- Notes, cautions, and warnings
- Additional Resources
- Overview
- Deep dive: File system security and access in a multiprotocol environment
- Configure a NAS server for multiprotocol file sharing
- Configuring NAS servers for multiprotocol file sharing
- Create a NAS server for multiprotocol file sharing (SMB and NFS)
- Configure a NAS server UNIX Directory Service
- Upload or view an LDAPS CA certificate for a NAS server
- Change NAS server UNIX credential settings
- Configuring user mappings for multiprotocol NAS servers
- Change NAS server user mappings
- Configure a file system for multiprotocol file sharing
- Configure shares
- Enable multiprotocol file sharing on an existing NAS server
- Configure distributed file system and widelinks
- Troubleshooting a multiprotocol configuration
Dell PowerStore Configuring Multiprotocol File Sharing
Windows security model
The Windows security model is based primarily on object rights, which involve the use of a Security Descriptor (SD) and its ACL. When an SMB policy is selected, changes to the mode bits from the NFS protocol are ignored.
Access to a file system object is based on whether permissions have been set to Allow or Deny using an SD. The SD describes the owner of the object and group SIDs for the object along with its ACLs. An ACL is part of the security descriptor for each object. Each ACL contains access control entries (ACEs). Each ACE in turn contains a single SID that identifies a user, group, or system unit and a list of rights that are denied or allowed for that SID.
The Windows security model uses the SMB ACL for both protocols. When there is a request for NFS access, the Windows credential that is built from the DC/LGDB is used to check the ACL for permissions. When SMB ACL permissions are changed, NFSv3 UNIX mode bits or NFSv4 ACLs are updated. NFSv3 UNIX mode bits or NFSv4 ACL permission changes are denied.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\