Veritas Access Administrator's Guide
- Section I. Introducing Veritas Access
- Section II. Configuring Veritas Access
- Adding users or roles
- Configuring the network
- Configuring authentication services
- Section III. Managing Veritas Access storage
- Configuring storage
- Configuring data integrity with I/O fencing
- Configuring ISCSI
- Veritas Access as an iSCSI target
- Configuring storage
- Section IV. Managing Veritas Access file access services
- Configuring the NFS server
- Setting up Kerberos authentication for NFS clients
- Using Veritas Access as a CIFS server
- About Active Directory (AD)
- About configuring CIFS for Active Directory (AD) domain mode
- About setting trusted domains
- About managing home directories
- About CIFS clustering modes
- About migrating CIFS shares and home directories
- About managing local users and groups
- Configuring an FTP server
- Using Veritas Access as an Object Store server
- Configuring the NFS server
- Section V. Monitoring and troubleshooting
- Section VI. Provisioning and managing Veritas Access file systems
- Creating and maintaining file systems
- Considerations for creating a file system
- Modifying a file system
- Managing a file system
- Creating and maintaining file systems
- Section VII. Configuring cloud storage
- Section VIII. Provisioning and managing Veritas Access shares
- Creating shares for applications
- Creating and maintaining NFS shares
- Creating and maintaining CIFS shares
- Using Veritas Access with OpenStack
- Integrating Veritas Access with Data Insight
- Section IX. Managing Veritas Access storage services
- Compressing files
- About compressing files
- Compression tasks
- Configuring SmartTier
- Configuring SmartIO
- Configuring episodic replication
- Episodic replication job failover and failback
- Configuring continuous replication
- How Veritas Access continuous replication works
- Continuous replication failover and failback
- Using snapshots
- Using instant rollbacks
- Compressing files
- Section X. Reference
About storing account information
Veritas Access maps between the domain users and groups (their identifiers) and local representation of these users and groups. Information about these mappings can be stored locally on Veritas Access or remotely using the DC directory service. Veritas Access uses the idmap_backend configuration option to decide where this information is stored.
This option can be set to one of the following:
rid | Maps SIDs for domain users and groups by deriving UID and GID from RID on the Veritas Access CIFS server. |
ldap | Stores the user and group information in the LDAP directory service. |
hash | Maps SIDs for domain users and groups to 31-bit UID and GID by the implemented hashing algorithm on the Veritas Access CIFS server. |
ad | Obtains unique user IDs (UIDs) or group IDs (GIDs) from domains by reading ID mappings from an Active Directory server that uses RFC2307/SFU schema extensions. |
Note:
SID/RID are Microsoft Windows concepts that are described at: http://msdn.microsoft.com/en-us/library/aa379602(VS.85).aspx.
The rid and hash values can be used in any of the following modes of operation:
Standalone
AD domain
rid is the default value for idmap_backend in all of these operational modes. The ldap value can be used if the AD domain mode is used.
When security is set as "user" idmap_backend is irrelevant.
Table: Store account information commands
Command | Definition |
---|---|
set idmap_backend rid | Configures Veritas Access to store information about users and groups locally. Trusted domains are allowed if allow_trusted_domains is set to yes. The uid_range is set to 10000-1000000 by default. Change the default range in cases where it is not appropriate to accommodate local Veritas Access cluster users, Active Directory, or trusted domain users. Do not attempt to modify LOW_RANGE_ID (10000) if user data has already been created or copied on the CIFS server. This may lead to data access denied issues since the UID changes. |
set idmap_backend hash | Allows you to obtain the unique SID to UID/GID mappings by the implemented hashing algorithm. Trusted domains are allowed if allow_trusted_domains is set to yes. |
set idmap_backend ad | Allows you to obtain unique user IDs (UIDs) or group IDs (GIDs) from domains by reading ID mappings from an Active Directory server that uses RFC2307/SFU schema extensions. |
set idmap_backend ldap | Configures Veritas Access to store information about users and groups in a remote LDAP service. You can only use this command when Veritas Access is operating in the AD domain mode. The LDAP service can run on the domain controller or it can be external to the domain controller. Note: For Veritas Access to use the LDAP service, the LDAP service must include both RFC 2307 and proper schema extensions. See Configuring the LDAP client for authentication using the CLI. This option tells the CIFS server to obtain SID to UID/GID mappings from a common LDAP backend. This option is compatible with multiple domain environments. So allow_trusted_domains can be set to yes. If idmap_backend is set to ldap, you must first configure the Veritas Access LDAP options using the Network> ldap commands. |