Installation manual
Preparing for CIFS Authentication
Adding an Active-Directory Forest (Kerberos)
CLI Storage-Management Guide 3-13
To prepare for dynamic DNS, you identify the dynamic-DNS servers in this forest.
Later chapters explain how to configure a front-end CIFS service to use these
dynamic-DNS servers. To identify one dynamic-DNS server, called a name server,
use the
name-server command in gbl-forest mode:
name-server domain-name ip-address
where
domain-name (1-255 characters) identifies the AD domain, and
ip-address is the IP address of the domain’s name server. This might be the
same IP as for the domain’s DC; dynamic DNS often runs on the same DC
that supports the domain.
You can enter this command multiple times, once for each name server. If you enter
multiple name servers for a given AD domain, a CIFS service in this domain will
attempt to register with each of them in turn until it succeeds. It stops registering on
the first success.
For example, this command sequence identifies three dynamic-DNS servers for the
‘MEDARCH.ORG’ domain. The first, 192.168.25.102, is also the DC for the forest
root:
bstnA6k(gbl)# active-directory-forest medarcv
bstnA6k(gbl-forest[medarcv])# name-server MEDARCH.ORG 192.168.25.102
bstnA6k(gbl-forest[medarcv])# name-server MEDARCH.ORG 192.168.25.103
bstnA6k(gbl-forest[medarcv])# name-server MEDARCH.ORG 192.168.25.104
bstnA6k(gbl-forest[medarcv])# . . .
Removing a Name Server
If you remove the only name server for an Active-Directory domain, any changes to
front-end CIFS services in that domain will require manual updates to DNS. That is,
if a CIFS service is added to or removed from the ARX, an administrator must add or
remove the corresponding “A” record from the external DNS server. As long as at
least one name server is assigned to the domain, this maintenance penalty is not
necessary. The DNS database must be correct for the CIFS service or Windows clients
cannot authenticate with Kerberos.