HPE Community
StoreOnce Backup Storage
1821267 Members
3071 Online
109632 Solutions
New Discussion

Can I let AD users share CIFS NAS Shares folder through AD integration with HPE 3640

 
SOLVED
Go to solution
Mohammadsaeed01
Advisor

‎01-29-2023 02:04 AM - last edited on ‎01-29-2023 08:06 PM by

‎01-29-2023 02:04 AM - last edited on ‎01-29-2023 08:06 PM by

Can I let AD users share CIFS NAS Shares folder through AD integration with HPE 3640

Hello,

 

I have Storage HPE 3640 48TB and want to integrate it with Windows AD to give AD users access for CIFS NAS Shares, Can I do that?

 

I found these steps in Document:

NAS CIFS Active Directory authentication overview About this task

Process overview:

Procedure

  1. Adding StoreOnce Systems to Active Directory domains
  2. Granting Active Directory domain users access to NAS CIFS shares
  3. Adding Active Directory users as local administrators to the StoreOnce CIFS server
  4. Adding Active Directory groups as local administrators to the StoreOnce CIFS server

  Adding StoreOnce Systems to Active Directory domains Prerequisites

  • Verify that the StoreOnce System has an entry in the DNS server. The DNS entry is required so the StoreOnce System can be resolved by referring to its qualified domain name. (StoreOnce Systems do not automatically add themselves to DNS server configurations during network configuration.).

If the StoreOnce System does not have a DNS entry, you must manually create the entry before proceeding.

  • StoreOnce port sets and DNS entries on the Networking screen must be configured correctly. The networking settings must allow the StoreOnce System contact the Active Directory server and resolve its host name.
  • The system time on the StoreOnce System and the Active Directory server must be in sync.

To add a StoreOnce System, you must know the Active Directory domain name, and the credentials of an Active Directory user that has permission to add the StoreOnce System to the domain.

  • StoreOnce supports the following Kerberos encryption types when joining Microsoft Active Directory domain:
    • RC4-HMAC
    • DES-CBC-MD5
    • DES-CBC-CRC

AES type encryptions are currently not supported.

About this task

  • WARNING:

To add a StoreOnce System, you must use the StoreOnce Join action. Joining or leaving an Active Directory domain will cause running backup and restore jobs on a StoreOnce System to fail. Do not perform this procedure if the StoreOnce System has backup or restore jobs running.

Procedure

On the StoreOnce System

  1. Navigate to the NAS Settings screen.

If necessary, see Viewing NAS settings.

  1. On the NAS Settings screen, click the CIFS Server tab.
  2. On the CIFS Server tab, click the edit icon (
     

     

    ) on the Settings panel.
  3. On the CIFS Settings dialog, select Active Directory for the Authentication Mode.
  4. Enter the name of the Active Directory Domain to which you want to join the StoreOnce System, and then click Update.

The Join Active Directory dialog opens.

  1. On the Join Active Directory dialog, enter the user name and password to join the Active Directory domain, and then click Join.
    • The StoreOnce System is added to the domain and the CIFS Server tab displays the Active Directory information. (Joining can take some time, depending on topology and domain size.).
    • The Local Administrators panel shows the domain users that can be delegated to manage the CIFS Server of the StoreOnce System. To add local administrators, see Adding and deleting NAS CIFS Active Directory users and groups.

On a Windows domain management system

  1. On a Windows domain management system, verify that there is an entry for the StoreOnce CIFS server.
    1. On a Windows server that is used to perform Active Directory domain configuration, launch the Active Directory Users and Computers management tool.
      • For example, enter dsa.msc in the Windows Run command.
      • Or from a PC with the Microsoft Remote Server Administration Tools installed, launch from Administrative Tools).

Granting Active Directory domain users access to NAS CIFS shares Prerequisites

  • StoreOnce port sets and DNS entries on the Networking screen must be configured correctly. Use the Active Directory DNS server or some other DNS server properly configured to resolve the Active Directory domain.
  • The CIFS server authentication mode for the StoreOnce System is set to Active Directory.

About this task Procedure

  1. On the Windows client, open the Microsoft Management Console (MMC). For example, select Start > Run > mmc.
  2. From the MMC menu, navigate to FileAdd/Remove Snap-in.
  3. Browse through the list of Available Snap-ins and select the Shared Folders snap-in.
  4. Click Add.
  5. Select Another Computer on the Shared Folders window and enter the fully qualified domain name of the StoreOnce System.

You can also click Browse and search for the StoreOnce System.

  1. In the View section, select Shares.
  2. Complete the snap-in configuration by clicking Finish and then click OK.

The snap-in is now added to the MMC console. Use this setting for future management of the StoreOnce System NAS CIFS shares.

  1. Expand the Shares list to see the shares configured on the StoreOnce System.
  2. Select the share to which you want to assign access to domain users or groups.
  3. Right-click on the share and select Properties

A new share created will have no users or groups assigned to it.

  1. Select the Share Permissions tab and click Add.
  2. Enter the domain user name to be added. Verify by the domain user name by clicking Check Names. Once the user is verified, click OK.
  3. Assign the permission you want the domain user to have for this share.
  4. Click OK to confirm the changes.

You can now access the newly created share from any Windows server on the domain, using the credentials of anyone who has permission to access the share. If a permitted user is logged into Windows, access to the share is granted automatically with those permissions.

