<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10.5pt" ><div dir="ltr" >Hi Richard,</div>
<div dir="ltr" > </div>
<div dir="ltr" >If you are setting up Protocol authentication against the active directory,</div>
<div dir="ltr" >would you not choose to use a service account that isn't going to get deleted?</div>
<div dir="ltr" > </div>
<div dir="ltr" >If you choose to use an user account of a Sys Admin who has Domain admin privileges and they leave the company and their account is deleted, you would almost certainly have issues with the Scale cluster trying to validate users permissions and having scale get an error from AD when the credentials that it uses are no longer valid.</div>
<div dir="ltr" > </div>
<div dir="ltr" > </div>
<div dir="ltr" ><div class="socmaildefaultfont" dir="ltr" style="font-family:Arial;font-size:10.5pt" ><div class="socmaildefaultfont" dir="ltr" style="font-family:Arial;font-size:10.5pt" ><div class="socmaildefaultfont" dir="ltr" style="font-family:Arial;font-size:10.5pt" ><div dir="ltr" style="margin-top: 20px;" ><div style="font-size: 12pt; font-weight: bold; font-family: sans-serif; color: #7C7C5F;" >Andrew Beattie</div>
<div style="font-size: 10pt; font-weight: bold; font-family: sans-serif;" >Software Defined Storage - IT Specialist</div>
<div style="font-size: 8pt; font-family: sans-serif; margin-top: 10px;" ><div><span style="font-weight: bold; color: #336699;" >Phone: </span>614-2133-7927</div>
<div><span style="font-weight: bold; color: #336699;" >E-mail: </span><a href="mailto:abeattie@au1.ibm.com" style="color: #555">abeattie@au1.ibm.com</a></div></div></div></div></div></div></div>
<div dir="ltr" > </div>
<div dir="ltr" > </div>
<blockquote data-history-content-modified="1" data-history-expanded="1" dir="ltr" style="border-left:solid #aaaaaa 2px; margin-left:5px; padding-left:5px; direction:ltr; margin-right:0px" >----- Original message -----<br>From: "Sobey, Richard A" <r.sobey@imperial.ac.uk><br>Sent by: gpfsug-discuss-bounces@spectrumscale.org<br>To: "'gpfsug-discuss@spectrumscale.org'" <gpfsug-discuss@spectrumscale.org><br>Cc:<br>Subject: [gpfsug-discuss] CES file authentication - bind account deleted?<br>Date: Tue, Sep 4, 2018 8:45 AM<br> <br><!--Notes ACF
<meta http-equiv="Content-Type" content="text/html; charset=utf8" >--> <!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit" >
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div><p>Hi all,<o:p></o:p></p>
<p><o:p> </o:p></p>
<p>I don’t like using long subject lines as a rule so it probably doesn’t make sense, but consider:<o:p></o:p></p>
<p><o:p> </o:p></p>
<p><span style="font-family:"Courier New"" >FILE access configuration : AD<o:p></o:p></span></p>
<p><span style="font-family:"Courier New"" >PARAMETERS VALUES<o:p></o:p></span></p>
<p><span style="font-family:"Courier New"" >-------------------------------------------------<o:p></o:p></span></p>
<p><span style="font-family:"Courier New"" >ENABLE_NFS_KERBEROS true<o:p></o:p></span></p>
<p><span style="font-family:"Courier New"" >SERVERS domaincontroller.ic.ac.uk<o:p></o:p></span></p>
<p><span style="font-family:"Courier New"" >USER_NAME joebloggs@IC.AC.UK<o:p></o:p></span></p>
<p><span style="font-family:"Courier New"" >NETBIOS_NAME store<o:p></o:p></span></p>
<p><span style="font-family:"Courier New"" >IDMAP_ROLE master<o:p></o:p></span></p>
<p><span style="font-family:"Courier New"" >IDMAP_RANGE 10000000-299999999<o:p></o:p></span></p>
<p><span style="font-family:"Courier New"" >IDMAP_RANGE_SIZE 1000000<o:p></o:p></span></p>
<p><span style="font-family:"Courier New"" >UNIXMAP_DOMAINS IC(500 - 2000000)<o:p></o:p></span></p>
<p><span style="font-family:"Courier New"" >LDAPMAP_DOMAINS none<o:p></o:p></span></p>
<p><o:p> </o:p></p>
<p>If “joebloggs” was to leave the organization and that account deleted from Active Directory, what is the impact on file authentication in CES?<o:p></o:p></p>
<p><o:p> </o:p></p>
<p>Thanks<o:p></o:p></p>
<p>Richard<o:p></o:p></p></div>
<div><font size="2" face="Default Monospace,Courier New,Courier,monospace" >_______________________________________________<br>gpfsug-discuss mailing list<br>gpfsug-discuss at spectrumscale.org<br><a href="http://gpfsug.org/mailman/listinfo/gpfsug-discuss" target="_blank">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a></font></div></blockquote>
<div dir="ltr" > </div></div><BR>