Directory Services
If you plan to use user and group privileges to control access to files and folders on
the SAN, you should set up or join a central directory of users and groups. A central
directory service lets you manage all SAN users and groups from one computer
instead of having to visit and painstakingly configure each SAN client and metadata
controller.
If directory service is provided by an Open Directory server, you can have the setup
assistant configure each metadata controller and client computer with Xsan 2 to use
existing user and group accounts from the Open Directory server.
If you have another type of directory service, such as Active Directory, you configure
each controller and client to connect to it for user and group accounts by using the
Directory Utility application (for Mac OS X v10.5) or System Preferences > Accounts >
Login Options (for Mac OS X v10.6) after initial setup.
If your SAN doesn’t have access to an existing directory service, you can specify during
initial setup of your Xsan primary metadata controller that you want to use Xsan
Admin to manage users and groups. The setup assistant creates an Open Directory
master server on your primary metadata controller and sets up Open Directory replica
servers on standby metadata controllers.
The Open Directory master provides an LDAP directory, single sign-on user
authentication using Kerberos, and password validation using common authentication
methods. The replicas improve responsiveness and provide automatic failover of Open
Directory services.
The setup assistant also configures client computers that have Xsan 2 installed to
connect to your Xsan primary metadata controller for Open Directory user and
group accounts.
If you must set up an Open Directory server, use Mac OS X Server’s Server Admin
application. Then use the Workgroup Manager application to manage users and
groups. For information, see Open Directory Administration and User Management at
www.apple.com/server/resources/.
Note: Some applications running on SAN client computers, such as Final Cut Pro,
work better when users have local home folders, not network home folders. User
accounts that you manage with Xsan Admin are set up with local home folders.
For help setting up local home folders for user accounts that you don’t manage with
Xsan Admin, see “Creating Local Home Folders for Network Accounts” on page 83.
If you decide not to use a central directory service, you must set up the same users
and groups in the Accounts pane of System Preferences on each SAN computer.
24
Chapter 2
Planning a Storage Area Network
Chapter 2
Planning a Storage Area Network
25
Important:
If you create users and groups on each SAN computer, be sure that:
Each user or group has a numeric user ID (UID) or group ID (GID) that is unique
Â
throughout the SAN
Each user or group defined on more than one computer has the same UID or GID
Â
on each computer