Installation manual

Preparing for CIFS Authentication

Concepts and Terminology

3-2 CLI Storage-Management Guide

Concepts and Terminology

A namespace is an aggregated view of several back-end filers. Each namespace

operates under a single authentication domain, the same domain supported by all of

its back-end filers. This applies to both Windows and Unix domains.

A global server is an client-entry point to the services of the ARX. A global server

has a fully-qualified domain name (such as myserver.mycompany.com) where clients

can access namespace storage.

Adding a Proxy User

Before you configure a namespace with Windows NTLM or Kerberos, you must

configure a proxy user for the namespace. A proxy user is a single

username/password in a particular Windows domain. The ARX uses the proxy-user as

its identity while reading from CIFS shares (to import the share into a namespace) and

moving files between shares (for capacity balancing and other policies).

From gbl mode, use the

proxy-user command to create one proxy user:

proxy-user name

where name (1-32 characters) is a name you choose.

This puts you into gbl-proxy-user mode, where you set the Windows domain,

username, and password for the proxy user. When you later configure a namespace in

the same Windows domain, you can apply this proxy-user configuration to that

namespace. You can apply the same proxy user to multiple namespaces in the same

domain.

For example, the following command sequence creates a proxy user named

“acoProxy2:”

bstnA6k(gbl)# proxy-user acoProxy2

A proxy user must belong to the Backup Operator’s group, to ensure that it has sufficient

authority to move files freely from share to share.