Nas backup - Create a NAS role and user on Isilon with required permissions using CLI
Overview
The objective is to create a NAS role and user with required permissions using CLI.
Procedure title
NOTE: User name ‘nas-phoenix’ and role name ‘namespace’ are user-defined and can be set as needed.
Below are the steps to create a new role and user for NAS backups with Phoenix:
- Establish an SSH connection to any node in the Isilon cluster.
- OPTIONAL – If a local user is needed then the following syntax can be used. Please be advised that a local user generally will not have access to the shares and a separate credential will need to be used to access the data.
isi auth users create nas-phoenix --enabled True --set-password
- Create the “namespace” role in the system access zone with the required privileges by typing:
(NOTE: namespace role name is user-defined and can be set as needed.)
isi auth roles create namespace
isi auth roles modify namespace --add-priv ISI_PRIV_LOGIN_PAPI
isi auth roles modify namespace --add-priv ISI_PRIV_ROLE
isi auth roles modify namespace --add-priv ISI_PRIV_NS_TRAVERSE
isi auth roles modify namespace --add-priv ISI_PRIV_NS_IFS_ACCESS
isi auth roles modify namespace --add-priv ISI_PRIV_NFS
isi auth roles modify namespace --add-priv ISI_PRIV_SMB
isi auth roles modify namespace --add-priv ISI_PRIV_SNAPSHOT
isi auth roles modify namespace --add-priv ISI_PRIV_JOB_ENGINE - Add the user to the newly created role:
(NOTE: username ‘nas-phoenix’ name is user-defined and can be set as needed, and can use a domain account like Domain\user_name or user_name@domain.com)- Local
isi auth roles modify namespace --add-user nas-phoenix
- Domain
isi auth roles modify namespace --add-user Domain\user_name
- Local
- Check the available zones on the device by running the following command. :
isi zone zones list
- If additional zones are present besides ‘System” then repeat the steps below for each access zone that is to be protected. It is normal practice that additional zones are present.
(NOTE: The ‘namespace’ role name, user name ‘nas-phoenix’ should match what was used above. The ‘zone_name’ should be replaced for each zone needing to be protected)
isi auth roles create namespace –zone zone_name
isi auth roles modify namespace --add-priv ISI_PRIV_LOGIN_PAPI –zone zone_name
isi auth roles modify namespace --add-priv ISI_PRIV_ROLE –zone zone_name
isi auth roles modify namespace --add-priv ISI_PRIV_NS_TRAVERSE –zone zone_name
isi auth roles modify namespace --add-priv ISI_PRIV_NS_IFS_ACCESS –zone zone_name
isi auth roles modify namespace --add-priv ISI_PRIV_NFS –zone zone_name
isi auth roles modify namespace --add-priv ISI_PRIV_SMB –zone zone_name
isi auth roles modify namespace --add-user nas-phoenix –zone zone_name
(Where nas-phoenix is the user intended to protect the device data.)