CN105657026A - Method for realizing cross-domain work of NAS (network attached storage) server - Google Patents
Method for realizing cross-domain work of NAS (network attached storage) server Download PDFInfo
- Publication number
- CN105657026A CN105657026A CN201610054038.6A CN201610054038A CN105657026A CN 105657026 A CN105657026 A CN 105657026A CN 201610054038 A CN201610054038 A CN 201610054038A CN 105657026 A CN105657026 A CN 105657026A
- Authority
- CN
- China
- Prior art keywords
- domain
- territory
- certification
- authentication
- nas server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 19
- 241001362551 Samba Species 0.000 claims description 12
- 238000005516 engineering process Methods 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 210000004556 brain Anatomy 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 150000002170 ethers Chemical class 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses a method for realizing cross-domain work of an NAS (network attached storage) server, belonging to NAS servers and solving the technical problem of how to realize that the NAS server is in Windows? Domain sum? NIS? A hybrid domain of domains works across domains. The technical scheme is as follows: a method for realizing NAS server cross-domain work, the user of the mixed domain puts forward the login request to NAS server, after NAS server receives the login request, the corresponding domain controller in the mixed domain authenticates, utilize PAM mechanism as the basis of the authentication of the network service program, the authentication of each service program is controlled by Linux operating system, the authentication of the service program is authenticated according to the order of local authentication, Windows domain authentication, NIS domain authentication successively, if a certain authentication succeeds, then return to succeed; if none of the authentications are successful, returning to fail; after the authentication is passed, the user logs in the NAS server and performs data access.
Description
Technical field
The present invention relates to a kind of nas server, a kind of specifically method realizing the cross-domain work of nas server.
Background technology
NAS (NetworkAttachedStorage: network attached storage) is a kind of is data center large-scale, centralized management by distribution, independent Data Integration, in order to the technology that different main frames and application server are conducted interviews. NAS is defined as a kind of special exclusive data storage server simultaneously, including memory device (such as disk array, CD/DVD driver, tape drive or moveable storage medium) and embedded systems software, it is possible to provide cross-platform file-sharing function. And NAS cost is well below using server storage, efficiency is but significantly larger than server storage.
In network environment, the operating system complexity of network node is various, for instance be likely to have UNIX, Windows9x, WinNT etc., and interconnection and the certification of each operating system are widely different; Additionally, territory often set up in a network by the needs in order to manage, domain controller control certification. Therefore when nas server adds network offering services time, in order to realize the function of plug and play, allowing for collaborative work under the management in multiple territory, how realizing nas server is the technical problem existed in prior art in the cross-domain work of hybrid domain being made up of Windows territory and NIS territory.
Summary of the invention
The technical assignment of the present invention is to provide a kind of method realizing the cross-domain work of nas server, solves the problem how realizing nas server in the cross-domain work of hybrid domain being made up of Windows territory and NIS territory.
The technical solution adopted for the present invention to solve the technical problems is: a kind of method realizing the cross-domain work of nas server, the user of hybrid domain proposes logging request to nas server, after nas server receives logging request, in hybrid domain, corresponding domain controller is authenticated, utilize PAM mechanism as the basis of network server certification, the certification of each service routine is by (SuSE) Linux OS control, the certification of service routine is according to local authentication, the certification of Windows territory, the order of NIS territory certification is authenticated in succession, if some certification success, so return successfully,If none certification success, then return failure; After certification is passed through, this user logs in nas server and carries out data access;
Described hybrid domain is made up of Windows territory and NIS territory. Wherein, nas server provides Samba, apache, proftpd service.
As preferably, the authentication method of described domain controller is as follows: (1) Windows territory: Windows territory is authenticated in conjunction with PAM and the Wrnbind in the authentication mechanism of linux system;
(2) NIS territory: NIS territory is authenticated in conjunction with the PAM in the authentication mechanism of linux system and the Redhat9 being integrated with ypbind instrument.
