No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Basic Storage Service Guide for File 15

OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, and 6800 V3 Storage System V300R003

"This document describes the basic storage services and explains how to configure and managebasic storage services."
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Managing Local Authentication Users

Managing Local Authentication Users

This section introduces how to manage local authentication Users that has been configured.

Deleting a Local Authentication User

After a local authentication user is deleted, it can no longer access a CIFS share. You can delete related Homedir share of a local authentication user when deleting the local authentication user.

Context

If the local user that you want to delete has been added to a local group, the local user is removed from the local group after the local user is deleted.

The change of the local authentication user or domain user (including the user is disabled or deleted, user password is changed or expires, and the owning group of the user is changed) that access a CIFS/FTP/NFS share takes effect after the user is authenticated again. You can mount the share again to trigger the authentication.

Procedure

  1. Log in to DeviceManager.
  2. Choose Provisioning > User Authentication.
  3. Select the local authentication user that you want to delete.
  4. Click Delete.

    The security alert dialog box is displayed.

  5. Confirm the information in the dialog box and select I have read and understand the consequences associated with performing this operation. Then click OK.

    The Execution Result dialog box is displayed.

  6. Click Close to finish deleting a local authentication user.

Deleting a Local Authentication User Group

After a local authentication user group is deleted, the user group cannot access a CIFS share any more, but users in the user group can access CIFS shared resources as authentication users.

Procedure

  1. Log in to DeviceManager.
  2. Choose Provisioning > User Authentication > Local Authentication User Group.
  3. Select the local authentication user group that you want to delete.
  4. Click Delete.

    The security alert dialog box is displayed.

  5. Confirm the information in the dialog box and select I have read and understand the consequences associated with performing this operation. Then click OK.

    The Success dialog box is displayed.

  6. Click OK to finish deleting a local authentication user group.

Locking a Local Authentication User

To prevent a local authentication user from accessing a share, lock the user. A locked local authentication user cannot access any share. You can enable the authentication user for the user to access shares.

Prerequisites

The local authentication user must be unlocked, therefore the Status of a local authentication user is Normal.

Procedure

  1. Log in to DeviceManager.
  2. Choose Provisioning > User Authentication.
  3. Select a local authentication user and choose More > Lock.

    The Execution Result dialog box is displayed.

  4. Check the execution result and click Close to finish locking a local authentication user.

    The Status of the user is Lock.

Enabling a Local Authentication User

A locked local authentication user cannot access any share. You can enable the authentication user for it to access shares.

Prerequisites

The local authentication user must be locked, therefore the Status of a local authentication user is Lock.

Context

A newly created local authentication user is enabled by default. The Status of this user is Normal.

Procedure

  1. Log in to DeviceManager.
  2. Choose Provisioning > User Authentication.
  3. Select a local authentication user and choose More > Enable.

    The Execution Result dialog box is displayed.

  4. Check the execution result and click Close to finish enabling a local authentication user.

    Status of the user is Normal.

Modifying the Properties of Local Authentication User

This operation enables you to change the password, modify the primary group and the description of a local authentication user.

Context

The change of the local authentication user or domain user (including the user is disabled or deleted, user password is changed or expires, and the owning group of the user is changed) that access a CIFS/FTP/NFS share takes effect after the user is authenticated again. You can mount the share again to trigger the authentication.

Procedure

  1. Log in to DeviceManager.
  2. Choose Provisioning > User Authentication.
  3. Select the local authentication user whose properties you want to change.
  4. Click Properties.

    The Local Authentication User Properties dialog box is displayed.



  5. Change the password of the local authentication user.
    1. Click Change password.
    2. In New Password, enter a new password.

      The system default password requirements are:
      • Contain 8 to 16 characters.
      • Contain special characters. Special characters include: !"#$%&'()*+,-./:;<=>?@[\]^`{_|}~ and space.
      • Contain any two types of the uppercase letters, lowercase letters, and digits.
      • Cannot contain three consecutive same characters.
      • Be different from the user name or the user name typed backwards.

      You can modify password security policy in Set Security Policies.

