Configuring local users and groups authentication – HP StoreAll Storage User Manual

This command automatically enables LDAP RFC 2307 ID Mapping. The options are:

The LDAP server host (server name or IP address).

-h LDAPSERVERHOST

The LDAP base for searches (for example, ou=people,cd=enx,dc=net).

-B LDAPBASEOFSEARCH

The LDAP server port (TCP port 389).

-P LDAPSERVERPORT

The LDAP bind Distinguished Name (the default is anonymous). For example:
cn=hp9000-readonly-user,dc=entx,dc=net

.

-b LDAPBINDDN

The LDAP bind password.

-p LDAPBINDDNPASSWORD

The maximum amount of time to allow the search to run.

-m MAXWAITTIME

The maximum number of entries (the default is 10).

-M MAXENTRIES

Case sensitivity for name searches (the default is false, or case-insensitive).

-n

Search the LDAP scope base (search the base level entry only).

-s

LDAP scope one (search all entries in the first level below the base entry, excluding
the base entry).

-o

LDAP scope sub (search the base-level entries and all entries below the base level).

-u

Display information for LDAP ID mapping:

ibrix_ldapidmapping -i

Enable an existing LDAP ID mapping:

ibrix_ldapidmapping -e -h LDAPSERVERHOST

Disable an existing LDAP ID mapping:

ibrix_ldapidmapping -d -h LDAPSERVERHOST

Configuring Local Users and Groups authentication

Use ibrix_auth to configure Local Users authentication. Use ibrix_localusers and
ibrix_localgroups

to manage user and group accounts.

Configure Local Users authentication:

ibrix_auth -N [-h HOSTLIST]

Be sure to create a local user account for each user that will be accessing SMB, FTP, or HTTP
shares, and create at least one local group account for the users. The account information is stored
internally in the cluster.

Configure Active Directory authentication:

ibrix_auth -n DOMAIN_NAME -A AUTH_PROXY_USER_NAME@domain_name [-P

AUTH_PROXY_PASSWORD] [-S SETTINGLIST] [-h HOSTLIST]

In the command, DOMAIN_NAME is your Active Directory domain.
AUTH_PROXY_USER_NAME@domain_name

is the name and domain for an AD domain user

(typically a Domain Administrator) having privileges to join the specified domain and
AUTH_PROXY_PASSWORD

is the password for that account.

To configure Active Directory authentication on specific nodes, specify those nodes in HOSTLIST.

For the -S option, enter the settings as settingname=value. Use commas to separate the
settings, and enclose the list in quotation marks. If there are multiple values for a setting, enclose
the values in square brackets. The users you specify must already exist. For example:

ibrix_auth -t -S 'share admins=[domain\user1, domain\user2,

domain\user3]'

To remove a setting, enter settingname=.

All servers, or only the servers specified in HOSTLIST, will be joined to the specified Active
Directory domain.

74

Configuring authentication for SMB, FTP, and HTTP