Creating Shares and assigning security (ACL) in a Domain / ADS environment

Asset ID:	1-71-1008017.1
Update Date:	2009-03-09
Keywords:

Solution Type Technical Instruction Sure

Solution 1008017.1 : Creating Shares and assigning security (ACL) in a Domain / ADS environment

Related Items


Sun Storage 5210 NAS Appliance
 Sun Storage 5310 NAS Appliance
 Sun Storage 5320 NAS Gateway/Cluster System
 Sun Storage 5320 NAS Appliance
 Sun Storage 5310 NAS Gateway System

Related Categories


GCS>Sun Microsystems>Storage - Disk>Network Attached Storage

PreviouslyPublishedAs
211053

Description
How to create a share and assign an ACL to a folder that is shared on the Sun StorEdge[TM] 5210 / 5310 / 5310C / 5320 NAS filer.

Steps to Follow
Once system is installed and has joined the Windows Domain / ADS You have what is called "Administrative Shares" which are shares that point to a volume already created.

These administrative shares can ONLY be accessed by the Domain Administrator or any user in the Domain Admin Group. The shares are drive letters with a $ sign at the end of the drive letter name, for example: "C$" or "D$". To determine which administrative share your volume is pointing to, simply open a telnet window to the StorEDGE system and login. For example on a pc:

Go to Windows "START" button, and select the "RUN" option. In the resulting window type "Telnet StorEDGE" (replace StorEDGE with the name of your NAS box). Once the Telnet window is opened press the "Enter" key at the prompt where it asks for "connect to [menu]?", from the "Main Menu" select the letter for the menu option "Drive Letters". In this window you will see which administrative share are assigned to the volume(s) created. These can also be viewed under the "CIFS/SMB Configuration" under the "Shares" option in the Main Menu.

Once you have determined what administrative share corresponds to the volume created, open another "RUN" window from your Windows client and type "//xxx.xxx.xxx.xxx/administrative share" replace the xxx with the IP address or SMB name of the StorEDGE and administrative share with the corresponding drive letter obtained above. Remember that only Domain Admins or the Domain Admin Group have permissions to access this share.

Now that you have accessed the volume you can start creating folders underneath this volume, for example "public","private", "users", "homedir" etc..

1. Create a folder in the volume
2. Right click on that folder, from the popup menu select the "Properties" option.
3. A new window will open with a "General Tab", a "Security Tab" and an "Advanced Tab", select the "Security Tab"
4. In the "Security Tab" you can add or remove users and groups that are part of the domain you are logged into.
5. Add the appropriate "Users" or "Groups" that you want to have access to this share.
6. Apply the changes and hit the "OK" button to close the window.

Please note that after share modifications such as adding "Users" or "Groups" have been done, the user(s) will have to log out of the Windows Client machine and log back in for a new security token to be issued to that user, so the user can gain access to the share that was modified.

Product
Sun StorageTek 5310 NAS Appliance
Sun StorageTek 5320 NAS Gateway/Cluster System
Sun StorageTek 5320 NAS Appliance
Sun StorageTek 5310 NAS Gateway/Cluster System
Sun StorageTek 5310 NAS Gateway System
Sun StorageTek 5210 NAS Appliance

Previously Published As
86061

Change History
Date: 2006-11-03
User Name: 95826
Action: Approved
Comment: - verified metadata
- changed review date to 2007-11-03
- checked for TM - 1 added + fixed product name
- audience changed to contract per FvF as per http://kmo.central/howto/content/voyager-contributor-standards.html

Attachments

This solution has no attachment