    3. In Confirm Password, enter the new password again.
  6. Modify the primary group.
    1. Click the Primary Group the local authentication user belongs to.

      The Select Primary Group dialog box is displayed.

    2. In the user group list, select a new user group and click OK.

      The system goes back to Local Authentication User Properties dialog box.

  7. Modify the description of the local authentication user.
    1. Enter the description of this local authentication user in Description.
  8. Click OK.

    The Success dialog box is displayed.

  9. Click OK to finish modifying the properties of the local authentication user.

Modifying the Secondary Group of a Local Authentication User

This operation enables you to modify the secondary group of a local authentication user.

Context

The change of the local authentication user or domain user (including the user is disabled or deleted, user password is changed or expires, and the owning group of the user is changed) that access a CIFS/FTP/NFS share takes effect after the user is authenticated again. You can mount the share again to trigger the authentication.

Procedure

  1. Log in to DeviceManager.
  2. Choose Provisioning > User Authentication.
  3. Select the local authentication user whose secondary group you want to change.
  4. Click More > Change Secondary Group.

    The Change Secondary Group dialog box is displayed.

  5. Change the secondary group of a local user.
    1. To add a new user group, click Add.

      The Select User Group dialog box is displayed.

    2. Select one user group or multiple user groups that you want to add and click OK.

      To remove a user group, select it and click Remove.

    3. Click OK.

      The Success dialog box is displayed indicating that the operation succeeded.

    4. Click OK to finish modifying the secondary group of a local authentication user.

Modifying the Properties of Local Authentication User Group

This operation enables you to modify the description of a local authentication user group.

Procedure

  1. Log in to DeviceManager.
  2. Choose Provisioning > User Authentication > Local Authentication User Group.
  3. Select the local user group you want to modify.
  4. Click Properties.

    The Local Authentication User Group Properties is displayed.

  5. Modify the description of local authentication user group.
    1. Enter new description of the local authentication user group in Description.
    2. Click OK.

      The Success dialog box is displayed.

  6. Click OK to finish modifying the description.

Adding/Removing a User from a Local Authentication User Group

This operation enables you to add/remove local authentication users, domain users or domain user groups from a local authentication user group.

Procedure

  1. Log in to DeviceManager.
  2. Choose Provisioning > User Authentication > Local Authentication User Group.
  3. Select the local authentication user group that you want to modify.
  4. Add a local authentication user for the local authentication user group.
    1. Click the Local Authentication User tab.
    2. Click Add.

      The Add User dialog box is displayed.

    3. Select the user or users that you want to add and click OK.

      The Execution Result dialog box is displayed.

    4. Click Close to finish adding a local authentication user to the local authentication user group.

      NOTE:

      If the primary group of the user to be added is the same as the user group to which the user is added, the primary group and secondary group of the user remain unchanged.

      If the primary group of the user to be added is different from the user group to which the user is added, the user group to which the user is added becomes the secondary group of the user.

  5. Remove a local authentication user from the local authentication user group.
    1. Click the Local Authentication User tab.
    2. Select the local authentication user that you want to remove.
    3. Click Remove.

      The security alert dialog box is displayed.

    4. Confirm the information in the dialog box and select I have read and understand the consequences associated with performing this operation. Then click OK.

      The Success dialog box is displayed.

    5. Click OK to finish removing a local authentication user from the local authentication user group.

      NOTE:

      The local authentication user cannot be removed from its primary group.

  6. Add a domain user for the local authentication user group.
    1. Click the Domain User tab.
    2. Click Add.

      The Add Domain User dialog box is displayed.

    3. In Name, enter the domain user name, and click Add.

      NOTE:
      The name format is domain name\domain user name.

    4. Click OK.

      The Execution Result dialog box is displayed.

    5. Click Close to add domain user to local authentication user group.
  7. Remove a domain user from the local authentication user group.
    1. Click the Domain User tab.
    2. Select the domain user that you want to remove.
    3. Click Remove.

      The security alert dialog box is displayed.

    4. Confirm the information in the dialog box and select I have read and understand the consequences associated with performing this operation. Then click OK.

      The Success dialog box is displayed.

