[gpfsug-discuss] SMB and AD authentication

Mark.Bush at siriuscom.com Mark.Bush at siriuscom.com
Mon Feb 27 19:50:17 GMT 2017 

[root at n1 ~]# mmsmb export list share2

export   path              browseable   guest ok   smb encrypt
share2   /gpfs/fs1/sales   yes          no         auto

[root at n1 ~]# ls -l /gpfs/fs1
total 0
drwxrwxrwx 2 root root 4096 Feb 25 12:33 sales


From: <gpfsug-discuss-bounces at spectrumscale.org> on behalf of Yaron Daniel <YARD at il.ibm.com>
Reply-To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date: Monday, February 27, 2017 at 1:46 PM
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Subject: Re: [gpfsug-discuss] SMB and AD authentication

Hi

Can you show the share config + ls -l on the share Fileset/Directory from the protocols nodes ?



Regards



________________________________





Yaron Daniel

 94 Em Ha'Moshavot Rd

[cid:image001.gif at 01D29100.6E55CCF0]

Server, Storage and Data Services<https://w3-03.ibm.com/services/isd/secure/client.wss/Somt?eventType=getHomePage&somtId=115>- Team Leader

 Petach Tiqva, 49527

Global Technology Services

 Israel

Phone:

+972-3-916-5672





Fax:

+972-3-916-5672





Mobile:

+972-52-8395593





e-mail:

yard at il.ibm.com





IBM Israel<http://www.ibm.com/il/he/>
















From:        "Mark.Bush at siriuscom.com" <Mark.Bush at siriuscom.com>
To:        gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date:        02/27/2017 09:41 PM
Subject:        [gpfsug-discuss] SMB and AD authentication
Sent by:        gpfsug-discuss-bounces at spectrumscale.org

________________________________



For some reason, I just can’t seem to get this to work.  I have configured my protocol nodes to authenticate to AD using the following

mmuserauth service create --type ad --data-access-method file --servers 192.168.88.3 --user-name administrator --netbios-name scale --idmap-role master --password ********* --idmap-range-size 1000000 --idmap-range 10000000-299999999 --enable-nfs-kerberos --unixmap-domains 'sirius(10000-20000)'


All goes well, I see the nodes in AD and all of the wbinfo commands show good (id Sirius\\administrator doesn’t work though), but when I try to mount an SMB share (after doing all the necessary mmsmb export stuff) I get permission denied.  I’m curious if I missed a step (followed the docs pretty much to the letter).  I’m trying Administrator, mark.bush, and a dummy aduser I created.  None seem to gain access to the share.

Protocol gurus help!  Any ideas are appreciated.


[cid:image002.png at 01D29100.6E55CCF0]
Mark R. Bush| Storage Architect
Mobile: 210-237-8415
Twitter: @bushmr<https://twitter.com/bushmr>| LinkedIn: /markreedbush<https://www.linkedin.com/in/markreedbush>
10100 Reunion Place, Suite 500, San Antonio, TX 78216
www.siriuscom.com<http://www.siriuscom.com/>|mark.bush at siriuscom.com<mailto:mark.bush at siriuscom.com>


This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. This message may be viewed by parties at Sirius Computer Solutions other than those named in the message header. This message does not contain an official representation of Sirius Computer Solutions. If you have received this communication in error, notify Sirius Computer Solutions immediately and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.

Sirius Computer Solutions<http://www.siriuscom.com/> _______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20170227/ddac21f4/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 1852 bytes
Desc: image001.gif
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20170227/ddac21f4/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 8746 bytes
Desc: image002.png
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20170227/ddac21f4/attachment-0002.png>

More information about the gpfsug-discuss mailing list