Wherein, PAM (PluggableAuthenticationModules, plug-in type authentication module mechanism), it it is a kind of certification mode of linux system offer, it uses modularized design and pin function, new authentication module can be inserted in the application or replace original assembly, making any amendment without application programs. The essence of PAM is exactly allow (SuSE) Linux OS replace each application program to complete the work of certification. By utilizing PAM mechanism as the basis of the certification of network server. PAM module configuration file under/etc/pam.d/, it is the core document of whole verification process. Pam_winbind.so is exactly the winbind certification storehouse provided, and pam_UNIX.so is the certification storehouse that Linux is local, and the certification in NIS territory is provided simultaneously and supports by it.
authsufficient/lib/security/pam_winbind.so
authsufficient/lib/security/pam_unix.so
accountsufficient/lib/security/pam_winbind.so
accountsufficient/lib/security/pam_unix.so
More preferably, described Wrnbind, for the Windows territory certification of Samba, additionally provides a dynamic base simultaneously, for providing the support of Windwos territory certification under PAM framework for other application programs.
Compared to the prior art the present invention a kind of realize the method for the cross-domain work of nas server, has the advantages that
1, the present invention builds from NAS system hardware and system environments are started with, and have successfully built a nas server possessing cross-domain ability to work, provide that one cheap and the method for practicality for the access of terminal operating system backup image file in LAN environment;
2, the present invention realizes the nas server of cross-domain work by the service good for the offer of terminal operating system Backup and Restore, the user with Windows territory and NIS territory authority can obtain the corresponding access right of nas server, the secure access of image file can be realized, multiple alternative recovery can be provided the user again and realize method.
Therefore the present invention has the features such as reasonable in design, easy to use, one-object-many-purposes, thus, have good value for applications.
Accompanying drawing explanation
Below in conjunction with accompanying drawing, the present invention is further described.
Accompanying drawing 1 is the block diagram representation of hybrid domain.
Detailed description of the invention
Below in conjunction with the drawings and specific embodiments, the invention will be further described.
As shown in Figure 1, a kind of method realizing the cross-domain work of nas server of the present invention, the user that hybrid domain (is made up of Windows territory and NIS territory) proposes logging request to nas server, after nas server receives logging request, in hybrid domain, corresponding domain controller (domain controller in Windows territory and NIS territory respectively PDC and Server) is authenticated, utilize PAM mechanism as the basis of network server certification, the certification of each service routine is by (SuSE) Linux OS control, the certification of service routine is according to local authentication, the certification of Windows territory, the order of NIS territory certification is authenticated in succession, if some certification success, so return successfully,If none certification success, then return failure; After certification is passed through, this user logs in nas server and carries out data access. The authentication method of domain controller is as follows: (1) Windows territory: Windows territory is authenticated in conjunction with PAM and the Wrnbind in the authentication mechanism of linux system; (2) NIS territory: NIS territory is authenticated in conjunction with the PAM in the authentication mechanism of linux system and the Redhat9 being integrated with ypbind instrument. Wrnbind, for the Windows territory certification of Samba, additionally provides a dynamic base simultaneously, for providing the support of Windwos territory certification under PAM framework for other application programs.
When nas server is authenticated, concrete configuration method is as follows:
L the configuration ffi/etc/nsswitch.conf file modification of () linux system file is following form:
passwd:winbindfilesnis
shadow:filesnis
group:winbindfilesnis
hosts:filesnisdns
ethers:filesnis
netmasks:filesnis
networks:filesnis
protocols:filesnis
rpc:filesnis
services:filesnis
netgroup:filesnis
(2) configuration of Samba, creates configuration file/etc/pam.d/samba as follows:
authsufficient
authsufficient
accountsufficient
accountsufficient
/lib/security/pam_winbind.so
/lib/security/pam_unix.so
/lib/security/pam_winbind.soAib/security/pam_unix.so
(3) configuration file in Windows territory is /usr/local/samba/lib/smb.conf, adds following content:
security=domainencrypt
Passwords=yes; Smbpasswdfile
=/etc/passwdwinbindseparator
=/winbindenumusers~yes
winbindgid=10000-20000winbind
enumgroups=yeswinbinduid=
10000-20000winbindcachetime=
15templatehomedir=
/home/winbind/pub/template
shell=/bin/bash
(4) configuration file in NIS territory is /usr/local/samba/lib/umb.conf, deletes content listed above, and adds following content:
encryptpasswords=no
security=user
smbpasswdfile-/etc/passwd
The xinet service that configuration is relevant, the smbd for 139 and 140 ports services, and creates corresponding configuration file/etc/xmetd.dynetbios-ssn as follows:
servicenetbios-ssn
{
port=139
sockettype=stream
wait=no
protocol=tcpuser=
root
server=/usr/local/samba/sbin/smbd
server_args=-s
/usr/local/samba/lib/smbxonf-p139disable
=no
Create corresponding configuration file/etc/xinetd, d/UNIX-ssn as follows:
serviceumx-ssn
{
port=140
sockettype=
streamwait=no
protocol=tcp
user=root
server=/usr/local/samba/sbin/smbd
server��args=-s/usr/local/samba/lib/umb.
