If you create other OUs in Active Directory and users in those units will access the file system,
delegate control for these OUs to the proxy user also.
Configuring an “unknown” Windows user
The “unknown” Windows user is displayed as the owner of a file when the client cannot resolve
a user mapping. This user is required and must be defined on the management console with the
ibrix_activedirectory
command. You can assign any name to this user.
Configuring other Windows client users
All Windows users that will access the file system must be assigned a UID and GID on their UNIX
Attributes tab. If you want to map these users to specific Linux users, use the IDs from the Linux side
(for example the users in
/etc/passwd
). If specific mappings are not important, you can accept
the next available UID and GID generated by Active Directory when the users are added. Unmapped
users are granted the Others permissions, as defined by the mode mask settings.
Unmapped users cannot create new files or directories in the file system, even if they have such
permissions on Windows.
Configuring Active Directory settings on the management console
From the management console, configure Active Directory settings, and then register each client
on the management console.
To enter Active Directory settings using the CLI, execute
ibrix_activedirectory
on the
management console, entering the proxy user name and unknown Windows user name, with
passwords, as created in Active Directory.
On Windows Server 2003 R2, the
-E
and
-F
arguments are required. Use the field names
gidNumber
and
uidNumber
as values.
<installdirectory>/bin/ibrix_activedirectory -S [-d DOMAIN_NAME] [-i DOMAIN_CONTROLLER_IP]
[-u PROXY_USER] [-p PROXY_PASSWORD] [-E UID_FIELD_NAME][-F GID_FIELD_NAME] [-W WIN_USER]
NOTE:
Specify the proxy user name in the format
"domainname\username"
, where
domainname
is the name of the NIS domain in Active Directory. The double quotes are required.
Some examples follow. The second example applies to Windows Server 2003 R2.
<installdirectory>/bin/ibrix_activedirectory -S -d fm1.hp.com -i 192.168.1.1
-u "cs\X9000_proxy" -p proxy12345 -W X9000_winuser
<installdirectory>/bin/ibrix_activedirectory -S -d fm1.hp.com -i 192.168.1.1
-u "cs\X9000_proxy" -p proxy12345 -E uidNumber -F gidNumber -W X9000_winuser
Registering Windows X9000 clients and starting services
The Active Directory setup must be complete before registering Windows X9000 clients on the
management console. All clients must be registered with the management console before they can
mount a file system. Windows X9000 clients are registered on the client itself. Repeat this procedure
on each Windows client.
NOTE:
You might encounter problems with client access due to firewall settings. HP recommends
that you turn off the firewall during testing. When you turn the firewall back on, open ports 1234
and 9000 through 9010 in both directions for X9000 software use.
To register clients, complete the following steps:
88
Adding Linux and Windows X9000 clients