Active Directory is a very popular way to get the Shares protected by forcing username and password to mount or access the shares. It is a 2 step process, first it connects and then sync's the users and groups locally so you can see them in the Users and Groups access page for each share. You can then assign User and Group RW or Read Only access to each share. File and Folder level ACLs are not handled in the NX2 or ZX product and require a Mac or Windows machine to manipulate. If you are having File or folder permission problems see NX2/ZX File and Folder Permissions
Joining
Set DNS to the AD controller’s IP, add multiple AD controller IPs with a semicolon (System Settings -> Network)
Set NTP to the AD controllers IP, and set Time Zone appropriately (System Settings -> Setting)
Join the AD Realm that the IT team gives you. You need to get the name from your IT team as Scale Logic has no idea what the name would be for your environment. Ensure the admin user they use must have 2 privileges, Join a computer object to the domain, and Synchronize users
Scale Logic has “Scan trusted domains = no” so we will NOT hop and sync users from trusted domains
Sync happens every 2 hours to see new or deleted users and groups in the domain
You can also force a sync to see a new user or group faster than 2 hours or have it “house clean” and remove deleted users and groups from share definitions
In failover HA on the ZX, you have to join AD on both nodes. Usually, you will do this BEFORE joining HA
Troubleshooting
Well, AD was connected and syncing ok but now it isn't and your users can't mount any shares...
- Use the CTRL-ALT-T from the console and enter the ping menu. Test Pinging both IP and domain names to ensure DNS is set correctly. Use normal network troubleshooting to ensure you don't have a network issue.
- Check the time on NX2 /ZX and make sure it isn't off from the Domain controller. A time drift of 5 minutes will disconnect it
- Ensure the password hasn't changed for the account used to join and sync. Often it is a password policy that passwords must change every so often. Check and retest the new password.
- If it is "Connected" and green in the GUI but not Synchronized try a manual sync
- Disconnect completely and try the connection again from a clean perspective.
- Reboot nodes and try again
- Download logs and check for specific errors in the kernel and sys logs
AD is connected but orange in color instead of green as it should be. (Versions - up29r3 and above)
- Get a valid /inspect file in case you need to manual recreate the share-level definitions. You can do this by just downloading a new set of logs. (How to download NX2/ZX logs)
- Save CURRENT settings, it will contain all user/group definitions. Save a copy for safe keeping off the system. Navigate to "System Settings > Settings management) and click "Save current settings" than click "Options" next to the newly saved settings and choose "Download" to save it to the desktop.
- Disconnect AD, should take 1-5 minutes.
- Re-join AD, select "Scan Single Domain". Should take 1-5 minutes
- Restore the CURRENT settings back - takes very little time
- Reboot the node.
- Check the share-level definitions, they should be back after the settings restored and reboot.