Administrator Guide

ManualsBrandsDell ManualsCompellent (SCStorage SC5020F

391

392

393

394

395

396

397

398

399

400

when some special SIDs are used inside ACL (for example, creator-owner ACE), the mapping can be inaccurate. For some applications,

NFS clients must see the exact mapping or a mapping for more permissive access. Otherwise, the NFS applications might not perform

denied operations.

FluidFS versions 5 or later provide an option that causes all objects with SMB ACLs to be presented with UNIX Word 777 from NFS clients

(for display only). This option, which is disabled by default, can be configured under NAS Volume settings.

1. In the Storage view, select a FluidFS cluster.

2. Click the File System tab.

3. In the File System view, select a NAS volume.

4. Click Edit Settings.

5. In the Edit NAS Volume Settings panel, click Interoperability.

6. Select the Display ACL to UNIX 777 to NFS Clients Enabled checkbox.

NOTE: Actual data-access checks in FluidFS are still made against the original security ACLs.

This feature applies only to NAS volumes with Windows or mixed security style (for files with Windows ACLs).

Setting ACLs on an SMB Share

To set ACLs, use Windows Explorer procedures. When defining an ACL for a local user account, you must use this format:

client_vip_or_name\local_user_name

Setting SLPs on an SMB Share Using MMC

To set SLPs, use the Microsoft Management Console (MMC) with the Shared Folder snap-in to set permissions. Administrators can use a

predefined MMC file (.msc) from the Windows Server 2008/2012/2016 Start menu and add a Shared Folder snap-in to connect to the

FluidFS cluster.

About this task

The MMC does not let you chose which user to connect with a remote computer. By default, it forms the connection through the user

logged in to the machine. To connect through a different user:

• If the FluidFS cluster that you are trying to manage is joined to an Active Directory, log in to the management station with domain

\Administrator.

• Before using MMC, connect to the FluidFS cluster by using the client VIP address in the address bar of Windows Explorer. Log in with

the administrator account and then connect to MMC.

NOTE: You might need to reset the local administrator password first.

Steps

1. Click Start → Run.

2. Type mmc and click OK. The Console 1 - [Console Root] window opens.

3. Select File → Add/Remove Snap-in.

4. Select Shared Folders and click Add.

5. In the Shared Folders window, select Another computer and type the FluidFS cluster name (as configured in the DNS).

Alternatively, you can use a client VIP.

6. Click Finish. The new shares tree is displayed in the Console Root window.

7. Right-click the required SMB share and select Properties.

8. In the Share Properties window, click the Share Permission tab to set SLPs.

Displaying Security Audit Events

Storage Manager displays a centralized view of the security audit events generated in volumes where SACL events are configured.

Steps

1. In the Storage view, select a FluidFS cluster.

2. Click the File System tab and select Client Activity.

3. Click the SACL Auditing Events tab.

4. In the Events panel, select which security audit events that you want to display.

FluidFS Administration

395