Adding a user or group to a CIFS audit share

You can add a user or group to a CIFS audit share that is integrated with AD authentication.

Before you begin

About this task

The following procedure is for an audit share integrated with AD authentication.

Steps

  1. From the service laptop, log in to the primary Admin Node:
    1. Enter the following command: ssh admin@primary_Admin_Node_IP
    2. Enter the password listed in the Passwords.txt file.
    3. Enter the following command to switch to root: su -
    4. Enter the password listed in the Passwords.txt file.
      When you are logged in as root, the prompt changes from $ to #.
  2. Confirm that all services have a state of Running or Verified. Enter: storagegrid-status
    If all services are not Running or Verified, resolve issues before continuing.
  3. Return to the command line, press Ctrl+C.
  4. Start the CIFS configuration utility: config_cifs.rb
    ---------------------------------------------------------------------
    | Shares                 | Authentication         | Config          |
    ---------------------------------------------------------------------
    | add-audit-share        | set-authentication     | validate-config |
    | enable-disable-share   | set-netbios-name       | help            |
    | add-user-to-share      | join-domain            | exit            |
    | remove-user-from-share | add-password-server    |                 |
    | modify-group           | remove-password-server |                 |
    |                        | add-wins-server        |                 |
    |                        | remove-wins-server     |                 |
    ---------------------------------------------------------------------
  5. Start adding a user or group: add-user-to-share
    A numbered list of audit shares that have been configured is displayed.
  6. When prompted, enter the number for the audit share (audit-export): audit_share_number
    You are asked if you would like to give a user or a group access to this audit share.
  7. When prompted, add a user or group: user or group
  8. When prompted for the user or group name for this AD audit share, enter the name.
    The user or group is added as read-only for the audit share both in the server’s operating system and in the CIFS service. The Samba configuration is reloaded to enable the user or group to access the audit client share.
  9. When prompted, press Enter.
    The CIFS configuration utility is displayed.
  10. Repeat steps 5 to 8 for each user or group that has access to the audit share.
  11. Optionally, verify your configuration: validate-config
    The services are checked and displayed. You can safely ignore the following messages:
    • Can't find include file /etc/samba/includes/cifs-interfaces.inc
    • Can't find include file /etc/samba/includes/cifs-filesystem.inc
    • Can't find include file /etc/samba/includes/cifs-custom-config.inc
    • Can't find include file /etc/samba/includes/cifs-shares.inc
    1. When prompted, press Enter to display the audit client configuration.
    2. When prompted, press Enter.
  12. Close the CIFS configuration utility: exit
  13. Determine if you need to enable additional audit shares, as follows:
    • If the StorageGRID Webscale deployment is a single site, go to step 14.
    • If the StorageGRID Webscale deployment includes Admin Nodes at other sites, enable these audit shares as required:
    1. Remotely log in to a site’s Admin Node:
      1. Enter the following command: ssh admin@grid_node_IP
      2. Enter the password listed in the Passwords.txt file.
      3. Enter the following command to switch to root: su -
      4. Enter the password listed in the Passwords.txt file.
    2. Repeat steps 4 through 12 to configure the audit shares for each Admin Node.
    3. Close the remote secure shell login to the remote Admin Node: exit
  14. Log out of the command shell: exit