Q

Security in NAS vs. Windows 2000

Hi Randy,

Security in NAS vs. Windows 2000. Windows 2000 uses NTFS-v5 Discretionary Access Control List (DACL) and ACE. I believe that most NAS use SAMBA and CIFS that use another file access control mechanism. They do not work well together. You will notice this by managing DACL within Windows 2000 on a file share service by a Linux server running Samba. You will be able to set-up some access rights but try to review them once setup and you will see that you have lost the information on the DACL. This is because there is a conversion during the process.

If we need the security to be maintained like in Windows 2000, what would be the NAS solution? Also, Windows 2000 in native mode uses the Keberos v-5 authentication mechanisms. If NTLM option is turn off on the Windows 2000 infrastructure, the impact will be that you can authenticate to the NAS if it is based on LAN Manager (NTLM v1).

The only vendor that I'm aware of that support mapping to the hard locks of CIFS is VERITAS with their ServPoint NAS. VERITAS has told me that they have added SAMBA extensions to allow this type of lock mapping. You should also look at using Windows Services for Unix which may be able to give he locking you desire. You can find it at: http://www.microsoft.com/windows2000/sfu/

Regarding turning off NT LANanager, here are two Microsoft articles with long answers. http://www.microsoft.com/windows2000/techinfo/howitworks/sec urity/kerberos.asp and http://www.microsoft.com/TechNet/prodtechnol/windows2000serv /maintain/opsguide/secadmog.asp

Randy Kerns
Evaluator Group, Inc.

Editor's note: Do you agree with this expert's response? If you have more to share, post it in our Storage Networking discussion forum.

This was first published in March 2002

Dig deeper on NAS management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSolidStateStorage

SearchVirtualStorage

SearchCloudStorage

SearchDisasterRecovery

SearchDataBackup

Close