Configure Enhanced Local NAS Authentication
Beginning with Appliance Controller 4.0, local authentication uses ldap with Samba extension (localsam). This new schema allows you to manage a local group and to access the share permission command set.
Note: If you upgrade to Appliance Controller 4.0 (or later), then your system retains the legacy local authentication format (see Configure Legacy Local NAS Authentication), but you can use the auth local convert command. If you perform a fresh installation of Appliance Controller 4.0 (or later), then your system automatically uses the localsam format.
Note: For a list of all the Appliance Controller commands, see the Command Index.
Step 1: Configure Local NAS Authentication
- Log in to the Appliance Controller CLI.
- At the prompt, enter the following:
auth config local [WORKGROUP]
Example:
>
auth config localApplying local configuration settings ...
Successfully configured local authentication
The optional parameter is:
<WORKGROUP>Workgroup name for local authentication to allow access to NAS shares.
Configure local authentication using a workgroup
Here's how to determine the workgroup, and configure it with local NAS authentication.
- Log in to the Appliance Controller CLI.
- To determine if a workgroup name has been assigned, enter:
- Enter the following (where TEST is the workgroup name we will assign to use for local authentication):
- Show the new workgroup in place. Enter:
> auth show config detail
Output:
Status: OK
Type: localsam
Domain: localdomain
URL: ldaps://127.0.0.1:636
DC: dc=localdomain
CN: cn=Manager,dc=localdomain
Workgroup: WORKGROUP
Netbios Name: VSOP-NAS01
All ID Map Range: 10-2147483647
In this case, we see that the default workgroup of WORKGROUP (in green) is currently in use, meaning that we can apply a new workgroup name, and configure it for local authentication.
> auth config local TESTAuth-configuration starting ... Applying local configuration settings ... Checking SMB interface list: lo 10.65.181.156 Checking SMB interface 'eth0:10.65.181.156' status ... Successfully configured local directory services authentication
> auth show config detail
Output:
Status: OK
Type: localsam
Domain: localdomain
URL: ldaps://127.0.0.1:636
DC: dc=localdomain
CN: cn=Manager,dc=localdomain
Workgroup: TEST
Netbios Name: VSOP-NAS01
All ID Map Range: 10-2147483647
Notice that the TEST workgroup (in green) has been assigned to be used for local authentication.
Step 2: Add a Local User
- Log in to the Appliance Controller CLI.
- At the prompt. enter the following:
auth add local user <username> [<UID> <GID>]
The parameters are:
<username>User for whom to allow access to NAS shares.
[<UID> <GID>](Optional) Specify a UID and GID for the newly created user.
- At the prompt, enter the user’s password, and re-enter it for verification at the following prompt.
Example:
> auth add local user sally
Please enter a password for the new user
Re-enter the password
Waiting for 'sally' to be added ...
User 'sally' has been added, restarting security services ...
Added user sally
Step 3: Change a Local User's Password
- Log in to the Appliance Controller CLI.
- At the prompt, enter the following:
auth change local password <username>
The parameter is:
<username>User for which to change the password.
- At the prompt, enter the user’s new password, and re-enter it for verification at the following prompt.
Example:
> auth change local password sally
Please enter the new password
Re-enter the password
Modified password for user sally
Step 4: Delete a Local User
- Log in to the Appliance Controller CLI.
- At the prompt, enter the following:
auth delete local user <username>
The parameter is:
<username>User to delete.
- At the prompt, enter Yes to confirm the deletion.
Example:
> auth delete local user sally
Are you sure you want to delete the user sally (Yes/no)?Yes
Deleted user sally
Step 5: Create a Local Group
- Log in to the Appliance Controller CLI.
- At the prompt, enter the following:
auth add local group <groupname> [<gid>]
The parameters are:
<groupname>The local group for whom to allow access to NAS shares.
<gid>(Optional) Specify a GID for the local group.
Example:
> auth add local group group1
Group 'group1' has been added, database backup completed ...
Added group group1
Step 6: Add Members to a Local Group
- Log in to the Appliance Controller CLI.
- At the prompt, enter the following:
auth add local members <username1,...> groupname
The parameters are:
<username1>User for whom to allow access to NAS shares.
<groupname>The local group for whom to add members to.
Example:
> auth add local members sally group1
Members has been added to 'group1', database backup completed ...
Added member(s) to the group group1
Step 7: Delete Members from a Local Group
- Log in to the Appliance Controller CLI.
- At the prompt, enter the following:
auth delete local members <username1,...> groupname
The parameters are:
<username1>User for whom to remove access to NAS shares.
<groupname>The local group for whom to remove members from.
Example:
> auth delete local members sally group1
Are you sure you want to delete member(s) from the group 'group1' (yes/No)? yes
Members has been removed from 'group1', database backup completed ...
Deleted member(s) from the group group1
Step 8: Delete a Local Group
- Log in to the Appliance Controller CLI.
- At the prompt, enter the following:
auth delete local group <groupname> [recursive]
The parameters are:
<groupname>The local group for whom to remove access to NAS shares.
[recursive](Optional) Use recursion during the execution of the command.
Example:
> auth delete local group group1
Are you sure you want to delete the group 'group1' (yes/No)? yes
Group 'group1' has been removed, database backup completed ...
Deleted group group1
