Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

lucbus

9 Posts

1756

February 7th, 2018 04:00

Local windows users

Hello,

We are using Kodak prinergy application that is still using SMB1 (even the latest version!) . It has been configure without domain account and the servers are not registered in AD.

We need to create a share that will be use by these servers using a local windows account (this is how it is configure currently), also some user  are mounting that share from workstations that are registered in the domain. So we need to create a local windows account on the Unity so both can connect to the share and use it securely.

I have read all documentation I can found and also asked the local presales tech but I was unable to find how to create a local windows account on the unity to access a share. I have created a NAS server using workgroup but still cannot find a way to create the user.

How can I create a windows account locally on the unity.

Thanks

Rainer_EMC

8.6K Posts

February 7th, 2018 05:00

Hi,

local user and group management is the same as on VNX

knowledgebase should have some example - as well as a forum search

you need to do that from a Windows client using mmc or Windows commandline tools like lgdup.exe.

There is no GUI/CLI/REST functionality in Unity to do that.

in case of multi-protocol - keep in mind that - just like on VNX/Celerra - local CIFS user acccounts on the Unity are NOT subject to the normal mapping methots

they get automatically assigned a uid in high range that you cannot change

Rainer

lucbus

9 Posts

February 7th, 2018 11:00

Chris,

Yes we are aware of that issue, we are currently using this setup on our netapp. I'm hoping that eventually they will reconfigure these servers, join them in the domain and then reconfigure all the application to use a domain account instead. then they should be able to reconfigure all the workstations (windows and mac) to use a domain account for these shares,

don't get me started on kodak and smb1 ;-)

crklosterman

450 Posts

February 7th, 2018 11:00

Also please keep in mind that just because you had a local user called 'applicationuser1' on the source and have a user called 'applicationuser1' on the target, the two are not the same.  Their underlying SID will be different.  As a result you need to translate the old permissions to new permissions.  So I would argue that if you need to do that, why not just translate the old local permissions to new permissions belonging to a domain user or domain group, so that you don't have this problem again in the future (assuming that there is an AD domain in the environment).  Either emcopy or my company's software DobiMigrate can performance that security translation during the migration from the old local user SID to a new domain user SID, or new local user SID.

Also Kodak is still using SMBv1?  Seriously?  That's nuts.

~Chris

Principal SE, Datadobi

chris.klosterman@datadobi.com

View More

View All

No Events found!

Top