Guidelines For Local Authentication - Overland Storage SnapServer Administrator's Manual

SnapServer/GuardianOS 7.5 Administrator's Guide
Administrators may choose to join the SnapServer to a Windows Active Directory domain, and
CIFS/SMB and AFP clients can then authenticate to the server using their domain
credentials. To accommodate NFS clients, the SnapServer can also join an LDAP or NIS
domain, and the SnapServer can look up user IDs (UIDs) and group IDs (GIDs) maintained by
the domain for configuration of quotas and ID mapping. For authentication control beyond the
guest account, Mac and FTP client login credentials can be created locally on the server. See
User and Group ID Assignments
SnapServer default security configuration provides one share to the entire volume. All
network protocols for the share are enabled, and all users are granted read-write permission
to the share via the guest account. By default, the
for HTTP, AFP, and FTP.
Network clients can initially access the server using the guest account, but if you require a
higher degree of control over individual access to the filesystem for these clients, you must
create local accounts (or use Windows Active Directory security for CIFS/SMB and AFP
clients).
Local users or groups are created using the Security > Local Users and Security > Local Groups
pages in the Web Management Interface. Local users are also used for administrative access
to the server through the server's Web Management Interface, SnapServer Manager, or SSH.
A local user or group is one that is defined locally on the SnapServer using the Web
Management Interface. The default users and groups listed below cannot be modified or
deleted.
• admin – The local user admin account is used to log into the Web Management
Interface. The default password for the admin account is also admin.
• guest – The local user guest account requires no password.
• admingrp – The Admin group account includes the default admin user account. Any
local user accounts created with admin rights are also automatically added to this
group.

Guidelines for Local Authentication

These password authentication guidelines are for both users and groups.
Duplicating Client Login Credentials for Local Users and Groups. To simplify user access for
Windows Workgroup or Mac clients, duplicate their local client log on credentials on the
SnapServer by creating local accounts on the SnapServer that match those used to log on to
client workstations. This strategy allows users to bypass the login procedure when accessing
the SnapServer.
CAUTION:
if joined to an Active Directory domain.
Default Local Users and Groups . Default users admin and guest appear in the list of users on
the Local Users page, and the default group admingrp appears in the list of groups on the
Local Groups
password can be changed).
Changing Local UIDs or GIDs. The SnapServer automatically assigns and manages UIDs and
GIDs. Because you may need to assign a specific ID to a local user or group in order to match
your existing UID/GID assignments, the SnapServer makes these fields editable.
Password Policies. To provide additional authentication security, set password character
requirements, password expiration dates, and lockout rules for local users.
10400541-001
on page
This strategy applies only to local users. Do not use duplicate domain user credentials
page. However, they cannot be deleted or modified (although the admin
©2008-14 Overland Storage, Inc.
140.
user is disabled in SMB but enabled
guest
7 - Security Options
139
