Dell EMC UNITY, How can we share nfs and cifs shares on the same file system without defining NIS or LDAP?

Hi,

yes this is possible and supported.

Currently the GUI wrongly prevents you from it - this will be fixed in an upcoming version.

For now the simple workaround is to enable it via CLI

Once enabled you can then continue configuring with the GUI

Please make sure you understand how Unity multi-protocol works.

Normally you want to at least configure a Unix default user and add him to the local passwd file.

Since you are an EMC guy I would suggest to look at inside.dell forums threads for more info

Rainer

Please contact support and quote this request.

Without nis/ldap, you still require some sort of UID generator and mapping before you can login via cifs.

In 4.1.1 Unity has local users support in Unisphere, but utilizing it creates limitations (such as single UID for all CIFS users renders quota unusable).

Creating a local UID DB (aka passwd) creates an overhead of having to manage it for every AD account (multiple global user management repositories effectively-required).

Adding IDMU to AD and pointing the MultiProtocol Nas-Server LDAP-settings to the DC's might be your best option.

For more information see KBA 491184.

Hi Rainer,

I am facing the same issue here with my Unity 500.

I had an exisiting file system with NFS enabled as protocol. My team wanted to use that as as a CIFS also.

Now, I enabled SMB from NAS Server properties and added it to the domain.

Using the cli I enabled multiprotocol as the option was greyed out on Unisphere.

Then I created the SMB share, now when I am trying to access the share it is asking for credentials.

So I have put in my domain name\adminusername and password which I used for joining the domain on the NAS server.

It is not letting me login and gives an error that username does not exisit.

I must highlight that our UNIX machines on which this FS is mounted is not added on the domain but they are able to access the mount points.

Please help me sort out this issue.

well - do you have any mapping for the Windows user account you are using ?

With Unity the internal usermapper is turned OFF when you multi-protocol is used and any existing mappings from usermapper are removed.

So if you dont have any mapping through the supported mapping methods or via a default Unix user then you will not be able to connect via CIFS/SMB  as that user

you can run a mapping diagnostic report to check

Not sure what you mean with "UNIX machines ... not added to the domain" - I assume these are using NFS - for that membership in a Windows domain would be quite unusual and irrelevant to NFS access

Rainer

does that explanation make sense ?

I'm trying to accomplish the exact same thing here but ran stuck at the usermapping.

- changed to multiprotocol via CLI and afterwards can't connect to the NAS server for management in AD.

Can somebody try to explain what the steps are to fix this please?

please read my post above

You need to decide how you want to do provide the mapping info between SMB and Unix accounts.

Options there are:

- NIS

- LDAP

- ntxmap plus a way to resolve unix name to uid

- local passwd/group file

- default Unix user

then you can use the steps documented in the manuals to configure it.

Hi Rainer,

Honestly this is getting frustrated day by day, tried contacting EMC support and they advised to get in touch with professional services.

I tried updating the ntxmap file but no luck.

Is there a way you can help me out personally on this issue.

I would be very thankful to you.

There is no proper documentation for customers who don't have LDAP or NIS in their environment, does that mean they can't use multiprotocol. What's is the use of buying such a stupid product, VNX was a hell lot better than this.

ntxmap alone is not enough since ntxmap only maps Windows name to Unix name

does your Unity have a way configured to resolve Unix names to Unix UID ?

The simplest config is:

1) in the GUI enable the default Unix user account - for example enter "default" as the default user name

(if in your setup files also get created from Unix users that dont have a mapping you also want to configure the default Windows user)

2) in the GUI in the naming services / local files section dowload the current local passwd file from the NAS server

3) add a line like this to the passwd file - adjust the UID/GID of 1234 in the example to your environment:

default:x:1234:1234:/:/bin/false

4) upload the updated passwd file

Now every CIFS user should be mapped to this user called "default"

You can then check by downloading the usermapping diagnostics report

doing this for multiple users via local passwd file or NIS is pretty similar.

If you already have a Unix user for every Windows user you want to explicitly map in a working NIS passwd file than you only need to create a ntxmap if the Windows and Unix names arent literally the same.

Of if you have a passwd file from a Unix/Linux system that has all your user then you can just upload it.

user mapping via LDAP is more complicated because of different LDAP variants

I hope that helps

An updated Unity NAS white paper with more multi-protocol details plus a new Unity multi-protocol manual should be available in a few weeks.

Until the Unity multi-protocol manual is published you can use the VNX manuals for names services, user mapping, multi-protocol, ...

They are quite detailed.

The concepts for user mapping and name resolution are the same - except that Unity automatically turns of the usermapper that assigns UIDs for non-mapped users when configuring multi-protocol

Hi rainer,

As I mentioned earlier, we don't have any NIS or LDAP. We only have AD for Windows.

UNIX are all local users. Let's suppose we have a user named Admin for Windows and root for Unix.

How am I going to update the password file, root has the default UID and GID as 0.

Could you share the syntax that I need to update.

Thank you Rainer

We've got it working without LDAP and the local passwd file and the default unix user by following your procedure.

SMB is working again.

Best regards,

Stijn

manik-chawla

You can update the passwd file of the NAS server either in the Unisphere GUI in the properties of the NAS server

Unisphere Online help also has details

Or you could use UEMCLI - see the UEMCLI reference guide

The default passwd file that you can download from the NAS server has an example with the Syntax

So does every Unix/Linux book or website or the man page for passwd

In your example you Could to add a line for a user Admin in passwd file with UID/GID 0

Or create a mapping from Admin to root in the ntxmap and add a user root to the passwd file or upload your Unix password file from another system

Note that a passwd hash is not needed - it is only used if you choose to enable and use (s)ftp