IMPORTANT:

When switching from None or User authentication mode to Active Directory authentication mode, Hewlett Packard Enterprise recommends logging out and then back in to the Windows client where the share is mounted. This approach ensures that the new authentication settings of the CIFS server are enforced.

NOTE:

The StoreOnce System does not support creating shares from Windows Computer Management Consoles. Shares must be created from the StoreOnce Management Console.

The StoreOnce System only supports the Shared Folders utility within the Windows Computer Management. Any other Windows Computer Management utilities are not supported.

Adding Active Directory users as local administrators to the StoreOnce CIFS server Prerequisites

  • The StoreOnce System has been added to an Active Directory domain.
  • The user or group to be added must already exist in the Active Directory domain.

About this task

After a StoreOnce System is added to an Active Directory domain, the Local Administrators panel is displayed on the CIFS server tab of the NAS Settings screen.

  • The Local Administrators panel allows you to add Active Directory domain users or groups with administrator privileges to the CIFS server. Adding users or groups using the StoreOnce Management Console provides a way of implementing Delegated Administration, which is not available for the StoreOnce device from the Active Directory Management tool.
  • Users are added using the Active Directory login name. This name is available from the user account information from the Active Directory Management tool. (Right-click the domain user from the domain controller, select Properties, and check the domain user account information.)

Both user login formats are accepted. For example, <domain_user@domain> or <domain\domain_user>. The user is resolved against the domain controller database.

  • IMPORTANT: When adding Active Directory domain users through a StoreOnce Management Console, the users are automatically added as Local Administrators. (Even if they are not administrator users on the Active Directory domain.)

Procedure

  1. Navigate to the NAS Settings screen.

If necessary, see Viewing NAS settings.

  1. On the NAS Settings screen, click the CIFS Servers tab.
  2. On the Local Administrators panel, expand the Actions menu and select Add Users or Groups
  3. On the Add Users or Groups dialog, enter the user name in the Member Name box, and then click Add.

The user is added to the list of local administrators.

Adding Active Directory groups as local administrators to the StoreOnce CIFS server Procedure

  1. Navigate to the NAS Settings screen.

If necessary, see Viewing NAS settings.

  1. On the NAS Settings screen, click the CIFS Servers tab.
  2. On the Local Administrators panel, expand the Actions menu and select Add Users or Groups
  3. On the Add Users or Groups dialog, in the group name in the Member Name box, and then click Add.

The group is added to the list of local administrators.

Deleting Active Directory users or groups as local administrators of the StoreOnce CIFS server Procedure

  1. Navigate to the NAS Settings screen.

If necessary, see Viewing NAS settings.

  1. On the NAS Settings screen, click the CIFS Servers tab.
  2. On the Local Administrators panel, select the Member, and then expand the Actions menu and select Delete Users or Groups
  3. On the Delete Members dialog, click the acknowledgment check box, and then click Delete.

The user or group is deleted from the list of local administrators.

 

Will those above steps can do the requirements?

 

Thanks for all

0 Kudos
Reply
3 REPLIES 3
sbhat09
HPE Pro

‎01-29-2023 05:07 AM

‎01-29-2023 05:07 AM

Solution

Re: Can I let AD users share CIFS NAS Shares folder through AD integration with HPE 3640

Hello @Mohammadsaeed01,

It is quite simpler than you are wrote. First you add the directory server to the StoreOnce Management console:
Settings -> Directory -> + add direcory server -> Connect to directory server -> Select 'Active Directry' -> Add the host name or IP and port -> Connect.

Then follow the instructions in pg. no. 137 of the document - https://support.hpe.com/hpesc/public/docDisplay?docId=a00062048en_us&docLocale=en_US

Regards,
Srinivas Bhat

If you feel this was helpful please click the KUDOS! thumb below!
Note: All of my comments are my own and are not any official representation of HPE.



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Reply
sbhat09
HPE Pro

‎01-29-2023 06:00 AM

‎01-29-2023 06:00 AM

Re: Can I let AD users share CIFS NAS Shares folder through AD integration with HPE 3640

You may find these videos useful as well:
Adding and Configuring Directory server - https://support.hpe.com/hpesc/public/videoDisplay?videoId=vtc00000847en_us
Adding Directory Users and Groups - https://support.hpe.com/hpesc/public/videoDisplay?videoId=vtc00000844en_us

Regards,
Srinivas Bhat

If you feel this was helpful please click the KUDOS! thumb below!
Note: All of my comments are my own and are not any official representation of HPE.



I work at HPE
HPE Support Center offers support for your HPE services and products when and how you need it. Get started with HPE Support Center today.
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
Reply
Gans_Tapes
HPE Pro

‎01-29-2023 06:18 AM

‎01-29-2023 06:18 AM

Re: Can I let AD users share CIFS NAS Shares folder through AD integration with HPE 3640

@Mohammadsaeed01  Access to StoreOnce shares is possible and managed via AD and the instructions have been already shared by  @sbhat09 . Something else to remember is the NAS shares on StoreOnce are optimized for use with a backup application. So ensure that the writes to the share are performed via a supported backup application 

https://h20272.www2.hpe.com/SPOCK/Pages/spock2Html.aspx?htmlFile=hw_storeonce.html  (Requires HPE passport sign-in).  

 


I work for HPE

Accept or Kudo

Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.