Dell PowerStore Configuring Multiprotocol File Sharing

In a multiprotocol environment, the storage system uses file system access policies to manage user access control of its file systems. There are two kinds of security, UNIX and Windows.

For UNIX security authentication, the credential is built from the UNIX Directory Services (UDS) except for nonsecure NFS access, where the credentials are provided by the host client. User rights are determined from the mode bits and NFSv4 ACL. The user and group identifiers (UID and GID, respectively) are used for identification. There are no privileges that are associated with UNIX security.

For Windows security authentication, the credentials are built from the Windows domain controller (DC) and Local Group Database (LGDB) of the SMB server. User rights are determined from the SMB ACLs. The Security Identifier (SID) is used for identification. Privileges that are associated with Windows security, such as TakeOwnership, Backup, and Restore, are granted by the LGDB or group policy object (GPO) of the SMB server.

The following table describes the access policies that define what security is used by which protocols:

For FTP, authentication with Windows or UNIX depends on the username format that is used when authenticating to the NAS server. If Windows authentication is used, FTP access control is similar to that for SMB; otherwise, authentication is similar to authentication for NFS. FTP and SFTP clients are authenticated when they connect to the NAS server. It could be an SMB authentication (when the format of the username is domain\user or user@domain) or a UNIX authentication (for the other formats of a single username). The Windows DC of the domain that is defined in the NAS server ensures the SMB authentication. The NAS server ensures the UNIX authentication according to the encrypted password stored in either a remote LDAP server, a remote NIS server, or in the local passwd file of the NAS server.