[gpfsug-discuss] Issues getting SMB shares working.

Jan-Frode Myklebust janfrode at tanso.net
Wed Mar 1 20:21:03 GMT 2017 

This looks to me like a quite plain SYS authorized NFS, maybe also verify
that the individual NFS shares has sec=sys with "mmnfs export list -n
/absl/SCRATCH".


If you check "man mmuserauth" there are quite clear examples for how to
connect it to AD populated with unix id and gid. I don't think this will
affect your NFS service, since there doesn't seem to be any kerberos
involved.

But, please beware that mmuserauth will overwrite any customized sssd.conf,
krb5.conf, winbind, etc.. As it configures the authentication for the whole
host, not just samba/nfs-services.


-jf

ons. 1. mar. 2017 kl. 16.22 skrev Aidan Richmond <a.g.richmond at leeds.ac.uk>:

> mmnfs export list
> Path          Delegations Clients
> -------------------------------------
> /absl/SCRATCH none        *
> /absl/SCRATCH none        fbscpcu097
>
> mmnfs config list
>
> NFS Ganesha Configuration:
> ==========================
> NFS_PROTOCOLS: 3,4
> NFS_PORT: 2049
> MNT_PORT: 0
> NLM_PORT: 0
> RQUOTA_PORT: 0
> SHORT_FILE_HANDLE: FALSE
> LEASE_LIFETIME: 60
> DOMAINNAME: LEEDS.AC.UK
> DELEGATIONS: Disabled
> ==========================
>
> STATD Configuration
> ==========================
> STATD_PORT: 0
> ==========================
>
> CacheInode Configuration
> ==========================
> ENTRIES_HWMARK: 1500000
> ==========================
>
> Export Defaults
> ==========================
> ACCESS_TYPE: NONE
> PROTOCOLS: 3,4
> TRANSPORTS: TCP
> ANONYMOUS_UID: -2
> ANONYMOUS_GID: -2
> SECTYPE: SYS
> PRIVILEGEDPORT: FALSE
> MANAGE_GIDS: FALSE
> SQUASH: ROOT_SQUASH
> NFS_COMMIT: FALSE
> ==========================
>
> Log Configuration
> ==========================
> LOG_LEVEL: EVENT
> ==========================
>
> Idmapd Configuration
> ==========================
> DOMAIN: DS.LEEDS.AC.UK
> ==========================
>
> On 01/03/17 14:12, Jan-Frode Myklebust wrote:
> > Lets figure out how your NFS is authenticating then. The userdefined
> > authentication you have, could mean that your linux host is configured to
> > authenticated towards AD --- or it could be that you're using simple
> > sys-authentication for NFS.
> >
> > Could you please post the output of:
> >
> > mmnfs export list
> > mmnfs config list
> >
> >
> >   -jf
> >
> >
> > On Wed, Mar 1, 2017 at 1:07 PM, Aidan Richmond <a.g.richmond at leeds.ac.uk
> >
> > wrote:
> >
> >> Hello
> >>
> >> I'm a little hesitant to mess with the authentication as I we are
> wanting
> >> consistent UIDs across our systems and I know my predecessor struggled
> to
> >> get them consistent. Our AD environment stores the UID and GID settings
> in
> >> msSFU30uid and msSFU30gid.
> >>
> >> I'm also concerned that the system is already in use with nfsv4 access
> and
> >> don't want to break existing access unless I have to.
> >>
> >>
> >>
> >> On 01/03/17 11:42, Sobey, Richard A wrote:
> >>
> >>> That's probably the first thing you need to sort out then.
> >>>
> >>> Check out the mmuserauth service create command.
> >>>
> >>> There was an example on this list on Monday so depending when you
> >>> subscribed you may not have seen it. FYI the command cited was:
> >>>
> >>> mmuserauth service create --type ad --data-access-method file --servers
> >>> 192.168.88.3 --user-name administrator --netbios-name scale
> --idmap-role
> >>> master --password ********* --idmap-range-size 1000000 --idmap-range
> >>> 10000000-299999999 --enable-nfs-kerberos --unixmap-domains
> >>> 'sirius(10000-20000)'
> >>>
> >>> Change the parameters to cater to your environment and needs of course.
> >>>
> >>> Richard
> >>>
> >>> -----Original Message-----
> >>> From: gpfsug-discuss-bounces at spectrumscale.org [mailto:
> >>> gpfsug-discuss-bounces at spectrumscale.org] On Behalf Of Aidan Richmond
> >>> Sent: 01 March 2017 11:36
> >>> To: gpfsug-discuss at spectrumscale.org
> >>> Subject: Re: [gpfsug-discuss] Issues getting SMB shares working.
> >>>
> >>> Hello
> >>>
> >>> It returns the following:
> >>>
> >>> FILE access configuration : USERDEFINED
> >>> PARAMETERS               VALUES
> >>> -------------------------------------------------
> >>>
> >>> On 01/03/17 11:33, Sobey, Richard A wrote:
> >>>
> >>>> Mmuserauth service list --data-access-method file
> >>>>
> >>>
> >>>
> >>>
> >>
> >> --
> >> Aidan Richmond
> >> Apple/Unix Support Officer, IT
> >> Garstang 10.137
> >> Faculty of Biological Sciences
> >> University of Leeds
> >> Clarendon Way
> >> LS2 9JT
> >>
> >> Tel:0113 3434252
> >> a.g.richmond at leeds.ac.uk
> >> _______________________________________________
> >> gpfsug-discuss mailing list
> >> gpfsug-discuss at spectrumscale.org
> >> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
> >>
> >
> >
> >
> > _______________________________________________
> > gpfsug-discuss mailing list
> > gpfsug-discuss at spectrumscale.org
> > http://gpfsug.org/mailman/listinfo/gpfsug-discuss
> >
>
>
> --
> Aidan Richmond
> Apple/Unix Support Officer, IT
> Garstang 10.137
> Faculty of Biological Sciences
> University of Leeds
> Clarendon Way
> LS2 9JT
>
> Tel:0113 3434252
> a.g.richmond at leeds.ac.uk
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20170301/22a286fa/attachment-0002.htm>

More information about the gpfsug-discuss mailing list