Manualshelf

6.3 HP StoreAll Storage Installation Guide (TA768-96085, April 2013)

ManualsBrandsHP ManualsStorageHP X9320 IB 96TB Network Storage System
81828384858687888990
After configuring automatic user mapping, register the Windows client, and start the service. See
“Registering Windows StoreAll clients and starting services (page 83).
Configuring static user mapping
This section describes how to configure static user mapping.
Configuring groups and users on the Active Directory server
You must configure an administrative user and group, a proxy user, the unknown Windows user,
and any other Windows client users.
Creating an administrative user and group
An administrative user in Active Directory must be mapped to Linux root (UID 0) in order to extend
root’s permissions on the file system to the Windows side. You can create a new user or modify
an existing user, but the user must be assigned the UID of 0 on its Properties > UNIX Attributes
tab.
Alternatively, you can create or modify an administrative group in Active Directory, with all members
having root privileges on StoreAll software files and folders. This group must be assigned the GID
of 0 on the group’s Properties > UNIX Attributes tab, and must be mapped to the root group on
Linux with GID 0. Note, however, that the Linux root group might have a lower level of permissions
than root itself (for example, it might not have write permission). If you use this method, ensure that
the permissions on the Linux root group are rwx before mapping.
Mapping a single user to UID 0 might be more secure than granting the same level of control over
all StoreAll software files to multiple users.
Creating a proxy user and delegate control folder
The proxy user queries the Active Directory server on behalf of the client to find mappings from
Linux UIDs/GIDs to Windows SSIDs. This user is required. It must be defined in the management
console using the ibrix_activedirectory command, and it must be created in Active Directory.
1. Log in to the Active Directory’s Main Catalog server and open the Active Directory Users and
Computer window.
2. Under the domain where the user will be created, right-click Users, select New, and then select
User.
3. On the Create New Object - User screen, add the user. Two fields are required: Full name
and User logon name. You can use a name such as StoreAll_proxy for both fields, but it can
be a name of your choice. The domain is automatically assigned. Click Next. Assign a
password and password policy. Click Next, and then click Finish.
4. Right-click the Users folder, select Delegate Control to open the delegation wizard, and then
click Next to open the Users or Groups window.
5. Click Add to open the Select Users, Computers, or Groups window. Add your new user
(IBRIX_proxy) in the Enter Object Names field. Click Next to open the Tasks to Delegate
window.
6. Select Create a Custom Task to Delegate.
7. Click Next to open the Active Directory Object Type window. Select Only the Following
Objects. Scroll to and select User Objects. Click Next to open the Permissions window.
8. Select Property-Specific. The property names vary by server version:
Windows Server 2003 SP2: Scroll to and select Read msSFU30GidNumber and Read
msSFU30UidNumber.
Windows Server 2003 R2 and later: Scroll to and select Read gidNumber and Read
uidNumber.
9. Click Next, and then click Finish.
82 Adding Linux and Windows StoreAll clients