Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

white221g

1 Rookie

 • 

47 Posts

1576

March 5th, 2012 14:00

Celerra User home directory shares

Folks,

I need an opinion on what is the best way to go for setting up home directory for users on a celerra which does NOT use the celerra home directory feature. We have a filesystem created called users which can be accessed via the share \\celerranas1\users$

Within this filesystem we create a folder for each user and set permissions on that folder such that only administrators and that particular user can access that folder. Now comes the part of adding this home directory info in the user profiles in AD. Which of the following two options should be implemented (I am taking an example of user called ny1001):

Option A- Create a share for each user: Create a folder called ny1001 in \\celerranas1\users$ . Create a share ny1001$ pointing to that folder  and add this share in the user profiles in AD. ( i.e. add \\celerranas1\ny1001$ in the AD profile for the user1001).

Option B- Do not create a share for each user: Do not create shares for each user. Instead just mention the path \\celerranas1\users$\ny1001 in the profiles in AD for that user.

Please comment on each option. I am really not sure if i should create a share for each user. What are the advantages and disadvantages of each approach. Please guide. This is going to be a very large environment (about 6000 users).

Thanks a bunch.

dynamox

9 Legend

 • 

20.4K Posts

March 6th, 2012 07:00

there should be a CD with CIFS tools that you got ..there is emcabe.exe file there.

dynamox

9 Legend

 • 

20.4K Posts

March 5th, 2012 14:00

i would use option B with ABE (access based enumeration) enabled on the users$ share.

dynamox

9 Legend

 • 

20.4K Posts

March 5th, 2012 14:00

and use variable name in you login script or AD account HOME path

\\celerranas1\users$\%UserName%

Rainer_EMC

4 Operator

 • 

8.6K Posts

March 5th, 2012 16:00

I would avoid 6000 shares just for user homedirs

christopher_ime

2K Posts

March 6th, 2012 02:00

Just curious, what is the reasoning you are not considering the Celerra homedir feature?  You clearly emphasized this in your question and kind of piqued my curiosity.  Maybe due to the default (but configurable) permissions being set to either "Everyone" or just the user (depending on the DART code level)?

dynamox

9 Legend

 • 

20.4K Posts

March 6th, 2012 04:00

multi-tenancy would be one reason. I have multiple customers on my Celerra and everyone wants their own "implementation" of HOME directory.

white221g

1 Rookie

 • 

47 Posts

March 6th, 2012 07:00

Thank you Dynamox. Could you please elaborate on what exactly you mean by

"using variable name in login script or AD home path \\celerranas1\users$\%UserName%"

&

"ABE enabled on users$ share"

What is the benefit of these two pointers you have given. Thank you.

dynamox

9 Legend

 • 

20.4K Posts

March 6th, 2012 07:00

in your login script, instead of specifying each individual username, just subtitide with the variable name %username%  which resolves to the actual username of person trying to map the share.

ABE will allow you to hide directories from users who like to snoop around. Let's say you create directory structure:

\HOME

     \bob

     \tim

     \john

the only directory that is shared is HOME. In your login script you map users directly into their directory but let's say somebody decided to map one level up. If bob maps to \\servername\HOME ..he will only see his own directory, without ABE he would see everybody else directory ..he would still get access denied if he would try to go into tim's directory but with ABE he can't even see tim's and john's directory.

white221g

1 Rookie

 • 

47 Posts

March 6th, 2012 07:00

Great. Thanks Dynamox. That was a very good explanation. Very clear now. I think we will go for ABE. Looks like a cool feature. How do i enable ABE on the users$ share?

white221g

1 Rookie

 • 

47 Posts

March 6th, 2012 07:00

Thank you for the reply. I am convinced that there is no need for individual shares for home directories, but that brings up a question: do we really need any CIFS shares to be created at all (apart from the parent share at filesystem level)?. I mean, regardless of whether it is a group share or user share or department share or application share, we could just point to that folder using the parent share of the filesystem. Your thoughts?

dynamox

9 Legend

 • 

20.4K Posts

March 6th, 2012 08:00

can you draw a little ASCII diagram of the options you are considering ?

white221g

1 Rookie

 • 

47 Posts

March 6th, 2012 08:00

thanks Dynamox.  By the way, i asked a question to Rainer, "I am convinced that there is no need for individual shares for home directories, but that brings up a question: do we really need any CIFS shares to be created at all (apart from the parent share at filesystem level)?. I mean, regardless of whether it is a group share or user share or department share or application share, we could just point to that folder using the parent share of the filesystem. Your thoughts?"

I would love to have your opinion as well on this.

Rainer_EMC

4 Operator

 • 

8.6K Posts

March 7th, 2012 13:00

Sure you could.

If you read the VNX homedir white paper it talks about the alternatives to the VNX homedir feature.

Was this post helpful?

View All

No Events found!

Top