No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

File Access and Protocols Feature Guide 13

OceanStor 18500 V3 and 18800 V3 Mission Critical Storage System V300R003

This document describes the implementation principles and application scenarios of the NAS feature. Also, it explains how to configure and manage NAS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Accessing a CIFS File Across Protocols

Accessing a CIFS File Across Protocols

This section describes how an NFS client accesses CIFS files and directories for which the NT ACL permission has been configured.

Prerequisites

  • The user of the Linux client has the same UID and GID as the local authentication user.

    You can query the local authentication user ID and ID of its owning primary group on the DeviceManager. On the Linux client, you can run the groupadd -g GID user group name command to create a user group, and then run the useradd -u UID user name command to create a user.

  • If the NFS client uses NFSv4, enable the NFSv4 service in the storage system and enter the domain name based on the specific environment:
    • In non-domain or LDAP environment, enter the default domain name localdomain.
    • In an NIS environment, the entered information must be consistent with domain in the /etc/idmapd.conf file on the Linux client that accesses shares. It is recommended that both the two be the domain name of the NIS domain.
  • Before you use an AD domain user to configure user mapping rules, the storage system has been added to the AD domain.

Context

Before users can use an NFS client to access shared files and folders for which the NT ACL has been configured, the administrator needs to follow the process as shown in Figure 4-1 to configure related parameters.

Figure 4-1  Flowchart of configuring cross-protocol access of a CIFS file

Table 4-4 provides an example of data planning during the configuration.

Table 4-4  Example of data planning

Item

Planned Value

Description

File system

Name: share_dir

-

Local authentication user

local_user1

In this example, the default user group default_group is selected as the primary group.

NFS client user

linux_user1

The user must have the same UID and GID as the local authentication user.

NFS share

  • Type of the client: Host
  • Name or IP address: 10.68.0.10
  • Permission: Read-write
  • Advanced: The default settings are used.

In this example, the Read-write permission for the NFS share is added to the client. In Advanced, default settings are used.

CIFS share

  • Share Name: share_dir_cifs
  • Oplock: Enable
  • Notify: Enable
  • User/User Group: local authentication user local_user1
  • Permission Level: Full control

In this example, the Full control permission for the CIFS share is added to local authentication user local_user1.

Mapping Mode

Local system user mappings are supported preferentially.

-

User mapping rule

  • Mapping Type: Unix to Windows
  • Source User: linux_user1
  • Target User: local_user1
  • Priority: 10

In this example, a Unix to Windows mapping rule is created. The source user is local authentication user linux_user1, whereas the target user is local authentication user local_user1. The priority of the mapping rule is set to 10.

Procedure

  1. Log in to DeviceManager.
  2. Create a file system.
    1. Select Provisioning > File System.
    2. Create a file system named share_dir as planned.
  3. Create a local authentication user and record its ID and the ID of its owning primary group.
    1. Select Provisioning > User Authentication > Local Authentication User.
    2. Click Create and create local authentication user local_user1 as planned.
    3. Select local_user1 and click Properties. Then record the user ID.

      Figure 4-2  Recording the ID of the local authentication user

    4. Click the Local Authentication User Group tab, select default_group, and click Properties to record the ID of the owning primary group of the local authentication user.

      Figure 4-3  Recording the ID of the owning primary group of the local authentication user

  4. Create an NFS share and a CIFS share for the same file system.
    1. Select Provisioning > Share.
    2. Create an NFS share and a CIFS share for the same file system based on parameters as planned.
  5. Configure user mapping parameters.
    1. Select Provisioning > User Authentication > User Mapping.
    2. Click Set Mapping Parameters and set Mapping Mode to Local system user mappings are supported preferentially.

      Figure 4-4  Configuring user mapping parameters

  6. Configure user mapping rules.
    1. Select Provisioning > User Authentication > User Mapping.
    2. Click Create and configure user mapping rules as planned.

      Figure 4-5  Configuring user mapping rules

  7. Use a Windows client to access shared directory share_dir and set permissions of files under the shared directory.
    1. Use a Windows client to access a CIFS share.
    2. Under the shared directory, create folder subdir1 and file file1.
    3. Add one ACE to subdir1 and file1.

      Right-click the file or folder and choose properties from the shortcut menu that is displayed. In the properties dialog box that is displayed, click the Security tab and add the write permission ACE to user local_user1.



  8. Use an NFS client to mount the share and access the share as local user linux_user1.
    1. Use an NFS client to mount the NFS share.
    2. Run the groupadd -g 100000 linux_group command to create a user group that has the same d GID as the local authentication user group.
    3. Run the useradd -u 100001 -g 10000 linux_user1 command to create a user that has the same UID and GID as the local authentication user.

      NOTE:

      The UID and GID in the command are used as an example only. They vary with site conditions.

    4. Run the su - linux_user1 command to switch users.
    5. Write data to folder subdir1.

      If the data is written to the folder successfully, the Linux client has a write permission for the folder.

Translation
Download
Updated: 2019-08-14

Document ID: EDOC1000084098

Views: 32802

Downloads: 72

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next