Network and Storage Protocols

Active Directory Authentication

NLEONARDO

Hi,

I'm working in this costumer scenario:

One central Site with an Activer Directory Structure and 9 remote sites. For this remote Sites costumer need's File & Print Share services.

I'm thinking to propose a NAS system (FAS2000), but only if i not need a additional server.

My question is, if I lose connection to my central site (Active Directory Structure) can I still access to my local NAS System (FAS2000).

Thanks

NL

6 REPLIES 6

kodavali

in 8.2 we have local users and groups. Probably you can use that remote office scenario.

danielpr

When AD is down then your CIFS session for shares will fail. However you can still access the Filer management/console using the local user account (root).

Thanks;

Daniel

BrendonHiggins

My understanding is that the filer requires connection to AD so that it can authenticate user requests.  So when you lose the WAN and therefor AD you lose CIFS on the filer but cached {already logged on} will be OK for a short time.

You could work around the issue with an DC on the remote site depenant on how many users this may be the way forward anyway.  You could also look at standby dial on demand links but these could become swamped if you do not have the routing/QoS correct.

You also have the option of workgroup security on the filer but this will water down security and add to management.

Bren

NLEONARDO

First of all, thanks for your quick support.

My costumer don't need much disk space. But he need's a way to transfer data from remote sites to the central site. So, i was thinking that instead of traditional servers, why not use NAS system's and than de-duplicate to the central site.

Is there any way to import (or map) local users with active directory users? It's importante, that If connection to central site fail's, users still have access to they files.

Thanks

NL

chriskranz

Simply put, yes you can. But possibly not easy to manage.

You can use pass-through authentication. Basically if a username and password are the same, then Windows will allow the authentication, even if the domains are different. So if you have a local user that is identical to a domain user, the user will be able to authenticate to either. As you can imagine, this may become a nightmare to manage.

Have you thought about WAN accelerators or WAFS devices on the remote sites to bring the central system closer?

BrendonHiggins
Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public