Support For Windows Network Authentication - Overland Storage SnapServer Administrator's Manual

SnapServer 7.0 Administrator's Guide
For new shares, select Create Share and click the Advanced Share Properties button to access
the Hidden share option. For existing shares, select the share, click Properties, and click
Advanced Share Properties to access the Hidden share option.

Support for Windows Network Authentication

This section summarizes important facts regarding the GuardianOS implementation of
Windows network authentication.
Windows Networking Options
Windows environments operate in either workgroup mode, where each server contains a
list of local users it authenticates on its own, or Active Directory (ADS) domain mode, where
domain controllers centrally authenticate users for all domain members.
Option
Workgroup
Active Directory
(ADS)
Kerberos Authentication
Kerberos is a secure method for authenticating a request for a service in a network.
Kerberos lets a user request an encrypted "ticket" from an authentication process that can
then be used to request a service from a server. The user credentials are always encrypted
before they are transmitted over the network.
The SnapServer supports the Microsoft Windows implementation of Kerberos. In Windows
Active Directory (ADS), the domain controller is also the directory server, the Kerberos key
distribution center (KDC), and the origin of group policies that are applied to the domain.
NOTE: Kerberos requires the server's time to be closely synchronized to the domain controller's
Interoperability with Active Directory Authentication
The SnapServer supports the Microsoft Windows 2000/2003/2008 family of servers that run
in ADS mode. SnapServers can join Active Directory domains as member servers.
References to the SnapServer's shares can be added to organizational units (OU) as shared
folder objects.
NOTE: Windows 2000 domain controllers must run SP2 or later.
10400317-001 10/2011
Description
In a workgroup environment, users and groups are stored and
managed separately on each server in the workgroup.
When operating in a Windows Active Directory domain environment,
the SnapServer is a member of the domain and the domain
controller is the repository of all account information. Client
machines are also members of the domain and users log into the
domain through their Windows-based client machines. Windows or
Active Directory domains resolve user authentication and group
membership through the domain controller.
Once joined to a Windows Active Directory domain, the SnapServer
imports and then maintains a current list of the users and groups
on the domain. Thus, you must use the domain controller to make
modifications to user or group accounts. Changes you make on the
domain controller appear automatically on the SnapServer.
NOTE:
time. This means that (1) the server automatically synchronizes its time to the domain
controller's and (2) NTP cannot be enabled when joined to an ADS domain.
©2010-11 Overland Storage, Inc.
Windows 2000 domain controllers must run SP2 or later.
3 – Network Access
3-9