Permissions And Access Rights On Share Resources; Nfs Cluster-Specific Issues - HP ProLiant DL380 G5 Administration Manual

A virtual server is a resource group consisting of an IP Address resource and a Network Name
resource. Ownership of these virtual servers should be assigned to the different server nodes. In
addition to providing load balancing capabilities, the virtual server allows for the transition of
group resources in failover situations.
2. Create a virtual server group for each node in the cluster.
Cluster resource groups are used to balance the processing load on the servers. Distribute ownership
of the groups between the virtual servers.
3. For NFS environments, configure the NFS server.
NFS specific procedures include entering audit and file lock information as well as setting up client
groups and user name mappings. These procedures are not unique to a clustered deployment and
are detailed in the Microsoft Services for NFS section within the "Other network file and print services"
chapter. Changes to NFS setup information are automatically replicated to all nodes in a cluster.
4. Create the file share resources.
In a clustered environment, file shares are created as a type of cluster resource. Creating cluster
resources and file shares is documented later in this chapter.
5.
Assign ownership of the file share resources to the resource groups.
a.
Divide ownership of the file share resource between the resource groups, which are in turn
distributed between the virtual servers, for effective load balancing.
b. Verify that the physical disk resource for this file share is also included in this group.
c. Verify that the resources are dependent on the virtual servers and physical disk resources
from which the file share was created.

Permissions and access rights on share resources

File Share and NFS Share permissions must be managed using the Cluster Administrator tool versus the
individual shares on the file system themselves via Windows Explorer. Administering them through
the Cluster Administrator tool allows the permissions to migrate from one node to other. In addition,
permissions established using Explorer are lost after the share is failed or taken offline.
NFS cluster-specific issues
For convenience, all suggestions are listed below:
• Back up user and group mappings.
To avoid loss of complex advanced mappings in the case of a system failure, back up the
mappings whenever the mappings have been edited or new mappings have been added.
• Map consistently.
Groups that are mapped to each other should contain the same users and the members of the
groups should be properly mapped to each other to ensure proper file access.
• Map properly.
• Valid UNIX users should be mapped to valid Windows users.
• Valid UNIX groups should be mapped to valid Windows groups.
• Mapped Windows user must have the "Access this computer from the Network privilege"
or the mapping will be squashed.
• The mapped Windows user must have an active password, or the mapping will be squashed.
• In a clustered deployment, create user name mappings using domain user accounts.
Because the security identifiers of local accounts are recognized only by the local server, other
nodes in the cluster will not be able to resolve those accounts during a failover. Do not create
mappings using local user and group accounts.
• In a clustered deployment, administer user name mapping on a computer that belongs to a
trusted domain.
134
Cluster administration