1.1 Understanding What Changed to Enable NSS AD Support in OES

1.1.1 OES CIFS Access Changes

Figure 1-1 OES CIFS Access Changes in OES

Table 1-1 Summary of CIFS Access Changes

CIFS Access Component

OES 11 SP2 and Earlier

OES 2015 and Later

Users

eDirectory users access NSS using their eDirectory credentials.

eDirectory and Active Directory users can access NSS using their eDirectory and Active Directory credentials, respectively.

Workstations

Windows, Linux and Macintosh are supported.

No changes in platform support.

Authentication

Only eDirectory is supported as an identity source.

All file service access is controlled by eDirectory authentication through NMAS.

Both eDirectory and Active Directory are supported as identity sources.

For eDirectory users, NMAS authentication is still used.

For Active Directory users, CIFS interacts with Active Directory and the Kerberos service is used to authenticate the Active Directory users.

File Service

CIFS is among the many file services offered, which also include AFP, NetStorage, NCP, and FTP.

CIFS offers support for Active Directory users.

Beginning with OES 2015 SP1, FTP offers support for Active directory users.

No other file services are enabled for AD user access at this point.

Authorization

Authorization to access NSS is handled by CIFS working in cooperation with NSS.

Authorization to access NSS through CIFS is handled by NSS alone. This increases both the efficiency and the reliability of the authorization process.

1.1.2 OES Service Changes For NSS AD

Table 1-2 OES Service Changes

Service

OES Changes and Information

OES CIFS

You can grant AD users native CIFS access to NSS volumes with OES trustee model.

  • Active Directory and eDirectory users can perform salvage and purge operation on Windows through NFARM (OES File Access Rights Management) utility.

  • AD users can access NSS resources in a multi-forest environment.

  • Beginning with OES 2018, Active Directory and eDirectory users can perform salvage and purge operation on Mac using NFARM (OES File Access Rights Management).

OES Cluster Services (NCS)

Cluster resources can now join to AD domains.

Distributed File Services (DFS)

DFS is supported in NSS AD environment.

Dynamic Storage Technology (DST)

DST is supported in NSS AD environment.

FTP Server

FTP server is supported in NSS AD environment.

Novell Identity Translator (NIT)

NIT lets you ensure that eDirectory and AD users requiring NSS authorization have the required UIDs. It supports AD users in multi-forest environment.

NSS (Storage Services)

AD users can now access NSS through CIFS.

Storage Management Services (SMS)

SMS now supports backing up AD trustee information in NSS AD environment.

NSS Auditing Client Logger (VLOG)

Audit all file operations for AD users.

VLOG is enhanced to filter based on user names and application names.

1.1.3 Multi-Forest Support for AD Users

Beginning with OES 2015 SP1, multi-forest support allows access to NSS resources from Active Directory users belonging to AD forests having bi-directional trust with OES joined forest or AD domains having bi-directional external trust with OES joined forest.

The following OES components supports multi-forest for AD users: NSS, CIFS, DFS, DST, Migration Tool, NIT, SMS, and VLOG.

1.1.4 Utility and Management Tool Changes

Table 1-3 OES Utility Changes

Utility

Changes and Information

NFARM

Beginning with OES 2018, Active Directory and eDirectory users can perform salvage and purge operation on Mac.

For more information, see NFARM Installer for Mac in the OES 2018 SP2: NSS File System Administration Guide for Linux.

nsscon

Options are added to update the SEV interval for AD users. Also, provided options to force update the SEV interval for AD users and for a single AD user.

For more information, see Security Equivalence Vector Update Commands in the OES 2018 SP2: NSS File System Administration Guide for Linux.