This looks to me like a quite plain SYS authorized NFS, maybe also verify that the individual NFS shares has sec=sys with "mmnfs export list -n /absl/SCRATCH". <br><br><br>If you check "man mmuserauth" there are quite clear examples for how to connect it to AD populated with unix id and gid. I don't think this will affect your NFS service, since there doesn't seem to be any kerberos involved.<br><br>But, please beware that mmuserauth will overwrite any customized sssd.conf, krb5.conf, winbind, etc.. As it configures the authentication for the whole host, not just samba/nfs-services.<br><br><br> -jf<br><br><div class="gmail_quote"><div dir="ltr">ons. 1. mar. 2017 kl. 16.22 skrev Aidan Richmond <<a href="mailto:a.g.richmond@leeds.ac.uk">a.g.richmond@leeds.ac.uk</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">mmnfs export list<br class="gmail_msg">
Path Delegations Clients<br class="gmail_msg">
-------------------------------------<br class="gmail_msg">
/absl/SCRATCH none *<br class="gmail_msg">
/absl/SCRATCH none fbscpcu097<br class="gmail_msg">
<br class="gmail_msg">
mmnfs config list<br class="gmail_msg">
<br class="gmail_msg">
NFS Ganesha Configuration:<br class="gmail_msg">
==========================<br class="gmail_msg">
NFS_PROTOCOLS: 3,4<br class="gmail_msg">
NFS_PORT: 2049<br class="gmail_msg">
MNT_PORT: 0<br class="gmail_msg">
NLM_PORT: 0<br class="gmail_msg">
RQUOTA_PORT: 0<br class="gmail_msg">
SHORT_FILE_HANDLE: FALSE<br class="gmail_msg">
LEASE_LIFETIME: 60<br class="gmail_msg">
DOMAINNAME: <a href="http://LEEDS.AC.UK" rel="noreferrer" class="gmail_msg" target="_blank">LEEDS.AC.UK</a><br class="gmail_msg">
DELEGATIONS: Disabled<br class="gmail_msg">
==========================<br class="gmail_msg">
<br class="gmail_msg">
STATD Configuration<br class="gmail_msg">
==========================<br class="gmail_msg">
STATD_PORT: 0<br class="gmail_msg">
==========================<br class="gmail_msg">
<br class="gmail_msg">
CacheInode Configuration<br class="gmail_msg">
==========================<br class="gmail_msg">
ENTRIES_HWMARK: 1500000<br class="gmail_msg">
==========================<br class="gmail_msg">
<br class="gmail_msg">
Export Defaults<br class="gmail_msg">
==========================<br class="gmail_msg">
ACCESS_TYPE: NONE<br class="gmail_msg">
PROTOCOLS: 3,4<br class="gmail_msg">
TRANSPORTS: TCP<br class="gmail_msg">
ANONYMOUS_UID: -2<br class="gmail_msg">
ANONYMOUS_GID: -2<br class="gmail_msg">
SECTYPE: SYS<br class="gmail_msg">
PRIVILEGEDPORT: FALSE<br class="gmail_msg">
MANAGE_GIDS: FALSE<br class="gmail_msg">
SQUASH: ROOT_SQUASH<br class="gmail_msg">
NFS_COMMIT: FALSE<br class="gmail_msg">
==========================<br class="gmail_msg">
<br class="gmail_msg">
Log Configuration<br class="gmail_msg">
==========================<br class="gmail_msg">
LOG_LEVEL: EVENT<br class="gmail_msg">
==========================<br class="gmail_msg">
<br class="gmail_msg">
Idmapd Configuration<br class="gmail_msg">
==========================<br class="gmail_msg">
DOMAIN: <a href="http://DS.LEEDS.AC.UK" rel="noreferrer" class="gmail_msg" target="_blank">DS.LEEDS.AC.UK</a><br class="gmail_msg">
==========================<br class="gmail_msg">
<br class="gmail_msg">
On 01/03/17 14:12, Jan-Frode Myklebust wrote:<br class="gmail_msg">
