Apply AD Authentication To NAS

You can apply your environment's existing Microsoft Active Directory (AD) authentication services to StorNext NAS. Through this authentication configuration, clients can access NAS shares only if they are authenticated by the AD server.

In addition, you can authenticate user connections through AD by mapping a specific UID or GID to an AD user or group.

Additional Considerations

  • StorNext NAS supports Access Control Lists (ACLs) when the NAS server is bound to an AD server. You do not need to take any additional steps within the NAS controller for full ACL support.

  • If your environment consists of a large AD network, we recommend adding the StorNext NAS System object to the AD server and allowing for replication to complete before configuring AD authentication for your StorNext NAS System.

Important

If you have configured Active Directory (AD) or OpenLDAP to authenticate users accessing your NAS cluster, you must add your NAS VIP to the same DNS as your AD or OpenLDAP server. Otherwise, users authenticated through AD or OpenLDAP are unable to access the NAS shares through the NAS cluster.

About ID Mapping

An ID map is used to map UNIX IDs from AD user accounts. When configuring your StorNext NAS System to use AD, you can use the following ID map options.

Important

If you change from your current mapping configuration to a new mapping configuration, you will also need to manually reconcile the mapping to any existing files within StorNext that users accessed under the original mapping. Otherwise, users may not be able to access these files.