<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
tt
{mso-style-priority:99;
font-family:"Courier New";}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">We use realmd and some automation for sssd configs to get linux hosts to have local login and ssh tied to AD accounts, however we do not apply these configs on our protocol nodes.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black"><gpfsug-discuss-bounces@spectrumscale.org> on behalf of Christof Schmitt <christof.schmitt@us.ibm.com><br>
<b>Reply-To: </b>gpfsug main discussion list <gpfsug-discuss@spectrumscale.org><br>
<b>Date: </b>Wednesday, January 9, 2019 at 2:03 PM<br>
<b>To: </b>"gpfsug-discuss@spectrumscale.org" <gpfsug-discuss@spectrumscale.org><br>
<b>Cc: </b>"gpfsug-discuss@spectrumscale.org" <gpfsug-discuss@spectrumscale.org>, Ingo Meents <MEENTS@de.ibm.com><br>
<b>Subject: </b>Re: [gpfsug-discuss] User Login Active Directory authentication on CES nodes with SMB protocol<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">There is the PAM module that would forward authentication requests to winbindd:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">/usr/lpp/mmfs/lib64/security/pam_gpfs-winbind.so<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">In theory that can be added to the PAM configuration in /etc/pam.d/. On the other hand, we have never tested this nor claimed support, so there might be reasons why this won't
work.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">Other customers have configured sssd manually in addition to the Scale authentication to allow user logon and authentication for sudo.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">If the request here is to configure AD authentication through mmuserauth and that should also provide user logon, that should probably be treated as a feature request through
RFE.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">Regards,<o:p></o:p></span></p>
</div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> </span><span style="font-size:10.5pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Verdana",sans-serif">Christof Schmitt || IBM || Spectrum Scale Development || Tucson, AZ<br>
christof.schmitt@us.ibm.com || +1-520-799-2469 (T/L: 321-2469)</span><span style="font-size:10.5pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <o:p></o:p></span></p>
</div>
<blockquote style="border:none;border-left:solid #AAAAAA 1.5pt;padding:0in 0in 0in 4.0pt;margin-left:3.75pt;margin-top:5.0pt;margin-right:0in;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">----- Original message -----<br>
From: "Lyle Gayne" <lgayne@us.ibm.com><br>
Sent by: gpfsug-discuss-bounces@spectrumscale.org<br>
To: gpfsug main discussion list <gpfsug-discuss@spectrumscale.org><br>
Cc: Ingo Meents <MEENTS@de.ibm.com><br>
Subject: Re: [gpfsug-discuss] User Login Active Directory authentication on CES nodes with SMB protocol<br>
Date: Tue, Jan 8, 2019 2:54 PM<br>
<o:p></o:p></span></p>
<p><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Adding Ingo Meents for response</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><br>
<br>
<img width="16" height="16" style="width:.1666in;height:.1666in" id="_x0000_i1026" src="cid:image001.gif@01D4A825.447F8090" alt="Inactive hide details for "Rob Logie" ---01/08/2019 04:50:22 PM---Hi All Is there a way to enable User Login Active Directory a"></span><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#424282">"Rob
Logie" ---01/08/2019 04:50:22 PM---Hi All Is there a way to enable User Login Active Directory authentication on CES</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><br>
<br>
</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#5F5F5F">From:
</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif">"Rob Logie" <roblogie@au1.ibm.com></span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><br>
</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#5F5F5F">To:
</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif">gpfsug-discuss@spectrumscale.org</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><br>
</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#5F5F5F">Date:
</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif">01/08/2019 04:50 PM</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><br>
</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#5F5F5F">Subject:
</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif">[gpfsug-discuss] User Login Active Directory authentication on CES nodes with SMB protocol</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><br>
</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#5F5F5F">Sent by:
</span><span style="font-size:10.0pt;font-family:"Arial",sans-serif">gpfsug-discuss-bounces@spectrumscale.org</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<div class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif">
<hr size="0" width="100%" noshade="" style="color:#8091A5" align="left">
</span></div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><br>
<br>
<br>
</span><span style="font-size:9.0pt">Hi All</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><br>
</span><span style="font-size:9.0pt">Is there a way to enable User Login Active Directory authentication on CES nodes with SMB protocol that are joined to an AD domain. ? The AD authentication is working for access to the SMB shares, but not for user login
authentication on the CES nodes.</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><br>
<br>
<br>
</span><span style="font-size:9.0pt">Thanks !</span><span style="font-size:9.0pt;font-family:"Arial",sans-serif">
<o:p></o:p></span></p>
<p><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <o:p></o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0">
<tbody>
<tr>
<td width="724" style="width:543.0pt;padding:0in 0in 0in 0in">
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Arial",sans-serif">Regards,</span><br>
<b><span style="font-size:10.0pt;font-family:"Arial",sans-serif;color:#813F62">Rob Logie<br>
IT Specialist</span></b><br>
<o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p><tt><span style="font-size:12.0pt">_______________________________________________</span></tt><span style="font-size:12.0pt;font-family:"Courier New""><br>
<tt>gpfsug-discuss mailing list</tt><br>
<tt>gpfsug-discuss at spectrumscale.org</tt></span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><br>
</span><tt><span style="font-size:12.0pt"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwMFaQ&c=C9X8xNkG_lwP_-eFHTGejw&r=DopWM-bvfskhBn2zeglfyyw5U2pumni6m_QzQFYFepU&m=-xC5HBbNzLewkCoWiX54NDV2Ot9cHR8JqqV263Adf6A&s=0hU9OcUPXitAEavSzopApCsO0Or1PRmKCRO9SHr50o0&e=" target="_blank">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a></span></tt><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
<p><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <o:p></o:p></span></p>
<p><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Courier New"">_______________________________________________<br>
gpfsug-discuss mailing list<br>
gpfsug-discuss at spectrumscale.org<br>
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwMFaQ&c=C9X8xNkG_lwP_-eFHTGejw&r=DopWM-bvfskhBn2zeglfyyw5U2pumni6m_QzQFYFepU&m=-xC5HBbNzLewkCoWiX54NDV2Ot9cHR8JqqV263Adf6A&s=0hU9OcUPXitAEavSzopApCsO0Or1PRmKCRO9SHr50o0&e=" target="_blank">http://gpfsug.org/mailman/listinfo/gpfsug-discuss</a></span><span style="font-size:9.0pt;font-family:"Arial",sans-serif"><o:p></o:p></span></p>
</div>
</blockquote>
<div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Arial",sans-serif"> <o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><br>
<br>
<o:p></o:p></p>
</div>
<hr>
<div style="font-size:7.5pt; font-family: arial; font-style:normal; font-weight:normal; ">
This message is for the recipient’s use only, and may contain confidential, privileged or protected information. Any unauthorized use or dissemination of this communication is prohibited. If you received this message in error, please immediately notify the
sender and destroy all copies of this message. The recipient should check this email and any attachments for the presence of viruses, as we accept no liability for any damage caused by any virus transmitted by this email.</div>
</body>
</html>