Local User Authentication - Fujitsu ETERNUS DX S5 Series Design Manual

4. NAS Functions
User Management

Local User Authentication

Local user authentication is a function that manages local users/groups who can access the shared folder
without using the authentication server and can enable CIFS access on a per created local user/local group basis.
Specify the access permission of the shared folder when the shared folder is created. Authentication server and
local user authentication cannot be used simultaneously.
Caution
During the configuration phase
• When a shared folder is created using CIFS/NFS and the same access privilege is used between CIFS and
NFS, the username, user ID, group name, and group ID of the client that performs an NFS access must
match the username, user ID, group name, and group ID that are created on the ETERNUS DX.
• If the server SID is not set during a NAS server configuration, "S-1-5-21-0-0-0" (fixed value) is set.
Local user/local group management (such as creating, changing, and modifying) can be performed from
ETERNUS Web GUI or ETERNUS CLI. For local users/local groups, up to 100 can be created for each. However,
three local groups are used for the BUILTIN groups.
Local users can belong to one primary group and multiple secondary groups. Only the local user who created the
files or directories and local users in the same group can access these files or directories.
Registered local users can be used for the following functions.
Shared folder owner/group
•
CIFS access permission settings for shared folders
•
• Quota settings on a per local user/local group basis
Home directories
•
Account authentication for FTP connections
•
●
Primary Group
Primary group is the group that is set for the directories and files that were created by the local user. A local
user must belong to one of the primary groups.
●
Secondary Group
Secondary group is the subgroup for accessing directories and files that were created by the other users.
Local users can belong to multiple secondary groups (up to 16 groups) in addition to the primary group.
Local users who do not belong to any secondary groups can be created.
Caution
During the operation phase
• When operations are migrated from the authentication server to local user authentication, deleting
the local user/local group settings and reconfiguring the user on the authentication server side are
required.
• BUILTIN groups can be used only for secondary groups.
• BUILTIN groups cannot be deleted. Even if BUILTIN groups exist, authentication server settings can
be performed.
For local user authentication, the following can be created as a user/group with a fixed user ID and group ID.
• Fixed user
shareuser$ (the user ID is fixed to "450" and other values cannot be specified)
Fixed group
•
shareuser$ (the group ID is fixed to "450" and other values cannot be specified)
179 Design Guide