1. Manuals
  2. Brands
  3. EMC Manuals
  4. Storage
  5. EMC Unity Family
  6. Security configuration manual

Access Policies For Nfs, Smb, And Ftp - EMC Unity Family Security Configuration Manual

Hide thumbs
Table of Contents

Advertisement

Access policies for NFS, SMB, and FTP

Windows resolvers
l
Secmap
l
NTXMAP
l
UNIX Directory Services
UNIX Directory Services (UDSs) are used to determine the following for user
mapping:
Given a user identidier (UID), return the corresponding UNIX account name.
l
Given a UNIX account name, return the corresponding UID and primary group
l
identifier (GID).
The supported services are:
LDAP
l
NIS
l
There is at most one UDS active at a time for each NAS server. One UDS must be
enabled when multiprotocol sharing is enabled. The UDS to use is determined by the
unix-directory-service property of the NAS server.
Windows resolvers
Windows resolvers are used to determine the following for user mapping:
Given a security identifier (SID) return the corresponding Windows account name
l
Given a Windows account name, return the corresponding SID
l
The Windows resolvers are:
The domain controller (DC) of the domain
l
The local group database (LGDB) of the SMB server
l
Secmap
The function of Secmap is to store all SID-to-UID/primary GID and UID-to-SID
mappings to ensure coherency across all file systems of the NAS server.
NTXMAP
NTXMAP is used to associate a Windows account to a UNIX account when the name
is different. For example, if there is a user who has an account called Gerald on
Windows but the account on UNIX is called Gerry, NTXMAP is used to make the
correlation between the two.
In a multiprotocol environment, the storage system uses file system access policies to
manage user access control of its file systems. There are two kinds of security, UNIX
and Windows.
For UNIX security authentication, the credential is built from the UNIX Directory
Services (UDS). User rights are determined from the mode bits. The user and group
identifiers (UID and GID, respectively) are used for identification. There are no
privileges associated with UNIX security.
For Windows security authentication, the credential is built from the Windows Domain
Controller (DC) and Local Group Database (LGDB) of the SMB server. User rights are
determined from the SMB ACLs. The security identifier (SID) is used for identification.
There are privileges associated with Windows security, such as TakeOwnership,
Backup, and Restore, that are granted by the LGDB of the SMB server.
There are three access policies that define what security is used by which protocols:
Access policies for NFS, SMB, and FTP
Access Control
23
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the EMC Unity Family and is the answer not in the manual?

Questions and answers

Related Manuals for EMC EMC Unity Family

Related Products for EMC EMC Unity Family

This manual is also suitable for:

Emc unityvsaEmc unity all flashEmc unityhybrid

Table of Contents

Save PDF