All Collections
Knowledge Base
Enterprise Workloads
How To - Enterprise Workloads
Nas backup - Create a NAS role and user on Isilon with required permissions using CLI
Nas backup - Create a NAS role and user on Isilon with required permissions using CLI
Updated over a week ago

Overview

The objective is to create a NAS role and user with required permissions using CLI.

Procedure title

NOTE:User name ‘nas-phoenix’ and role name ‘namespace’ are user-defined and can be set as needed.

Below are the steps to create a new role and user for NAS backups with Phoenix:

  1. Establish an SSH connection to any node in the Isilon cluster.

  2. OPTIONAL – If a local user is needed then the following syntax can be used. Please be advised that a local user generally will not have access to the shares and a separate credential will need to be used to access the data.

    isi auth users create nas-phoenix --enabled True --set-password

  3. Create the “namespace” role in the system access zone with the required privileges by typing:
    (NOTE: namespace role name is user-defined and can be set as needed.) 

    isi auth roles create namespace
    isi auth roles modify namespace --add-priv ISI_PRIV_LOGIN_PAPI
    isi auth roles modify namespace --add-priv ISI_PRIV_ROLE
    isi auth roles modify namespace --add-priv ISI_PRIV_NS_TRAVERSE
    isi auth roles modify namespace --add-priv ISI_PRIV_NS_IFS_ACCESS
    isi auth roles modify namespace --add-priv ISI_PRIV_NFS
    isi auth roles modify namespace --add-priv ISI_PRIV_SMB
    isi auth roles modify namespace --add-priv ISI_PRIV_SNAPSHOT
    isi auth roles modify namespace --add-priv ISI_PRIV_JOB_ENGINE

  4. Add the user to the newly created role:
    (NOTE: username ‘nas-phoenix’ name is user-defined and can be set as needed, and can use a domain account like Domain\user_name or user_name@domain.com )

    1. Local

      isi auth roles modify namespace --add-user nas-phoenix

    2. Domain

      isi auth roles modify namespace --add-user Domain\user_name

  5. Check the available zones on the device by running the following command. :

    isi zone zones list

  6. If additional zones are present besides ‘System” then repeat the steps below for each access zone that is to be protected. It is normal practice that additional zones are present.
    (NOTE: The ‘namespace’ role name, user name ‘nas-phoenix’ should match what was used above. The ‘zone_name’ should be replaced for each zone needing to be protected) 

    isi auth roles create namespace –zone zone_name
    isi auth roles modify namespace --add-priv ISI_PRIV_LOGIN_PAPI –zone zone_name
    isi auth roles modify namespace --add-priv ISI_PRIV_ROLE –zone zone_name
    isi auth roles modify namespace --add-priv ISI_PRIV_NS_TRAVERSE –zone zone_name
    isi auth roles modify namespace --add-priv ISI_PRIV_NS_IFS_ACCESS –zone zone_name
    isi auth roles modify namespace --add-priv ISI_PRIV_NFS –zone zone_name
    isi auth roles modify namespace --add-priv ISI_PRIV_SMB –zone zone_name
    isi auth roles modify namespace --add-user nas-phoenix –zone zone_name


    (Where nas-phoenix is the user intended to protect the device data.)

See also

NAS device validations

Related Articles
Archived release notes and fixed issues 2020
System requirements for NAS devices
NAS device validations
User Guide - Preparing the environment for successful Druva NAS Shares Backup
NAS backup fails with Authorization Error for Dell Isilon NAS Device
Did this answer your question?