Sun Storage 7310 Unified Storage System
 
Sun Storage 7410 Unified Storage System
 
Sun ZFS Storage 7120
 
Sun ZFS Storage 7420
 
Sun ZFS Storage 7320
 
Sun Storage 7110 Unified Storage System
 
Sun Storage 7210 Unified Storage System
 

PLA-Support>Sun Systems>DISK>ZFS Storage>SN-DK: 7xxx NAS
 
_Old GCS Categories>Sun Microsystems>Storage - Disk>Unified Storage
 

In this Document

Goal

Solution

Configuration / Services / DNS :

Configuration / Services / SMB :

Configuration / Services / NTP

Configuration / Services / Active Directory / Join Domain

References

Created from <SR 3-3740498461>

Applies to:

Goal

This document describes the required and optional settings used to configure the ZFS Storage Appliance for use with Active Directory.

Solution

The following settings should be configured for integration with Active Directory. The order is not important, except that the Active Directory domain and credentials should not be entered until all other necessary settings have been configured. Either the BUI or command line administration interface can be used to configure these settings:

Configuration / Services / DNS :

DNS Domain: Fully qualified domain name. This will usually, but not always match the AD domain.

DNS Servers: Add individual DNS servers. These servers will need to be able to look up the AD Domain Controllers by their SRV records. See <Document 1402003.1> for more information. Note that if the first server is responding to DNS requests, the secondary and other servers are not used, even in the event of a failed lookup.

Configuration / Services / SMB :

(Also listed as Configuration / Services / CIFS on obsolete software versions)

Active Directory Site: An Active Directory Site is configured on the Domain controller with the Active Directory Sites and Services plug-in. It is used for distributed organizations to group domain controllers by location or purpose. Each of these groups is named, and servers are manually moved into them. Refer to the Windows Server documentation for more information. This setting is optional. If an invalid site configured, this setting will have no effect.

Preferred Domain Controller: This setting specifies a preferred Domain Controller to use for Active Directory services. If used, the server should be specified by IP address. When this setting is present, the appliance will attempt to connect to this server to join the AD Domain. If unsuccessful for any reason, it will perform the standard DNS query for a Domain Controller. Note that this setting does not remove the requirements for the DNS SRV records as noted above. The Active Directory Site setting should be configured instead of this setting if possible.

Lan Manager Compatibility Level: For most installations, this can be left at the default of "4". "5" can be set without issue for any domain controller running at least Windows Server 2008. For detailed information on these settings, and the accompanying AD server-side settings, see <Document:1402208.1>.

SMB Signing Enabled / SMB Signing Required:  These settings control SMB signing. SMB Signing improves SMB security by signing each packet, at the cost of performance. If the SMB Signing Enabled checkbox is checked, the appliance will use signing when required by the client or server. If the SMB Signing Required checkbox is checked, the appliance will refuse to communicate with systems that are not configured to use signing. For more information, including details on how to configure/unconfigure this on the Windows side, see MSKB document #887429.

Configuration / Services / NTP

Server Settings:  If NTP is configured on the network, enter the server IP and authorization keys if applicable. See MSKB Document #816042 for details on how to configure NTP on a Windows Server. Active Directory will not tolerate a time difference of more than five minutes (by default). It is strongly recommended that NTP is used to keep the server time of the ZFSSA synchronized with the AD servers.

Clock:  If NTP is not available, determine the current time of the Domain Controller(s), and manually set the time of the system being used for administration to this time. Click the "sync" button in the BUI to set the server time to match the administration workstation time. Note that this is a one-time setting, and if either the ZFSSA clock or the Domain Controller clocks drift out of sync Active Directory connectivity may be lostIt is

 

It is strongly recommended to use NTP to keep clocks synchronized in an AD environment.

 

Configuration / Services / Active Directory / Join Domain

Active Directory Domain:  The fully qualified name of the AD Domain to which the ZFSSA is being joined.

Administrative User:  An Active Directory account with privileges to join the appliance to the AD Domain. See <Document 1402173.1> for specifics on the required privileges.

Administrative Password:  Password for the above user account.

Organizational Unit:  This is used to change the default location of the computer account(s) for the ZFSSA. The default location is CN=Computers at the root of the domain.

Use Pre-created account:  This is used if the customer wishes to create their own computer accounts instead of allowing the domain join process to create them. Can be used in conjunction with the above setting.

Back to <Document 1402353.1> Sun Storage 7000 Unified Storage System: How to Troubleshoot Active Directory Issues.

References

This solution has no attachment