Asset ID: |
1-71-1009920.1 |
Update Date: | 2011-01-24 |
Keywords: | |
Solution Type
Technical Instruction Sure
Solution
1009920.1
:
Sun StorageTek[TM] 5000 Series NAS: How to configure for integration into Active Directory
Related Items |
- Sun Storage 5210 NAS Appliance
- Sun Storage 5220 NAS Appliance
- Sun Storage 5310 NAS Appliance
- Sun Storage 5320 NAS Gateway/Cluster System
- Sun Storage 5320 NAS Appliance
- Sun Storage 5310 NAS Gateway System
|
Related Categories |
- GCS>Sun Microsystems>Storage - Disk>Network Attached Storage
|
PreviouslyPublishedAs
213599
DescriptionActive Directory is the directory service introduced in Windows 2000 that provides centralized access to domain resources such as users, groups, and shared data. The Sun StorageTek[TM] NAS can be integrated into an ADS environment to provide the following services:
- Publishing shares to Active Directory.
- Using DNS resolution rather than NetBIOS to join a Windows Domain
- Creation of Dynamic DNS entries
Note that locating the domain controller via DNS removes the requirement for WINS servers and/or local master browser systems.
Steps to FollowSun StorageTek[TM] 5000 Series NAS: Configuring for integration into Active Directory.
Active Directory relies on the domain name service (DNS) to provide name resolution services. Active Directory is integrated with Dynamic DNS, enabling clients to dynamically update their entries in the DNS database. The steps to configure the Sun StorageTek[TM] NAS for Active Directory and Dynamic DNS are detailed below.
- Connect to the Sun StorageTek NAS through Telnet or a serial console.
- If running OS version 4.20 or older, press Enter at the [menu] prompt and type the administrator password. If running OS version 4.21 or newer, enter the password and type "menu"
- Press the spacebar until "ADS" setup displays under Extensions at the lower right.
- Select the letter corresponding to ADS setup.
- In the Active Directory screen configure the options as follows:
- Enable ADS.
- ADS Domain - The fully qualified name of the Windows domain. DO NOT use the short NetBIOS name.
- User - A Windows user account name with rights to update ADS. Specifically, the user needs rights to publish shares and create a computer account. If the computer account already exists (pre-staged account), then the user needs only permission to join an existing account to the domain. For details on using a pre-staged computer account with the NAS, see <Document: 1017781.1> .
- Password - Password for this account.
- User Container - The ADS container that is the location of the above user account. Note that this has nothing to do with the location of the NAS computer account. This will always be ou=computers, unless a prestaged account is used, as described in the link two steps above. The container should be entered using the LDAP distinguished name, without domain, for example, ou=users
- ADS Site - Enter the local ADS site if different from ADS domain. Usually left
blank.
- Kerberos Realm - Name of Kerberos realm for secure AD and DNS. This is usually, but not always the ADS domain name.
- KDC Server - Host name for Key Distribution Center (KDC) server, usually a
domain controller. This field can usually be left blank because it can normally
be resolved by DNS.
All of the above ADS configuration must be in place before configuring Dynamic DNS.
To Configure DNS/Dynamic DNS:
NOTE: If your ADS domain name does not match your DNS domain name, you must be running operating system version 4.21M1 or later in order for the Active Directory integration to properly complete.
- Return to the main menu by pressing the Esc key.
- Select option H, DNS & Syslogd.
- Select option 1, Edit Fields.
- Use the Enter or Tab key to navigate through the fields.
- Ensure that DNS is set up, with the correct and complete domain name and servers configured. DNS configuration is generally easiest when the Active Directory server is also configured as the DNS server. This effects the creation of all the required DNS records. It is possible to use an external DNS server, but extra care must be taken to ensure that all of the required DNS records are created. For a list of the DNS requirements, including a list of all required records, see <Document: 1004157.1> .
- Select option Y for ?Yes? to enable Dynamic DNS. (NOTE: It is possible to integrate with AD without Dynamic DNS enabled, but it is strongly recommended to configure this if possible.)
- Type a user name and password with sufficient rights to perform secure DNS
updates.
- After configuring desired options, select option 7, Save Changes.
After you have successfully configured these settings, it is necessary to access the Domain Configuration screen and join the domain to complete the process. See <Document: 1008222.1> for details on this step.
This configuration process can also be completed using the Web Admin GUI. All of the options described above are available.
ProductSun StorageTek 5320 NAS Gateway/Cluster System
Sun StorageTek 5320 NAS Appliance
Sun StorageTek 5310 NAS Gateway/Cluster System
Sun StorageTek 5310 NAS Gateway System
Sun StorageTek 5310 NAS Appliance
Sun StorageTek 5210 NAS Appliance
Sun StorageTek 5220 NAS Appliance
Internal Comments
This document contains normalized content and is managed by the the Domain Lead(s) of the respective domains. To notify content owners of a knowledge gap
contained in this document, and/or prior to updating this document, please contact the domain engineers that are managing this document via the
“Document Feedback” alias(es) listed below:
storage-nas-domain@sun.com
normalized, ads, join, domain, cifs, Audited
Previously Published As
89219
Change History
Date: 2010-03-21
User Name: 79977
Action: Currency check
Comment: Verified by CL, still current. Changed title to enable findability
Date: 2007-09-20
User Name: 7058
Action: Approved
Attachments
This solution has no attachment