Join your file gateway to an Active Directory (AD) domain so that domain users can access Server Message Block (SMB) shares with their AD credentials.
Prerequisites
-
You have a file gateway with an added cache disk. For instructions, see Manage file gateways and Add a cache disk.
-
You have an SMB share for the gateway. For instructions, see Create a share.
-
You have a configured AD server. For instructions, see Set up an AD domain on a Windows instance.
You can authenticate using either AD domain users or local users, but not simultaneously. When you join or leave an AD domain, all existing user permissions for the Common Internet File System (CIFS) share are automatically deleted.
Join a file gateway to an AD domain
-
Select an AD server that is in the same VPC as your file gateway.
-
Configure the security group for the ECS instance that hosts your AD server. Add and configure inbound rules as follows: set the authorization policy to Allow, the priority to
1, and the source to the IP address of your Cloud Storage Gateway, for example,172.16.0.155. The rules must allow access over both TCP and UDP for the following AD-related ports:389(LDAP),445(SMB),88(Kerberos), and53(DNS). This requires a total of eight rules. -
Keep your existing DNS server configuration, and add the IP address of your AD server as the first entry in the list of DNS servers. For instructions, see Configure DNS.
-
Join the file gateway to the AD domain. For instructions, see Join an AD domain.