Joining Active Directory

Before you can start creating SMB shares and exports, you need to join the file storage cluster to the Active Directory (AD) domain. This enables centralized user and group management, authentication, and access control, allowing you to assign permissions to SMB shares based on AD accounts and groups.

Prerequisites

  • The file storage cluster is created, as described in Creating the file storage cluster.
  • The AD domain already exists and can reach the virtual IP addresses assigned to the file storage nodes.

To join the file storage cluster to Active Directory

Admin panel

  1. Go to Storage services > File storage > Settings > Active Directory and click Join Active Directory.

  2. In the Join Active Directory window, specify the following AD settings:

    • IP address of the domain controller
    • Fully qualified domain name (FQDN) of your Active Directory domain
    • NetBIOS name of the domain in uppercase letters

    • Organization unit (if omitted, the default Computers container is used)

  3. Specify the credentials of your AD administrator account.

  4. Click Test connection to verify connectivity with the AD domain. If the test fails, ensure that the provided credentials and domain information are correct and that the domain controller IP address is reachable.

  5. Click Join.

Command-line interface

Use the following command:

vinfra service file-storage cluster set --active-directory domain_name=<domain_name>,netbios_domain_name=<netbios_domain_name>,
                                        address=<domain_controller_ip>[,org_unit=<org_unit>] [--krb-username <username>]
                                        [--krb-password] [--krb-ticket <ticket>]
domain_name=<domain_name>
Fully qualified domain name (FQDN) of your Active Directory domain.
netbios_domain_name=<netbios domain name>
NetBIOS name of the domain in uppercase letters
address=<domain_controller_ip>
IP address of the domain controller
org_unit=<org_unit>
Organization unit (if omitted, the default Computers container is used)
--krb-username <username>
Kerberos username
--krb-password
Request the Kerberos password from stdin. Alternatively, the password can be set via the MPFS_KRB_PASSWORD environment variable.
--krb-ticket <ticket>
Path to the Kerberos ticket

For example, to join the file storage cluster to the AD domain test.corp with the IP address 10.136.18.133, run:

# vinfra service file-storage cluster set --active-directory domain_name=test.corp,netbios_domain_name=TEST,\
address=10.136.18.133 --krb-username administrator --krb-password
Kerberos password [administrator]:

Specify the user password when prompted.