Reference Guide

File systems access in a multiprotocol environment

File access is provided through NAS servers. A NAS server contains a set of file systems where data is stored. The NAS server

provides access to this data for NFS and SMB file protocols by sharing file systems through SMB shares and NFS shares. The

NAS server mode for multiprotocol sharing allows the sharing of the same data between SMB and NFS. Because the

multiprotocol sharing mode provides simultaneous SMB and NFS access to a file system, the mapping of Windows users to

UNIX users and defining the security rules to use (mode bits, ACL, and user credentials) must be considered and configured

properly for multiprotocol sharing.

NOTE: For information about configuring and managing NAS servers with regards to multiprotocol sharing, user mapping,

access policies, and user credentials, refer to the PowerStore Manager online help.

User mapping

In a multiprotocol context, a Windows user needs to be matched to a UNIX user. However, a UNIX user has to be mapped to a

Windows user only when the access policy is Windows. This matching is necessary so that file system security can be enforced,

even if it is not native to the protocol. The following components are involved in user mapping:

● UNIX Directory Services, local files, or both

● Windows resolvers

● Secure mapping (secmap) - a cache that contains all mappings between SIDs, and UID or GIDs used by a NAS server.

● ntxmap

NOTE: User mapping does not affect the users or groups that are local to the SMB server.

UNIX Directory Services and local files

UNIX Directory Services (UDSs) and local files are used to do the following:

● Return the corresponding UNIX account name for a particular user identifier (UID).

● Return the corresponding UID and primary group identifier (GID) for a particular UNIX account name.

The supported services are:

● LDAP

● NIS

● Local files

● None (the only possible mapping is through the default user)

There should be one UDS enabled or local files enabled, or both local files and a UDS enabled for the NAS server when

multiprotocol sharing is enabled. The Unix directory service property of the NAS server determines which is used for user

mapping.

Windows resolvers

Windows resolvers are used to do the following for user mapping:

● Return the corresponding Windows account name for a particular security identifier (SID)

● Return the corresponding SID for a particular Windows account name

The Windows resolvers are:

● The domain controller (DC) of the domain

● The local group database (LGDB) of the SMB server

secmap

The function of secmap is to store all SID-to-UID and primary GID and UID-to-SID mappings to ensure coherency across all file

systems of the NAS server.

Authentication and access