Directory services – Apple Xsan 2 User Manual

Chapter 3

Plan a SAN

43

Directory services

If you plan to use user and group privileges to control access to files and folders on
the SAN, you should set up or join a central directory of users and groups. A central
directory service lets you manage SAN users and groups from one computer instead
of having to visit and painstakingly configure each SAN client and metadata controller.

If directory service is provided by a Mac Open Directory server, you can have the Xsan
setup assistant configure Macs in the SAN to use existing user and group accounts
from the Open Directory server.

If you have another type of directory service, such as Active Directory, you configure
each Mac in the SAN to connect to it for user and group accounts by using the Users
& Groups pane of System Preferences (the Accounts pane in Mac OS X or Mac OS X
Server v10.6) after initial setup.

If your SAN doesn’t have access to an existing directory service, you can specify
during initial setup of your Xsan primary metadata controller that you want to use
Xsan Admin to manage users and groups. The server setup assistant creates an Open
Directory master server on your primary metadata controller. The Xsan setup assistant
creates Open Directory replica servers on standby metadata controllers.

The Open Directory master provides an LDAP directory, single sign-on user
authentication using Kerberos, and password validation using common authentication
methods. The replicas improve responsiveness and provide automatic failover of Open
Directory services.

The Xsan setup assistant also configures Mac clients in the SAN to connect to your
Xsan primary metadata controller for Open Directory user and group accounts.

If you use network accounts from a Mac server that isn’t an Xsan metadata controller,
you don’t use Xsan Admin to manage user and group accounts. If the network
accounts server (or directory server) has Mac OS X Lion Server, use the Server app to
manage network user and group accounts. If the network account server has Mac OS X
Server v10.6 Snow Leopard or earlier, use Workgroup Manager to manage user and
group accounts.

Note: Some apps running on SAN client computers, such as Final Cut Pro, work better
when users have local home folders, not network home folders. User accounts that
you manage with Xsan Admin are set up with local home folders. For help setting up
local home folders for user accounts that you don’t manage with Xsan Admin, see
“Configure local home folders for network accounts” on page 96.

If you decide not to use a central directory service, you must set up the same users
and groups in the Accounts pane of System Preferences on each SAN computer.