Cifs storage administrator account, Cifs full access user account (backup user), Active directory configuration – Dell PowerVault NX3600 User Manual

This is the account that creates the folders (either using a user create script or manually) for each users home
share.

6.

Disconnect or unmount the user share, and remount it as an account that has ownership of it, as previously set (as

a Domain Admin, Storage Admin, or specific account ownership was set to).

7.

In the NAS Manager, create a new CIFS share, and select the share type CIFS share containing a user-based

directory tree.

8.

Previously, the general access share titled users was created at the path /users. In Path template, enter /users and

then select if you want the users folders to take the form of /users/username or /users/domain/username.

9.

Click Save Changes.

10. Using Windows Explorer, for each user that you wish to be given a home share, create a folder for them that

conforms to the Path template: you selected in the previous step.
This can be done manually or with a user create script.

Setting Access Control Lists And Share Level Permissions On

FluidFS

You can set up access control lists (ACLs) and share level permissions (SLP) on Fluid File System (FluidFS). It is
recommended that a Windows administrator follows the best practices as defined by Microsoft.
Both ACLs and SLPs are supported by FluidFS. However, SLPs are limited as they only address full control, modify and
read rights for any given user or group.

CIFS Storage Administrator Account

A built-in local CIFS storage administrator account serves the primary purpose of setting ownership of the CIFS share.
The account can also be used to set ACLs when the NAS service is not joined to an Active Directory domain. This built-
in account has a randomly generated password for security purposes. You must change this password before
attempting to set any ACLs or SLPs.

CIFS Full Access User Account (Backup User)

The Full Access User account is a special purpose account that is to be used by backup administrators. The system
must be a member of an Active Directory (AD) to associate this privilege with an AD account. The Full Access User
privilege gives the AD account full access to all data on all shares, and all volumes, regardless of the file ACL definitions.
However, the SLP settings do apply on the AD account granted Full Access User privilege. It is the job of the NAS
system administrator to verify the AD account set for full access user has all relevant SLPs.
To manage the Full Access User:

1.

Open a connection to the CLI using a direct KVM connection or through SSH to the management VIP.

2.

To set the Full Access User account, or overwrite the current entry, in the CLI, run the command:
system authentication full-access-account set DOMAIN+username

3.

To verify if Full Access User account is properly set, run the command:
system authentication full-access-account view

4.

To delete the Full Access User, run the command:
system authentication full-access-account delete

Active Directory Configuration

FluidFS has the ability to join an Active Directory domain. This can be done using the NAS Manager or the CLI.

33