> Lets figure out how your NFS is authenticating then. The userdefined<br class="gmail_msg">
> authentication you have, could mean that your linux host is configured to<br class="gmail_msg">
> authenticated towards AD --- or it could be that you're using simple<br class="gmail_msg">
> sys-authentication for NFS.<br class="gmail_msg">
><br class="gmail_msg">
> Could you please post the output of:<br class="gmail_msg">
><br class="gmail_msg">
> mmnfs export list<br class="gmail_msg">
> mmnfs config list<br class="gmail_msg">
><br class="gmail_msg">
><br class="gmail_msg">
> -jf<br class="gmail_msg">
><br class="gmail_msg">
><br class="gmail_msg">
> On Wed, Mar 1, 2017 at 1:07 PM, Aidan Richmond <<a href="mailto:a.g.richmond@leeds.ac.uk" class="gmail_msg" target="_blank">a.g.richmond@leeds.ac.uk</a>><br class="gmail_msg">
> wrote:<br class="gmail_msg">
><br class="gmail_msg">
>> Hello<br class="gmail_msg">
>><br class="gmail_msg">
>> I'm a little hesitant to mess with the authentication as I we are wanting<br class="gmail_msg">
>> consistent UIDs across our systems and I know my predecessor struggled to<br class="gmail_msg">
>> get them consistent. Our AD environment stores the UID and GID settings in<br class="gmail_msg">
>> msSFU30uid and msSFU30gid.<br class="gmail_msg">
>><br class="gmail_msg">
>> I'm also concerned that the system is already in use with nfsv4 access and<br class="gmail_msg">
>> don't want to break existing access unless I have to.<br class="gmail_msg">
>><br class="gmail_msg">
>><br class="gmail_msg">
>><br class="gmail_msg">
>> On 01/03/17 11:42, Sobey, Richard A wrote:<br class="gmail_msg">
>><br class="gmail_msg">
>>> That's probably the first thing you need to sort out then.<br class="gmail_msg">
>>><br class="gmail_msg">
>>> Check out the mmuserauth service create command.<br class="gmail_msg">
>>><br class="gmail_msg">
>>> There was an example on this list on Monday so depending when you<br class="gmail_msg">
>>> subscribed you may not have seen it. FYI the command cited was:<br class="gmail_msg">
>>><br class="gmail_msg">
>>> mmuserauth service create --type ad --data-access-method file --servers<br class="gmail_msg">
>>> 192.168.88.3 --user-name administrator --netbios-name scale --idmap-role<br class="gmail_msg">
>>> master --password ********* --idmap-range-size 1000000 --idmap-range<br class="gmail_msg">
>>> 10000000-299999999 --enable-nfs-kerberos --unixmap-domains<br class="gmail_msg">
>>> 'sirius(10000-20000)'<br class="gmail_msg">
>>><br class="gmail_msg">
>>> Change the parameters to cater to your environment and needs of course.<br class="gmail_msg">
>>><br class="gmail_msg">
>>> Richard<br class="gmail_msg">
>>><br class="gmail_msg">
>>> -----Original Message-----<br class="gmail_msg">
>>> From: <a href="mailto:gpfsug-discuss-bounces@spectrumscale.org" class="gmail_msg" target="_blank">gpfsug-discuss-bounces@spectrumscale.org</a> [mailto:<br class="gmail_msg">
>>> <a href="mailto:gpfsug-discuss-bounces@spectrumscale.org" class="gmail_msg" target="_blank">gpfsug-discuss-bounces@spectrumscale.org</a>] On Behalf Of Aidan Richmond<br class="gmail_msg">
>>> Sent: 01 March 2017 11:36<br class="gmail_msg">
>>> To: <a href="mailto:gpfsug-discuss@spectrumscale.org" class="gmail_msg" target="_blank">gpfsug-discuss@spectrumscale.org</a><br class="gmail_msg">
