Installation manual

ManualsBrandsAcopia Networks ManualsHome building and Decor810-0044-00

141

142

143

144

145

146

147

148

149

150

Configuring a Namespace

Configuring Windows Authentication (CIFS)

7-20 CLI Storage-Management Guide

Selecting a SAM-Reference Filer

CIFS clients, given sufficient permissions, can change the users and/or groups who

have access to a given file. For example, the owner of the “penicillin.xls” file can

possibly add “nurses” or “doctors” to the list of groups with write permission. The list

of groups in the network is traditionally provided by the Security Account

Management (SAM) database on the file’s server. The ARX does not provide an

internal SAM database; the namespace proxies all SAM queries to one of its CIFS

filers, chosen at random.

The filer used for SAM queries must contain a super set of all groups in all volumes,

or some of the groups will be missing from the list. If any volume has filers that

support Local Groups (as opposed to groups defined at the DC), you must configure

one filer with all groups. If none of the filers use local groups, you can skip to the next

section; the namespace can choose any of the filers as its SAM reference.

Use the gbl-ns

sam-reference command to identify the pre-configured filer:

sam-reference filer

where filer (1-64 characters) is the external filer’s name, as displayed in

show

external-filer

(see “Listing External Filers” on page 6-6).

For example, the following command sequence uses the “fs2” filer as a SAM

reference for all volumes in the medarcv namespace:

bstnA6k(gbl)# show external-filer

Name IP Address Description

------------------------ ------------- ----------------------------

das1 192.168.25.19 financial data (LINUX filer, rack 14)

fs2 192.168.25.27 bulk storage server (DAS, Table 3)

fs1 192.168.25.20 misc patient records (DAS, Table 3)

nasE1 192.168.25.51 NAS filer E1

According to the CIFS protocol, a CIFS-client application sends all of its SAM queries

through a special pseudo share, IPC$. Each CIFS namespace therefore has a separate

pseudo volume that it shares as IPC$. Since the queries come to this volume instead of

the file’s volume, the namespace software does not know the file’s volume. Therefore,

the namespace cannot intelligently choose an appropriate back-end filer as its SAM

reference.