• Enable multiprotocol file sharing on an existing NAS server

    PDF

    Enable multiprotocol file sharing on an existing NAS server

    Enable multiprotocol file sharing on an existing NFS-enabled NAS server

    Before you begin

    When you enable multiprotocol file sharing on an existing NAS server, you must join the NAS server to the Active Directory (AD). This requires that an NTP server is configured for the storage system and a DNS server is configured for the NAS server.

    The following considerations apply to enabling multiprotocol file sharing on an existing NFS-enabled NAS server:
    • You cannot disable multiprotocol file sharing for a NAS server once a file system is created on that NAS server.
    • When you configure multiprotocol, existing NFS file systems are converted to multiprotocol file systems that have a Unix access policy. With this policy, UNIX security is used for both NFS and SMB access to the files. This type of security uses a UNIX credential for all protocols and enforcesmode bits and NFSv4 ACL for all protocols. You can change this access policy if desired.
    Procedure
    1. Under Storage, select File > NAS Servers.
    2. Select the relevant NAS server, and then click the Edit icon.
    3. On the Naming Services tab, configure one of the following directory services if there is no Unix Directory Service (UDS) already configured for the NAS server or if local files are not configured:
      • NIS
      • LDAP
      • Local files
      • Local files and NIS or LDAP
      If you configure local files with NIS or LDAP, the system queries the local files first. You can configure LDAP to use anonymous, simple, and Kerberos authentication. You can also configure LDAP with SSL (LDAP Secure) and can enforce the use of a Certificate Authority certificate for authentication.
    4. On the Sharing Protocols tab:
      • Select the SMB sub-tab, and select Enable Windows shares (SMB, CIFS Server).
      • Join the NAS server's SMB server to the Active Directory (AD) domain.
      • Optionally specify the NetBIOS name and organizational unit. The NetBIOS name defaults to the first 15 characters of the SMB server name. The organizational unit defaults to OU=Computers,OU=EMC NAS servers.
      • Select the Multiprotocol sub-tab, and select Multiprotocol.
      • Optionally, specify default Windows and Unix accounts for unmapped users. You can also use ntxmap to map Windows and Unix users, run user mapping diagnostics, and have the storage system automatically update user mappings on all file systems.

    Enable multiprotocol file sharing on an existing SMB-enabled NAS server

    Before you begin

    You can enable multiprotocol file sharing on an existing SMB-enabled NAS server only if the NAS server is joined to the AD.

    The following considerations apply to enabling multiprotocol file sharing on an existing SMB-enabled NAS server:
    • You cannot disable multiprotocol file sharing for a NAS server once a file system is created on that NAS server.
    • When you configure multiprotocol, existing SMB file systems are converted to multiprotocol file systems that have a Windows access policy. With this policy, Windows security is used for both NFS and SMB access to the files. This policy uses a Windows credential for all protocols and enforces only the SMB ACL for all protocols. Also, the system automatically updates the ownership of all files with Unix UID information. This can take time, but data remains accessible during this process. You can change this access policy if desired.
    • Enabling multiprotocol file sharing on an existing SMB-enabled NAS server removes existing mappings and removes access for any user that is not correctly mapped through the mapping sources. Clients with incorrect mappings will receive an Access denied message until the mapping configuration is correct.

      To prevent this situation, run the user mapping reports as described in Step 4 in the following procedure.

    Procedure
    1. Under Storage, select File > NAS Servers.
    2. Select the relevant NAS server, and then click Edit.
    3. On the Naming Services tab, configure one of the following directory services if there is no Unix Directory Service (UDS) already configured for the NAS server:
      • Local files
      • NIS
      • LDAP
      • Local files and NIS or LDAP
      If you configure local files with NIS or LDAP , the system queries the local files first. You can configure LDAP to use anonymous, simple, and Kerberos authentication. You can also configure LDAP with SSL (LDAP Secure) and can enforce the use of a Certificate Authority certificate for authentication.
    4. On the Sharing Protocols tab, optionally generate and view a user mapping diagnostics report to ensure that the user mappings are as desired. The system will automatically create the user mappings shown in the report when you complete the steps for configuring multiprotocol file sharing.
      • On the Multiprotocol sub-tab, select Show mapping diagnostics, and then select Run user mapping diagnostics.
      • When the report is generated, select Retrieve Mapping Diagnostic Report.
      • View the user mappings and fix them if needed by creating a corresponding UID/GID in LDAP, NIS, or local files, depending on your Unix Directory Service selection. Then select the Update user mapping on all file systems check box and run, retrieve, and examine the user mapping diagnostic report again.
    5. On the Sharing Protocols tab, select the NFS sub-tab, and select Enable Linux/Unix shares (NFS Server)
    6. Optionally enable support for Virtual Volumes (VVols) and NFSv4. By default, the NAS server supports only NFSv3 when NFS is enabled. To enable NFSv4 as well as NFSv3, select NFSv4 enabled.
    7. Optionally click Show advanced to configure secure NFS, enable extended Unix credentials, and enable credential cache retention. When you enable secure NFS for a NAS server that supports multiprotocol file sharing, you can choose to authenticate using the Windows realm configured on the NAS server or a custom realm.
    8. Select the Multiprotocol sub-tab, and select Multiprotocol.
    9. Optionally, specify default Windows and Unix accounts for unmapped users. You can also work with user mapping files, run user mapping diagnostics, and have the storage system automatically update user mappings on all file systems.