Sun Microsystems, Inc.  Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1013073.1
Update Date:2010-04-13
Keywords:

Solution Type  Technical Instruction Sure

Solution  1013073.1 :   Sun StorageTek[TM] 5000 Series NAS: How to configure CIFS Security in Workgroup Mode  


Related Items
  • Sun Storage 5320 NAS Gateway/Cluster System
  •  
  • Sun Storage 5320 NAS Appliance
  •  
Related Categories
  • GCS>Sun Microsystems>Storage - Disk>Network Attached Storage
  •  

PreviouslyPublishedAs
217910


Description
Description

Symptoms:

  • Configure CIFS

Purpose/Scope:

Resources are accessed as a particular UID/GID combination assigned to each share. Shares are secured by password only, rather than by a username/password combination. This document describes how to configure shares and security for this environment.

Only NFS-style permissions are possible. Workgroup mode is intended only for use with a small number of Windows clients with very low security requirements, such as temporary file transfer or a small number of physically secure Windows servers in an NFS environment.

If there is a requirement for secure storage of individual user data, Windows domain mode is strongly recommended. A single samba or Windows Domain Controller will enhance security significantly.

NOTE: Workgroup mode on the Sun StorageTek[TM] 5000 Series NAS also implies the use of share level security. In this mode, user tokens are not used and ACL data cannot be written or read.



Steps to Follow
In Workgroup mode, all security is assigned at the share creation/editing screen. To configure security, proceed as follows:
  1. Use a browser to access the Web Admin, enter http://NAS_IP_address.
  2. Enter the administrator password.
  3. Navigate to Windows Configuration > Configure Shares.
  4. Click New to see the New Share screen, or double click an existing share to see the Edit Share screen. The fields are identical in either case.
  5. Security is configured on the lower portion of the screen, beginning with the User ID field. Configure the fields as follows:
 * User ID: When a user successfully connects to this share, they will assume the identity of this UID. All reads, writes, deletes and other operations will be done as this UID. The Windows username that is used to connect is ignored. The default setting for this field is UID 0. This is the root user, and has unlimited rights for all file operations within the share. If this is not desired, be sure to change this to another UID.
 * Group ID: Same as above, but they assume the identity of this group. Again, consider changing the default of GID 0 to prevent unwanted access.
 * Umask: A umask is a file creation mask. It defines the permission bits to turn off when creating a file. Bits that are set in the umask are cleared in the mode of a newly created file. For example: setting a umask of 200 will cause the write bits to be stripped from new files, so that a file written with 777 permission, would be set to 555. For a complete explanation of the umask field, see the Sun StorageTek[TM] Admin Guide.
 * R/W Password and R/O Password: Users attempting to connect to the share will be prompted for a username and password. As noted above, the username is ignored. The password is compared to these two passwords. If the password matches the R/W password, the user will be granted read/write access. If the password matches the R/O password, the user will be granted read-only access. It is possible to leave either or both passwords blank, which grants access regardless of the password entered. 
 * Confirm R/W Password and R/O Password: The password is entered a second time to verify that it was entered correctly.

WARNING: Configuring UID 0 access to a share at the root level of the volume will give unrestricted access to the entire volume.



Product
Sun StorageTek 5320 NAS Gateway/Cluster System
Sun StorageTek 5320 NAS Appliance
Sun StorageTek 5320
Sun StorageTek 5310 NAS Gateway/Cluster System
Sun StorageTek 5310 NAS Gateway System
Sun StorageTek 5310 NAS Appliance
Sun StorageTek 5220 NAS Appliance
Sun StorageTek 5210 NAS Appliance

Internal Comments
This document contains normalized content and is managed by the the Domain Lead(s) of the respective domains. To notify content owners of a knowledge gap contained in this document, and/or prior to updating this document, please contact the domain engineers that are managing this document via the “Document Feedback” alias(es) listed below:

storage-nas-domain@sun.com


NAS, normalized, CIFS, workgroup, audited
Previously Published As
90649

Change History
Date: 2010-04-14
User Name: 79977
Action: Currency check
Comment: Verified still current by CL william.harper@oracle.com
Date: 2007-09-24
User Name: 71396
Action: Approved
Comment: Performed final review of article.

Updated trademarking.

Publishing.
Version: 3
Date: 2007-09-24
User Name: 71396
Action: Accept
Comment:
Version: 0
Product_uuid
ef8d4cb2-9cd6-11da-85b4-080020a9ed93 | Sun StorageTek 5320 NAS Gateway/Cluster System
27ca3082-cb13-11da-857a-080020a9ed93 | Sun StorageTek 5320 NAS Appliance
9d23ea64-a8be-11da-85b4-080020a9ed93 | Sun StorageTek 5320

Attachments
This solution has no attachment
  Copyright © 2011 Sun Microsystems, Inc.  All rights reserved.
 Feedback