Permissions and access rights on share resources, Nfs cluster-specific issues, 100 nfs cluster-specific issues – HP StorageWorks X3000 Network Storage Systems User Manual
Page 100
2.
For NFS environments, configure the NFS server.
NFS specific procedures include entering audit and file lock information as well as setting up
client groups and user name mappings. These procedures are not unique to a clustered deployment
and are detailed in the Microsoft Services for NFS section within the “Other network file and
print services” chapter. Changes to NFS setup information are automatically replicated to all
nodes in a cluster.
3.
Create the file share resources.
4.
Assign ownership of the file share resources to the resource groups.
a.
Divide ownership of the file share resource between the resource groups, which are in turn
distributed between the virtual servers, for effective load balancing.
b.
Verify that the physical disk resource for this file share is also included in this group.
c.
Verify that the resources are dependent on the virtual servers and physical disk resources
from which the file share was created.
Permissions and access rights on share resources
File Share and NFS Share permissions must be managed using the Cluster Administrator tool versus
the individual shares on the file system themselves via Windows Explorer. Administering them through
the Cluster Administrator tool allows the permissions to migrate from one node to other. In addition,
permissions established using Explorer are lost after the share is failed or taken offline.
NFS cluster-specific issues
For convenience, all suggestions are listed below:
•
Back up user and group mappings.
To avoid loss of complex advanced mappings in the case of a system failure, back up the mappings
whenever the mappings have been edited or new mappings have been added.
•
Map consistently.
Groups that are mapped to each other should contain the same users and the members of the
groups should be properly mapped to each other to ensure proper file access.
•
Map properly.
• Valid UNIX users should be mapped to valid Windows users.
• Valid UNIX groups should be mapped to valid Windows groups.
• Mapped Windows user must have the “Access this computer from the Network privilege” or
the mapping will be squashed.
• The mapped Windows user must have an active password, or the mapping will be squashed.
•
In a clustered deployment, create user name mappings using domain user accounts.
Because the security identifiers of local accounts are recognized only by the local server, other
nodes in the cluster will not be able to resolve those accounts during a failover. Do not create
mappings using local user and group accounts.
•
In a clustered deployment, administer user name mapping on a computer that belongs to a trusted
domain.
If NFS administration tasks are performed on a computer that belongs to a domain that is not
trusted by the domain of the cluster, the changes are not properly replicated among the nodes in
the cluster.
•
In a clustered deployment, if PCNFS password and group files are being used to provide user
and group information, these files must be located on each node of the system.
Cluster administration
100