Table 5-1 outlines tools and tips for different the management areas associated with NSS AD Support.
Table 5-1 Managing NSS AD Support
Subject |
Tools and Tips |
---|---|
AD Administrator Supervision of AD-enabled Volumes: |
|
Consolidate Storage to NSS |
|
Mass ACL Assignment |
|
Move and Split AD-enabled Volumes |
|
NSS |
|
Quotas |
For AD Users and Groups
For eDirectory Users and Groups
|
AD User Access |
Single Forest Environment To restrict NSS resource access for Active Directory users and groups in a single AD forest environment:
Only the members of this group will have NSS resource access based on their trustees assignments. If this group does not exist, all Active Directory users and groups in the forest can access the NSS resources based on their trustee assignments. Only one OESAccessGrp universal group can be created for an AD forest. Multi-Forest Environment To allow NSS resource access for Active Directory users and groups in Multi-forest environment:
Only the members of this group (OES forest and across forest) has access to NSS resources based on their trustees assignments. In absence of this group, the AD users across the forest cannot access the NSS resources. NOTE:If both OESAccessGrp and DLOESAccessGrp groups are present in the AD domain, the DLOESAccessGrp takes priority for that domain. Therefore, only the members of DLOESAccessGrp group has access to NSS resources based on their trustees assignments. |
Trustee Rights on AD-enabled NSS Volumes |
For AD Users and Groups
For eDirectory Users and Groups
For information, see |
UIDs for Linux Access |
|
Users and Groups |
AD Users and Groups
eDirectory Users and Groups
|