The purpose of this document is to instruct the user on how to configure mixed mode for CloudFS. Follow the steps outlined in this document in sequential order unless otherwise noted.
CloudFS NFS/SMB Mixed Mode Details
There are two new configuration variables needed for mixed mode configuration:
- Mapping Type
- Currently two choices: hash and auto-rid
- ID Mapping Range
- Integer range (1-2147483648), system-wide
The mapping algorithm is a system-wide parameter and is used to select which mechanism to map Windows SIDs to and from Unix UID/GID entries. The current mechanism is called “hash” and is the default selection. For mixed mode, use “autorid” for the mechanism.
To support existing installs that do not intend to use mixed mode, Panzura suggests using “hash” as the default selection. Changing this parameter after the system has been in use may cause file access permission issues. Panzura recommends modification at the time of initial install only.
ID Mapping Range
The mapping range is a system-wide parameter used to assign a UID/GID number for each SID that is presented to the system. Each SID represents a single security principle, such as a user or built-in system services. Each SID is mapped to a single number using the mapping algorithm, so the range must be large enough to accommodate the number of users it is expected to serve.
Warning: Changing this value after the initial configuration may cause users to lose ownership of their files. This value is not editable for the hash mapping type.
For mixed mode, you must reserve some of the range for NFS clients that have UID’s that are local to the client machine. The NFS clients and CloudFS must share the same range and the same mapping algorithm in order for the IDs to be mapped properly across systems. Therefore, you must reserve some amount of space for well-known IDs and local security principles. Since it is not possible to determine this automatically, the system administrator must have the means to block off a range of IDs to be reserved for the clients. Most unix systems begin to allocate local IDs at roughly #1000; however, this is system dependent. A range of (20000-24999999) may be a reasonable default, but this should be adjustable to accommodate individual customer environments.
To configure mixed mode properly, it is necessary that all NFS clients use Active directory for ID services. It is not necessary to enable LDAP or RFC2307 directory services.
You must also configure NFS clients using winbind, and use the same mapping type and range as configured in CloudFS. This ensures that the mapping representing a user login is constant between both NFS and SMB clients. Additionally, this ensures that file ownership and file permissions are correct and constant.
Kerberos authentication/encryption is not required. NFSv4 is not required, but is necessary for NFS clients that wish to display or modify ACLS.
Configuring Mixed Mode For Filer
- From the Filer Configuration screen, select SMB/NFS Mixed Mode from the navigation menu on the left side of the screen.
- Select Auto-rid from the Mapping Type drop-down menu.
- You may enter desired values in the Start and End fields, or leave the default values as displayed on the screen.
- Click Save to apply the changes.
- Select SMB Settings from the navigation menu on the left side of the screen.
- Add an SMB share by entering your desired information in the following sections:
- Share Name
- Share Target Path
- Use Network (on/off toggle)
- Root Access
Note: For information on using NFS Mixed Mode with SSSD, click here.
Note: For information on troubleshooting CloudFS Mixed Mode issues, click here.