Ask the Expert

Security in NAS vs. Windows 2000

Hi Randy,

Security in NAS vs. Windows 2000. Windows 2000 uses NTFS-v5 Discretionary Access Control List (DACL) and ACE. I believe that most NAS use SAMBA and CIFS that use another file access control mechanism. They do not work well together. You will notice this by managing DACL within Windows 2000 on a file share service by a Linux server running Samba. You will be able to set-up some access rights but try to review them once setup and you will see that you have lost the information on the DACL. This is because there is a conversion during the process.

If we need the security to be maintained like in Windows 2000, what would be the NAS solution? Also, Windows 2000 in native mode uses the Keberos v-5 authentication mechanisms. If NTLM option is turn off on the Windows 2000 infrastructure, the impact will be that you can authenticate to the NAS if it is based on LAN Manager (NTLM v1).

    Requires Free Membership to View

The only vendor that I'm aware of that support mapping to the hard locks of CIFS is VERITAS with their ServPoint NAS. VERITAS has told me that they have added SAMBA extensions to allow this type of lock mapping. You should also look at using Windows Services for Unix which may be able to give he locking you desire. You can find it at: http://www.microsoft.com/windows2000/sfu/

Regarding turning off NT LANanager, here are two Microsoft articles with long answers. http://www.microsoft.com/windows2000/techinfo/howitworks/sec urity/kerberos.asp and http://www.microsoft.com/TechNet/prodtechnol/windows2000serv /maintain/opsguide/secadmog.asp

Randy Kerns
Evaluator Group, Inc.

Editor's note: Do you agree with this expert's response? If you have more to share, post it in our Storage Networking discussion forum.

This was first published in March 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: