windows access policy).
The automatic mapping feature enables the ability to automatically generate and assign a unique UID to Windows users that do not have a UID mapping. This feature enables access to the share for unmapped users, instead of denying access. Since each user has a unique UID, UID-based features such as user quotas can still properly track the consumption of each individual user.
Automatic mapping is enabled by default on SMB-only and multiprotocol NAS servers. If the feature is enabled, the ability to configure default accounts is disabled. Because the system automatically assigns each UID, use this feature only in environments where the UID of these users is not critical. In environments where administrators want to control UID assignments, disable the feature. If automatic mapping is disabled and there are no other mapping methods available for unmapped users, the unmapped users are denied access to the share.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\