If the workspace in which an Apsara File Storage NAS (NAS) file system is created is an Active Directory (AD) workspace and the NAS file system has the Server Message Block (SMB) access control list (ACL) feature enabled, you can attach the mount target of the NAS file system to the AD domain to authenticate user identities and perform file-level access control as an AD domain user. This topic describes how to configure access control rules and how to attach the mount target of a NAS file system that has the SMB ACL feature enabled to an AD domain.
Prerequisites
Background information
Before you mount and use a NAS SMB file system as a user of a specific AD domain,
you must attach the mount target of the NAS file system that has the SMB ACL feature
enabled to the AD domain. To attach the mount target to an AD domain, perform the
following operations:
- Register the domain name of the mount target of the NAS file system within the AD domain.
- Create and upload a keytab file.
Procedure
- Log on to the EDS console.
- In the top navigation bar, select a region.
- In the left-side navigation pane, choose .
- On the Shared Storage NAS page, find the NAS file system for which you want to configure access control policies and click Access control in the Actions column.
- On the Access Control page, complete the configurations.
What to do next
Perform the following operations based on the operating system of your cloud desktop:
- For Windows cloud desktops, NAS file systems can be automatically mounted by domain users. After you configure access control rules, no further actions are required.
- For Linux cloud desktops, NAS file systems can only be anonymously mounted when the file systems are automatically mounted. After you configure access control rules, you must manually mount NAS file systems to the cloud desktop as a domain user. For more information, see Mount a NAS file system on a Linux cloud desktop.