No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

File Access and Protocols Feature Guide 13

OceanStor 18500 V3 and 18800 V3 Mission Critical Storage System V300R003

This document describes the implementation principles and application scenarios of the NAS feature. Also, it explains how to configure and manage NAS.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring a Local Authentication User (Group)

Configuring a Local Authentication User (Group)

In a non-domain environment, you must configure a local authentication user (group). After the Homedir share service is enabled in the OceanStor 18500 V3/18800 V3, you can access Homedir shares as a local user.

(Optional) Creating a Local Authentication User Group

This section describes how to create a local authentication user group. Local authentication user groups can manage the local authentication users.

Context

A storage system has four local authentication user groups that are automatically created. The four local authentication user groups are reserved for the system and cannot be deleted.

  • default_group: default user group. When the group members access the shared file system in the storage systems, they must be authenticated to obtain their permissions.
  • Administrators: administrator group. When the group members access the shared file system in the storage system, they do not need to be authenticated by share level ACL and directory&file level NT ACL. They can operate any file in any share with administrator permissions.
  • AntivirusGroup: antivirus user group. The group members can use third-party antivirus software to scan for shared file systems. They have administrator permissions.
  • Backup Operators: backup user group. The group members can use third-party backup software to back up and recover shared file systems. They do not have administrator permissions.
NOTE:

Access Control List (ACL): a collection of permissions that are authorized to users or user groups to operate shared files. ACL permissions are classified into ACL permission storage and ACL permission authentication. After a user logs in to a share, the user determines the share permissions, reads the ACL permissions, and determines whether files can be read and written. For storage, each ACL permission is called Access Control Entry (ACE). After CIFS shares are mounted to a Windows client, the client sends NT ACLs to a server (storage system that provides CIFS shares).

Procedure

  1. Log in to DeviceManager.
  2. Choose Provisioning > User Authentication > Local Authentication User Group.
  3. Click Create.

    The Local Authentication User Group dialog box is displayed.

  4. In User Group Name, enter a new user group name.

    NOTE:
    • The user group name cannot contain the quotation mark ("), slash (/), backslash (\), square brackets ([]), less than sign (<), larger than sign (>), plus sign (+), colon (:), semicolon (;), comma (,), question mark (?), asterisk (*), vertical bar (|), equal sign (=), at sign (@) or end with a period (.). If the user group name start and end with spaces, the spaces are not displayed after the user group name is created.
    • The user group name can contain case-insensitive letters. Therefore, aa and AA cannot be created at the same time.
    • The user group name cannot be the same as the name of the local authentication user.
    • The user group name contains 1 to 32 characters.

  5. Optional: In Description, add the description of the user group.
  6. Click OK.
  7. In the Success dialog box that is displayed, click OK.

Creating a Local Authentication User

This section describes how to create a local user. For applications that use local authentication, local user accounts are used to access a share. You can add a local user to a user group and access a share as the user group.

Procedure

  1. Log in to DeviceManager.
  2. Choose Provisioning > User Authentication.
  3. Click Local Authentication User tab.
  4. Click Create.

    The Local Authentication User dialog box is displayed.

  5. In Username, enter a new user name.

    The user name:
    • Cannot contain space, double quotation mark ("), slash (/), backslash (\), square brackets ([]), less than (<), larger than (>), plus (+), colon (:), semicolon (;), comma (,), question mark (?), asterisk (*), vertical bar (|), equal mark (=), (@), or end with a period (.).
    • The user name can contain case-insensitive letters. Therefore, aaaaaaaa and AAAAAAAA cannot be created at the same time.
    • The user name cannot be the same as the name of the local authentication user group.
    • Contains 8 to 32 characters by default.
      NOTE:

      You can modify the minimum length of user name in More > Set Security Policies.

  6. In Password, enter the password of the user.

    The system default password requirements are:
    • Contain 8 to 16 characters.
    • Contain special characters. Special characters include: !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and space.
    • Contain any two types of the uppercase letters, lowercase letters, and digits.
    • Cannot contain three consecutive same characters.
    • Be different from the user name or the user name typed backwards.
    NOTE:

    Click More and choose Set Security Policies to set a security policy for the password of the local authentication user in the file system. If Password Validity Period (days) is not selected, your password will never expire. For the security purpose, you are advised to select Password Validity Period (days) and set a validity period. The default validity period is 90 days. After the password expires, you cannot access shares, but you can set a password again and modify the password security policy.

  7. In Confirm Password, enter the new password again.
  8. Select Primary Group.

    The Select Primary Group dialog box is displayed.

    NOTE:

    The primary group to which users belong controls the users' permission for CIFS shares. A user must and can only belong to one primary group.

  9. Select the user group to which the user belongs to and click OK.
  10. (Optional) Select Secondary Group.

    The Select Secondary Group dialog box is displayed.

    NOTE:
    The concepts of primary group and secondary group are for local authentication users and have no relationship with each other. A local authentication user must belong to a primary group but not to a secondary group.

  11. Click Add.

    The Select User Group dialog box is displayed.

  12. Select one or multiple groups which the user belongs to and click OK.

    The system goes back to Select Secondary Group dialog box.

  13. Click OK.

    The system goes back to Local Authentication User dialog box.

  14. Optional: In Description text box, enter the description for the local authentication user, for later management or search.
  15. Click OK.
  16. In the Success dialog box that is displayed, click OK.
Translation
Download
Updated: 2019-08-14

Document ID: EDOC1000084098

Views: 30731

Downloads: 72

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next