Articles in this section

Enabling SMB Access

Sara Levy
  • Updated
Follow

  1. Join Active Directory Domain and Configure LDAP Connection to Active Directory Server

  2. Set SPN (Service Principle Name)

  3. Configure a View Policy

  4. Create Views As Needed

Prerequisites

  • Active Directory Windows 2008R2 or newer.

  • SRV locator resource records on the cluster's DNS server for the _ldap and _kerberos services of the Active Directory (AD) domain .

    Note

    The DNS server IP of the cluster is specified during installation. For assistance with verifying or changing DNS configuration, please contact VAST Data Support.

 

Join Active Directory Domain and Configure LDAP Connection to Active Directory Server

For a view that you want to expose to SMB clients, begin by joining the cluster to Active Directory and configuring an LDAP connection to the Active Directory server. See Joining Active Directory.

Client users should have user accounts defined on the Active Directory server.

 

Set SPN (Service Principle Name)

In order for clients to connect to SMB shares on the cluster, they must connect to DNS names which match host SPNs for the Active Directory machine account. These DNS names need to match the DNS names you configured to forward DNS requests to the relevant VIP pools. If you plan to have clients use <machine account name>.<AD domain name> as the DNS name, there is no need to add any HOST SPN attributes. However, to enable clients to use any other or additional DNS names, you must add HOST SPN attributes to the cluster's machine account after you have joined the Active Directory domain. The HOST SPN is needed so that the Kerberos protocol can access the cluster and perform authentication. It must be set up for each FQDN from which you want client users to be able to access SMB shares.

Add two entries per DNS name to the SPN attributes with the values HOST/<FQDN> and HOST/<short DNS name> where <FQDN> is the FQDN and <short DNS name> is the short DNS name of the same FQDN. 

To set SPN in Active Directory:

  1. Locate the machine account object that you just added for the cluster by joining the cluster to the Active Directory domain.

  2. Open the machine account object's properties. This is usually done by right-clicking the object and selecting Properties.

  3. In the properties, edit the servicePrincipalName attribute. This is usually found in the Attribute Editor tab where you can click the attribute to edit it in the Multi-valued String Editor.

  4. Add one entry per DNS name with the value HOST/<FQDN> where <FQDN > is the FQDN of the cluster and another entry with the value HOST/<short DNS name> in which <short DNS name> is the short DNS name component of the FQDN.

    For example, supposing you have configured your DNS server to map the cluster's VIPs to cluster.domain.com, then you will add two entries: HOST/cluster.domain.com and HOST/cluster.

  5. Click OK in the editor and the properties dialogs as needed to save the entries.

 

Configure a View Policy

Before creating a view that is exposed as an SMB share, you need to make sure you have a view policy that is configured correctly for this type of view.

Creating/Modifying the View Policy via the VAST Web UI

  1. In the VAST Web UI, click menu_button.png in the top left of the page to open the menu, select the Configuration page and then the View Policies tab.

    The View Policies tab displays at least one view policy, the default view policy.

  2. To edit a view policy, hover over the far right column and click the edit button that appears (edit_button.png). Alternatively, to create a new view policy, click the add_button.png button at the top right of the grid.

    The Add Policy or Update Policy dialog opens with the General area expanded.

  3. In the Name field, enter a unique name for the policy.

  4. From the Security Flavor dropdown, select SMB.

  5. Click Create.

    The policy is created and added to the list.

 
Creating/Modifying the View Policy via the VAST CLI

Use the viewpolicy create command to create a new view policy or the viewpolicy modify command to modify a view policy. For command syntax, follow SMB Usage.

 
 

Create Views As Needed

Creating a View via the VAST Web UI

  1. In the VAST Web UI, click menu_button.png in the top left of the page to open the menu, select the Configuration page and then the Views tab.

  2. Click the add_button.png button to add a new view.

    The Add View dialog appears.

  3. In the Filesystem Path field, enter the full path from the top level of the storage system on the cluster to the location that you want to expose. The directory may exist already, such as if it was created by a client inside a mounted parent directory. It could also be a path to a new directory which you'll create now (see step 7).

  4. Open the Protocols dropdown, select SMB to expose the view to SMB. Do not select NFS.

  5. In the SMB Share Name field, enter the name of the SMB share. This is required. The name cannot include the following characters: /\:|<>*?"

    For more information about allowed characters and the max length of a share name, see Advanced Multiprotocol Options.

  6. From the Policy dropdown, select the view policy that is configured as described in the previous step.

  7. If the directory does not already exist in the file system, enable the Create Directory setting to create the directory.

  8. Click Create.

    The view is now created. You can see its configuration displayed in the Views tab.

    The share you created is accessible via SMB clients on the joined AD domain, using the configured share name, which is displayed in the Views tab.

 
Creating a View via the VAST CLI

Create a view using the view create command. To display configured views with their SMB share names, use view list.

 
 
 

Related articles

Comments

0 comments

Article is closed for comments.