conf-p140disable=no
Configuration file/etc/services adds as descending:
netbios-ssn139/tcp
netbios-ssn139/udp
unix-ssn140/tcp
unix-ssn140/udp
(5) configuration of Apache
Creating configuration file/etc/pam.d/httpd, content is as follows
authsufficientam_unix.so
authsufficientacc/lib/security/pam-
/ lib/security/pwinbind.so brain
am_winbind.so/security/pam-
/lib/security/punix.so
Configuration file/usr/local/apache/conPhttpd.eonf adds following content:
��Directory
AuthPAM��EnabledonAuthName
"DocumentationCenter"AuthTypeBasicRequire
Valid-userSSLRequireSSLOrderallow, deny
Allowfromall</Directory>
(6) the configuration interpolation configuration file/etc/pam.d/ftp of proftpd is as follows:
authrequired/lib/security/pam_listfile.soitem=usersense=denyfile=/ftpusersonerr=succeed
auth/lib/security/pam_wiiibind.so/lib/security/pamstack-so
sufficientservice^system-auth/Iib/security/pam_shells.so
authrequired/Iib/security/pam_winbind,so/lib/security/pam_stack.so
authrequiredservice^system-auth/lib/security/pam_stack.so
accountservice=system-auth
sufficient
Account add in the master configuration file/etc/proftpdconf of proftp a line following-
required
session
requiredPersistentPasswdoff
By detailed description of the invention above, described those skilled in the art can be easy to realize the present invention. It is understood that the present invention is not limited to above-mentioned detailed description of the invention. On the basis of disclosed embodiment, described those skilled in the art can the different technical characteristic of combination in any, thus realizing different technical schemes.
Claims (3)
1. the method realizing the cross-domain work of nas server, it is characterised in that:
The user of hybrid domain proposes logging request to nas server, after nas server receives logging request, in hybrid domain, corresponding domain controller is authenticated, utilize PAM mechanism as the basis of network server certification, the certification of each service routine is by (SuSE) Linux OS control, the certification of service routine according to local authentication, the certification of Windows territory, the certification of NIS territory order be in succession authenticated, if some certifications success, then return successfully; If none certification success, then return failure; After certification is passed through, this user logs in nas server and carries out data access;
Described hybrid domain is made up of Windows territory and NIS territory.
2. a kind of method realizing the cross-domain work of nas server according to claim 1, it is characterised in that: the authentication method of described domain controller is as follows:
(1) Windows territory: Windows territory is authenticated in conjunction with PAM and the Wrnbind in the authentication mechanism of linux system;
(2) NIS territory: NIS territory is authenticated in conjunction with the PAM in the authentication mechanism of linux system and the Redhat9 being integrated with ypbind instrument.
