Security in NAS vs. Windows 2000. Windows 2000 uses NTFS-v5 Discretionary Access Control List (DACL) and ACE. I believe that most NAS use SAMBA and CIFS that use another file access control mechanism. They do not work well together. You will notice this by managing DACL within Windows 2000 on a file share service by a Linux server running Samba. You will be able to set-up some access rights but try to review them once setup and you will see that you have lost the information on the DACL. This is because there is a conversion during the process.
If we need the security to be maintained like in Windows 2000, what would be the NAS solution? Also, Windows 2000 in native mode uses the Keberos v-5 authentication mechanisms. If NTLM option is turn off on the Windows 2000 infrastructure, the impact will be that you can authenticate to the NAS if it is based on LAN Manager (NTLM v1).
The only vendor that I'm aware of that support mapping to the hard locks of CIFS is VERITAS with their ServPoint NAS. VERITAS has told me that they have added SAMBA extensions to allow this type of lock mapping. You should also look at using Windows Services for Unix which may be able to give he locking you desire. You can find it at: http://www.microsoft.com/windows2000/sfu/
Regarding turning off NT LANanager, here are two Microsoft articles with long answers. http://www.microsoft.com/windows2000/techinfo/howitworks/sec urity/kerberos.asp and http://www.microsoft.com/TechNet/prodtechnol/windows2000serv /maintain/opsguide/secadmog.asp
Evaluator Group, Inc.
Editor's note: Do you agree with this expert's response? If you have more to share, post it in our Storage Networking discussion forum.
Related Q&A from Randy Kerns
What is the one hidden gotcha that you'd advise users about if they were shopping for an all-flash storage array?continue reading
How much control do you have with all-flash storage arrays? How much control do you have over how arrays handle your data? Do you control the caching?continue reading
Vendors often publish numbers for 'usable' capacity versus 'effective' capacity. Can you explain this and how can you plan flash capacity needs with ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.