    5. Click OK to remove a domain user from the local authentication user group.
  8. Add a domain user group for the local authentication user group.
    1. Click the Domain User Group tab.
    2. Click Add.

      The Add Domain User Group dialog box is displayed.

    3. In Name, enter the domain user group name, and click Add.

      NOTE:
      The name format is domain name\domain user group name.

    4. Click OK.

      The Execution Result dialog box is displayed.

    5. Click Close to add domain user group to local authentication user group.
  9. Remove a domain user group from the local authentication user group.
    1. Click the Domain User Group tab.
    2. Select the domain user group that you want to remove.
    3. Click Remove.

      The security alert dialog box is displayed.

    4. Confirm the information in the dialog box and select I have read and understand the consequences associated with performing this operation. Then click OK.

      The Success dialog box is displayed.

    5. Click OK to remove a domain user group from the local authentication user group.

Configuring Security Policy for Local Authentication User

Security policies include the password policy and login policy. Security policies are used to protect the system security.

Procedure

  1. Log in to DeviceManager.
  2. Choose Provisioning > User Authentication.
  3. Select More > Set Security Policies.

    The Set Security Policies dialog box is displayed.

  4. Select Username Policy tab to configure local authentication user name policy. Table 5-5 describes the related parameter.



    Table 5-5  Username Policy

    Parameter

    Description

    Value

    Min.Length

    Minimum length of the user name. This parameter prevents user name being too short.

    [Value range]

    Its value is an integer ranging from 1 to 31.

    [Default value]

    8

  5. Select Password Policy tab to configure password policy for local authentication user. Table 5-6 describes related parameters.



    Table 5-6  Password Policy

    Parameter

    Description

    Value

    Min. Length

    Minimum length of the user password. This parameter prevents password being too short.

    [Value range]

    Its value is an integer ranging from 8 to 32.

    [Default value]

    8

    Max. Length

    Maximum length of the user password. This parameter prevents password being lengthy.

    [Value range]

    Its value is an integer ranging from 8 to 32.

    [Default value]

    16

    Complexity

    Complexity of the user password. This parameter prevents password being too simple. The complexity types include:
    • Must contain special characters and any two types of uppercase letters, lowercase letters and digits
    • Must contain special characters, uppercase letters, lowercase letters and digits

    [Default value]

    Contains special characters and any two types of uppercase letters, lowercase letters and digits.

    Number of Duplicate Characters

    Maximum number of consecutive duplicate characters.

    [Value range]

    Its value is Unlimited or an integer ranging from 1 to 9.

    [Default value]

    3

    Password Validity Period (days)

    Setting of the password's validity period. You are advised to enable Password Validity Period (days).

    After Password Validity Period (days) is enabled, you need to set the password validity days. After the validity period of a password expires, the system prompts you to change the password in a timely manner.

    NOTE:

    If this parameter is not selected, the password will never expire. To ensure storage system security, you are advised to select and set this parameter.

    [Value range]

    Its value is an integer ranging from 1 to 999.

    [Default value]

    180

    Password Change Interval (minutes)

    Change interval of a password.

    [Value range]

    Its value is an integer ranging from 1 to 9999.

    [Default value]

    5

  6. Select Login Policy tab to configure password policy for local authentication user. Table 5-7 describe related parameters.



    Table 5-7  Login Policy

    Parameter

    Description

    Value

    Number of Incorrect Passwords

    Times allowed for consecutively entering incorrect passwords. Within one minute, when incorrect passwords are input exceeds the Number of Incorrect Passwords times, the user account is automatically locked. The user account will be automatically unlocked after being locked for 1 minute.

    [Value range]

    Its value is an integer ranging from 1 to 9.

    [Default value]

    5

    Idle Period (Days)

    A local authentication user account will be locked if it is not used for login and the idle period exceeds the specified days.

    [Value range]

    Its value is an integer ranging from 1 to 999.

    [Default value]

    60

  7. Click OK.

    The Success dialog box is displayed.

  8. Click OK to finish configuring security policies.
Translation
Download
Updated: 2019-02-01

Document ID: EDOC1000084198

Views: 39586

Downloads: 827

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next