>>> Subject: Re: [gpfsug-discuss] Issues getting SMB shares working.<br class="gmail_msg">
>>><br class="gmail_msg">
>>> Hello<br class="gmail_msg">
>>><br class="gmail_msg">
>>> It returns the following:<br class="gmail_msg">
>>><br class="gmail_msg">
>>> FILE access configuration : USERDEFINED<br class="gmail_msg">
>>> PARAMETERS VALUES<br class="gmail_msg">
>>> -------------------------------------------------<br class="gmail_msg">
>>><br class="gmail_msg">
>>> On 01/03/17 11:33, Sobey, Richard A wrote:<br class="gmail_msg">
>>><br class="gmail_msg">
>>>> Mmuserauth service list --data-access-method file<br class="gmail_msg">
>>>><br class="gmail_msg">
>>><br class="gmail_msg">
>>><br class="gmail_msg">
>>><br class="gmail_msg">
>><br class="gmail_msg">
>> --<br class="gmail_msg">
>> Aidan Richmond<br class="gmail_msg">
>> Apple/Unix Support Officer, IT<br class="gmail_msg">
>> Garstang 10.137<br class="gmail_msg">
>> Faculty of Biological Sciences<br class="gmail_msg">
>> University of Leeds<br class="gmail_msg">
>> Clarendon Way<br class="gmail_msg">
>> LS2 9JT<br class="gmail_msg">
>><br class="gmail_msg">
>> Tel:0113 3434252<br class="gmail_msg">
>> <a href="mailto:a.g.richmond@leeds.ac.uk" class="gmail_msg" target="_blank">a.g.richmond@leeds.ac.uk</a><br class="gmail_msg">
>> _______________________________________________<br class="gmail_msg">
>> gpfsug-discuss mailing list<br class="gmail_msg">
>> gpfsug-discuss at <a href="http://spectrumscale.org" rel="noreferrer" class="gmail_msg" target="_blank">spectrumscale.org</a><br class="gmail_msg">
>> <a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" rel="noreferrer" class="gmail_msg" target="_blank">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a><br class="gmail_msg">
>><br class="gmail_msg">
><br class="gmail_msg">
><br class="gmail_msg">
><br class="gmail_msg">
> _______________________________________________<br class="gmail_msg">
> gpfsug-discuss mailing list<br class="gmail_msg">
> gpfsug-discuss at <a href="http://spectrumscale.org" rel="noreferrer" class="gmail_msg" target="_blank">spectrumscale.org</a><br class="gmail_msg">
> <a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" rel="noreferrer" class="gmail_msg" target="_blank">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a><br class="gmail_msg">
><br class="gmail_msg">
<br class="gmail_msg">
<br class="gmail_msg">
--<br class="gmail_msg">
Aidan Richmond<br class="gmail_msg">
Apple/Unix Support Officer, IT<br class="gmail_msg">
Garstang 10.137<br class="gmail_msg">
Faculty of Biological Sciences<br class="gmail_msg">
University of Leeds<br class="gmail_msg">
Clarendon Way<br class="gmail_msg">
LS2 9JT<br class="gmail_msg">
<br class="gmail_msg">
Tel:0113 3434252<br class="gmail_msg">
<a href="mailto:a.g.richmond@leeds.ac.uk" class="gmail_msg" target="_blank">a.g.richmond@leeds.ac.uk</a><br class="gmail_msg">
_______________________________________________<br class="gmail_msg">
gpfsug-discuss mailing list<br class="gmail_msg">
gpfsug-discuss at <a href="http://spectrumscale.org" rel="noreferrer" class="gmail_msg" target="_blank">spectrumscale.org</a><br class="gmail_msg">
<a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" rel="noreferrer" class="gmail_msg" target="_blank">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a><br class="gmail_msg">
</blockquote></div>