[gpfsug-discuss] Active direcotry based ACLs for Samba and Windows GPFS clients

Sarah Walters sarah.walters at uq.edu.au
Mon Mar 11 03:09:44 GMT 2024 

It works just fine at UQ, using an AFM cache. We have NFS-only at the 'home' but we have thousands of filesets coming out of NFS and SMB on our cache. Not, technically, a preferred configuration to have that many of them, but it's possible.



Sarah Walters

BCompSc

Research Computing Systems Engineer



Research Computing Centre

The University of Queensland

Brisbane QLD 4072 Australia



E sarah.walters at uq.edu.au W www.rcc.uq.edu.au



CRICOS code: 00025B





The University of Queensland is embracing the Green Office philosophy. Please consider the environment before printing this email.



This email (including any attached files) is intended solely for the addressee and may contain confidential information of The University of Queensland. If you are not the addressee, you are notified that any transmission, distribution, printing or photocopying of this email is prohibited. If you have received this email in error, please delete and notify me. Unless explicitly stated, the opinions expressed in this email do not represent the official position of The University of Queensland.

________________________________
From: gpfsug-discuss <gpfsug-discuss-bounces at gpfsug.org> on behalf of Jonathan Buzzard <jonathan.buzzard at strath.ac.uk>
Sent: Saturday, 9 March 2024 02:18
To: gpfsug-discuss at gpfsug.org <gpfsug-discuss at gpfsug.org>
Subject: Re: [gpfsug-discuss] Active direcotry based ACLs for Samba and Windows GPFS clients

On 08/03/2024 16:08, Peter Hruška wrote:

> Hello Jonathan,
>
> Thank you for the answer. Since I used Automatic ID-mapping method for
> the mmauth deployment I didn't do anything regarding RFC2307.
> I chose this approach because we don't want to use kerberos for NFS
> authentication (although we will use NFS for separate data access).
> I'll check on that. If you have any hints I would appreciate them.
>

Consistent mapping won't work without RFC2307bis attributes being
populated as far as I am aware. Windows knows nothing about the
idmap_rid, it only knows about SID's

Mixing NFS and Samba out the same file system or at the very least the
same directory hierarchy is a mugs game. There in lies a gigantic pit of
woe for all those foolish enough to try based on personal experience.

JAB.

--
Jonathan A. Buzzard                         Tel: +44141-5483420
HPC System Administrator, ARCHIE-WeSt.
University of Strathclyde, John Anderson Building, Glasgow. G4 0NG


_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at gpfsug.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss_gpfsug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20240311/758ac1fd/attachment.htm>

More information about the gpfsug-discuss mailing list