Administrator Guide
11 Click OK.
Delete a Local Group
Delete a local group if it is no longer used.
Prerequisite
Before a local group can be deleted, you must remove its members.
Steps
1 In the Storage view, select a FluidFS cluster.
2 Click the File System tab.
3 In the File System view, select Client Accessibility.
4 Click the Local Users and Groups tab.
5 Select a group and click Delete. The Delete dialog box opens.
6 Click OK.
Managing Active Directory
In environments that use Active Directory (AD), you can congure the FluidFS cluster to join the Active Directory domain and authenticate
Windows clients using Active Directory for access to SMB shares. The FluidFS cluster supports mixed mode and native mode Active
Directory congurations.
Enable Active Directory Authentication
Join the FluidFS cluster to an Active Directory domain to allow it to communicate with the directory service. By default, the FluidFS cluster
uses the domain controller returned by Active Directory. Alternatively, you can designate a domain controller if you want to ensure that the
FluidFS cluster uses a specic domain controller. Adding multiple domain controllers ensures continued authentication of users in the event
of a domain
controller failure. If the FluidFS cluster cannot establish contact with the preferred server, it will attempt to connect to the
remaining servers in order.
Prerequisites
NAS administrators can join the FluidFS cluster to any organizational units inside an Active Directory domain.
• An Active Directory directory service must be deployed in your environment.
• The FluidFS cluster must have network connectivity to the directory service.
• You must be familiar with the Active Directory conguration.
• The FluidFS cluster requires credentials from an Active Directory account for the join operation. The join operation is the only time these
credentials are required. They are not stored or cached by the FluidFS cluster.
Use one of the following options for the account used to join the FluidFS cluster to the domain:
– Use a Domain Admin account (preferred method).
– Use an account that has been delegated the "join a computer to the domain" privilege, as well as being delegated full control over all
computer objects in the domain.
– If both of the previous options are unavailable, the minimum requirements for an account are as follows:
◦ An Organizational Unit (OU) admin that has been delegated the "join a computer to the domain" privilege, as well as being
delegated full control over objects within that OU, including computer objects.
◦ Before joining the FluidFS cluster to the domain, a computer object must be created by the OU admin for the FluidFS cluster;
privileges to administer are provided in the OU. The FluidFS cluster computer object name, and the NetBIOS name used when
joining it, must match. When creating the FluidFS cluster computer object, in the User or Group eld under permissions to join it
to the domain, select the OU admin account. Then, the FluidFS cluster can be joined using the OU admin credentials.
• FluidFS clusters need read access for the tokenGroups attribute for all users. The default conguration of Active Directory for all
domain computers is to allow read access to the tokenGroups attribute. If the permission is not given, Active Directory domain users
that are in nested groups or OUs encounter Access Denied errors, and users that are not in nested OUs or groups are permitted
access.
394
FluidFS Administration