3. a kind of method realizing the cross-domain work of nas server according to claim 2, it is characterized in that: described Wrnbind is for the Windows territory certification of Samba, additionally provide a dynamic base, for providing the support of Windwos territory certification under PAM framework for other application programs simultaneously.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610054038.6A CN105657026A (en) | 2016-01-27 | 2016-01-27 | Method for realizing cross-domain work of NAS (network attached storage) server |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610054038.6A CN105657026A (en) | 2016-01-27 | 2016-01-27 | Method for realizing cross-domain work of NAS (network attached storage) server |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105657026A true CN105657026A (en) | 2016-06-08 |
Family
ID=56486906
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610054038.6A Pending CN105657026A (en) | 2016-01-27 | 2016-01-27 | Method for realizing cross-domain work of NAS (network attached storage) server |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105657026A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790308A (en) * | 2017-03-28 | 2017-05-31 | 北京中电普华信息技术有限公司 | A kind of user authen method, apparatus and system |
| CN109541987A (en) * | 2018-10-17 | 2019-03-29 | 同济大学 | A kind of plug and play type intelligent automobile domain controller and method with redundancy structure |
| CN115174603A (en) * | 2022-07-06 | 2022-10-11 | 中国联合网络通信集团有限公司 | NAS service system, implementation method, electronic equipment and storage medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1783780A (en) * | 2004-12-04 | 2006-06-07 | 华为技术有限公司 | Method and device for realizing domain authorization and network authority authorization |
| CN103795530A (en) * | 2012-10-31 | 2014-05-14 | 华为技术有限公司 | Cross-domain controller authentication method, cross-domain controller authentication device and host |
-
2016
- 2016-01-27 CN CN201610054038.6A patent/CN105657026A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1783780A (en) * | 2004-12-04 | 2006-06-07 | 华为技术有限公司 | Method and device for realizing domain authorization and network authority authorization |
| CN103795530A (en) * | 2012-10-31 | 2014-05-14 | 华为技术有限公司 | Cross-domain controller authentication method, cross-domain controller authentication device and host |
Non-Patent Citations (1)
| Title |
|---|
| 刘梦亚: ""基于Linux系统的网络存储技术分析设计与应用"", 《万方数据库》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106790308A (en) * | 2017-03-28 | 2017-05-31 | 北京中电普华信息技术有限公司 | A kind of user authen method, apparatus and system |
| CN109541987A (en) * | 2018-10-17 | 2019-03-29 | 同济大学 | A kind of plug and play type intelligent automobile domain controller and method with redundancy structure |
| CN109541987B (en) * | 2018-10-17 | 2021-09-03 | 同济大学 | Plug-and-play intelligent automobile domain controller with redundancy structure and method |
| CN115174603A (en) * | 2022-07-06 | 2022-10-11 | 中国联合网络通信集团有限公司 | NAS service system, implementation method, electronic equipment and storage medium |
| CN115174603B (en) * | 2022-07-06 | 2023-08-22 | 中国联合网络通信集团有限公司 | NAS service system, implementation method, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2018095416A1 (en) | Information processing method, device and system | |
| US9473419B2 (en) | Multi-tenant cloud storage system | |
| US8171538B2 (en) | Authentication and authorization of extranet clients to a secure intranet business application in a perimeter network topology | |
| US7526640B2 (en) | System and method for automatic negotiation of a security protocol | |
| CN103001999B (en) | For privately owned Cloud Server, intelligent apparatus client and the method for public cloud network | |
| US8413210B2 (en) | Credential sharing between multiple client applications | |
| CN104836803B (en) | Single-point logging method based on session mechanism | |
| US9584615B2 (en) | Redirecting access requests to an authorized server system for a cloud service | |
| US20050021964A1 (en) | Method and system for providing a circle of trust on a network | |
| JP2010531516A (en) | Device provisioning and domain join emulation over insecure networks | |
| CN108111473A (en) | Mixed cloud Explore of Unified Management Ideas, device and system | |
| US9130904B2 (en) | Externally and internally accessing local NAS data through NSFV3 and 4 interfaces | |
| CN106686051B (en) | Cloud computing network topology system and method based on BIM design | |
| CN113821170B (en) | Distributed storage system, access method and component | |
| CN113595847B (en) | Remote access method, system, device and medium | |
| CN111147526A (en) | Security authentication method for realizing multi-cloud control across public network | |
| Hudak et al. | Open OnDemand: Transforming computational science through omnidisciplinary software cyberinfrastructure | |
| CN103795530A (en) | Cross-domain controller authentication method, cross-domain controller authentication device and host | |
| CN105657026A (en) | Method for realizing cross-domain work of NAS (network attached storage) server | |
| CN111628960B (en) | Method and apparatus for connecting to network services on a private network | |
| CN102571817B (en) | Method and device for accessing application server | |
| TW201616374A (en) | Method for use with a public cloud network, private cloud routing server and smart device client | |
| CN105959197B (en) | A kind of SSL VPN user interface customization method and device | |
| CN114422260B (en) | Cross-platform joint identity authentication method, system, storage medium and equipment | |
| Cisco | Sample Configurations |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20160608 |
|
| WD01 | Invention patent application deemed withdrawn after publication |