Skip to main content


 

 

How can we help you?

 

 
Druva Documentation

Nas backup - Create a NAS role and user on Isilon with required permissions using CLI

Heads up!

We've transitioned to a new documentation portal to serve you better. Access the latest content by clicking here.

 

Overview

The objective is to create a NAS role and user with required permissions using CLI.

Procedure title

NOTE: User name ‘nas-phoenix’ and role name ‘namespace’ are user-defined and can be set as needed.

Below are the steps to create a new role and user for NAS backups with Phoenix:

  1. Establish an SSH connection to any node in the Isilon cluster.
  2. OPTIONAL – If a local user is needed then the following syntax can be used.  Please be advised that a local user generally will not have access to the shares and a separate credential will need to be used to access the data.
    isi auth users create nas-phoenix --enabled True --set-password
  3. Create the “namespace” role in the system access zone with the required privileges by typing:
    (NOTE: namespace role name is user-defined and can be set as needed.)
    isi auth roles create namespace
    isi auth roles modify namespace --add-priv ISI_PRIV_LOGIN_PAPI
    isi auth roles modify namespace --add-priv ISI_PRIV_ROLE
    isi auth roles modify namespace --add-priv ISI_PRIV_NS_TRAVERSE
    isi auth roles modify namespace --add-priv ISI_PRIV_NS_IFS_ACCESS
    isi auth roles modify namespace --add-priv ISI_PRIV_NFS
    isi auth roles modify namespace --add-priv ISI_PRIV_SMB
    isi auth roles modify namespace --add-priv ISI_PRIV_SNAPSHOT
    isi auth roles modify namespace --add-priv ISI_PRIV_JOB_ENGINE
  4. Add the user to the newly created role:
    (NOTE: username ‘nas-phoenix’ name is user-defined and can be set as needed, and can use a domain account like Domain\user_name or user_name@domain.com)
    1. Local
      isi auth roles modify namespace --add-user nas-phoenix
    2. Domain
      isi auth roles modify namespace --add-user Domain\user_name
  5. Check the available zones on the device by running the following command.  :
    isi zone zones list
  6. If additional zones are present besides ‘System” then repeat the steps below for each access zone that is to be protected. It is normal practice that additional zones are present.
    (NOTE: The ‘namespace’ role name, user name ‘nas-phoenix’ should match what was used above. The ‘zone_name’ should be replaced for each zone needing to be protected)
    isi auth roles create namespace –zone zone_name
    isi auth roles modify namespace --add-priv ISI_PRIV_LOGIN_PAPI –zone zone_name
    isi auth roles modify namespace --add-priv ISI_PRIV_ROLE –zone zone_name
    isi auth roles modify namespace --add-priv ISI_PRIV_NS_TRAVERSE –zone zone_name
    isi auth roles modify namespace --add-priv ISI_PRIV_NS_IFS_ACCESS –zone zone_name
    isi auth roles modify namespace --add-priv ISI_PRIV_NFS –zone zone_name
    isi auth roles modify namespace --add-priv ISI_PRIV_SMB –zone zone_name
    isi auth roles modify namespace --add-user nas-phoenix –zone zone_name

    (Where nas-phoenix is the user intended to protect the device data.)
  • Was this article helpful?