Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Integrating Windows into Xsan

Mat,

Do you anticipate having any cross-platform users, i.e. users who want to operate on the same Xsan volume files in both OS X Xsan and Windows SNFS environments? If so, you will have to address the problem of mapping your OS X user (Unix) info to your Windows ADIC SNFS SAN server. Without this mapping, file ownership/privileges for files created in a Windows session on an Xsan volume will NOT be accessible by the same users from the OS X environment. You will find that these files are assigned nobody/nobody (60001/60001) OS X (Unix) ownership. One solution is to assign world read/write access to any Xsan volume files, but most sites will be uncomfortable with this option.

Query your ADIC sales rep closely about SNFS/SNFX capabilities in your Xsan environment. The current ADIC SNFS release (2.6.1) supports only PCNFS or NIS protocols for user info mapping between Windows and non-Windows environments, including OS X (See StorNext File System Client Properties). While both protocols can be implemented under OS X, they are outdated and most security-conscious administrators will be reluctant use them. I have verified that the NIS option works, I've found that each Windows username must be manually mapped to an OS X (Unix) username. With several hundred users in my group, mapping each manually is ridiculous.

It is rumored that the next SNFS release (2.7) will support LDAP (Kerberos?) lookups. LDAP access is preferable to PCNFS/NIS, but there is still the issue of where the OS X UID/GID is stored. You may still find that your Windows AD schema must be extended to include OS X (Unix) user attributes.

Thanks,
--
Brian Leverson, Systems Manager
University of Washington		e-mail: email@hidden
Dept of Aeronautics and Astronautics	phone:  (206)543-6736
Box 352400				FAX:    (206)543-0217
Seattle, WA  98195-2400			Office: Gugg 309D

"Man is the best computer we can put aboard a spacecraft...and the only
one that can be mass produced with unskilled labor." -- Wernher von Braun

On Tue, 7 Feb 2006, Mathieu Mauser wrote:

Thomas,

Maybe one of those cute golden triangles of authentication...

mac -> OD  and OD ->AD

And yes, apple training is good, and yes, maybe I should hire a
contractor to do this for me. I met a bunch of smart kids at Macworld.

:)

-x

On Tue, Feb
07, 2006 at 10:43:18AM -0800, Thomas Weyer wrote:

Xsan does NOT support ACLs.

In terms of Dir Integration you have a number of options.  Get all
servers to Auth to a single dir server (OD/Mac or AD/Win) or use a
hybrid solution with a Master Dir Server and then Local Dir server
for the other platform (again this can be standard LDAP (aka OD) or
AD/Windows).

This is covers a bit in the Mac OS X Server Doc as well as thru
training offered by Apple, or installation/Professional services if
you just want to contract it out to someone and not have to deal with
it yourself.

--Tom






__________________________________________________________________________
Thomas Weyer                                 email:      email@hidden
Sr Consulting Engineer- Servers & Storage    voice:      (408) 974-5017
Field Engineering, U.S. Education              fax:

Apple
1 Infinite Loop
http://www.apple.com/education
Cupertino, CA, 95014, USA                      http://www.apple.com


At 10:16 AM -0800 2/7/06, techtalk wrote: 
Jason,

Yes, it seems somewhat necessary that I will have to get the Macs to
authenticate against AD to share the privileges scheme and
authority, the same as the win users understand.

But I hope that's all that needs to be done. I'm not looking forward
to "extending schemas" or getting some kind of extra Unix LDAP
functionality to work on Windows, besides what AD supports out of
the box.

If Xsan does not support Mac OS X ACLs, then I don't see if
supporting Windows ACLs, right?

:)

Mat X
System Administrator

Anthem Visual Effects, Inc.
200 - 110 Cambie Street
Vancouver, BC V6B 2M8
Phone: 604-669-9936
Fax: 604-669-9926


On 7-Feb-06, at 9:17 AM, Jason Thorpe wrote:


On Feb 7, 2006, at 8:20 AM, mat x mauser wrote:

Hi Everyone.

I am looking at my first Windows (2003 server) integration into
Xsan using StorNext.  This specific Xsan setup is currently
running Panther 10.3.9 (client an server) and Xsan 1.1.  Besides
RTFM (the Xsan Admin 1.1 manual) and checking which version of
StorNext is compatible with Xsan, I am curious how the whole users
and privileges thing will play out.  The windows users are using
AD accounts, but the Mac ppl are using local accounts (bad, i
know!). I might switch the Mac users to OD or AD accounts and see
what happens (fun!).  Any gotchas? Or real world advice from
anyone doing this now?


1- The Mac and Windows systems will need to be bound to a common
directory system.

2- You will need to verify with ADIC StorNext's Windows<->Unix
integration support for your environment.

-- thorpej

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xsan-Users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/xsan-users/email@hidden

This email sent to email@hidden


_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xsan-Users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/xsan-users/email@hidden

This email sent to email@hidden


-- 

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Xsan-Users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/xsan-users/email@hidden

This email sent to email@hidden 

--
Mat X


http://matx.ca/
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xsan-Users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/xsan-users/email@hidden

This email sent to email@hidden

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xsan-Users mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/xsan-users/email@hidden

This email sent to email@hidden
References: 
 >Integrating Windows into Xsan (From: mat x mauser <email@hidden>)
 >Re: Integrating Windows into Xsan (From: Jason Thorpe <email@hidden>)
 >Re: Integrating Windows into Xsan (From: techtalk <email@hidden>)
 >Re: Integrating Windows into Xsan (From: Thomas Weyer <email@hidden>)
 >Re: Integrating Windows into Xsan (From: Mathieu Mauser <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.