[gpfsug-discuss] Issues getting SMB shares working.
Jan-Frode Myklebust
janfrode at tanso.net
Thu Mar 2 20:42:23 GMT 2017
Ouch, yes..
Then the switch to mmuserauth is more difficult. I would recommend setting
up a lab cluster (only need a single node), and use mmuserauth to connect
it to AD and see that you get both kerberized NFS and SMB working by
default there, before doing the same on your production cluster.
-jf
tor. 2. mar. 2017 kl. 16.42 skrev Aidan Richmond <a.g.richmond at leeds.ac.uk>:
> mmnfs export list -n /absl/SCRATCH
> Path Delegations Clients Access_Type Protocols Transports
> Squash Anonymous_uid Anonymous_gid SecType PrivilegedPort
> DefaultDelegations Manage_Gids NFS_Commit
>
> -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> /absl/SCRATCH none * RW 4 TCP
> ROOT_SQUASH -2 -2 KRB5I FALSE none
> FALSE FALSE
> /absl/SCRATCH none fbscpcu097 RW 3 TCP
> ROOT_SQUASH -2 -2 sys FALSE none
> FALSE FALSE
>
>
> Ignore the fbscpcu097 entry, I think my departed colleague was just
> using that for testing, the NFS clients all access it though nfsv4 which
> looks to be using kerberos from this.
>
> On 01/03/17 20:21, Jan-Frode Myklebust wrote:
> > This looks to me like a quite plain SYS authorized NFS, maybe also verify
> > that the individual NFS shares has sec=sys with "mmnfs export list -n
> > /absl/SCRATCH".
> >
> >
> > If you check "man mmuserauth" there are quite clear examples for how to
> > connect it to AD populated with unix id and gid. I don't think this will
> > affect your NFS service, since there doesn't seem to be any kerberos
> > involved.
> >
> > But, please beware that mmuserauth will overwrite any customized
> sssd.conf,
> > krb5.conf, winbind, etc.. As it configures the authentication for the
> whole
> > host, not just samba/nfs-services.
> >
> >
> > -jf
> >
> > ons. 1. mar. 2017 kl. 16.22 skrev Aidan Richmond <
> a.g.richmond at leeds.ac.uk>:
> >
> >> mmnfs export list
> >> Path Delegations Clients
> >> -------------------------------------
> >> /absl/SCRATCH none *
> >> /absl/SCRATCH none fbscpcu097
> >>
> >> mmnfs config list
> >>
> >> NFS Ganesha Configuration:
> >> ==========================
> >> NFS_PROTOCOLS: 3,4
> >> NFS_PORT: 2049
> >> MNT_PORT: 0
> >> NLM_PORT: 0
> >> RQUOTA_PORT: 0
> >> SHORT_FILE_HANDLE: FALSE
> >> LEASE_LIFETIME: 60
> >> DOMAINNAME: LEEDS.AC.UK
> >> DELEGATIONS: Disabled
> >> ==========================
> >>
> >> STATD Configuration
> >> ==========================
> >> STATD_PORT: 0
> >> ==========================
> >>
> >> CacheInode Configuration
> >> ==========================
> >> ENTRIES_HWMARK: 1500000
> >> ==========================
> >>
> >> Export Defaults
> >> ==========================
> >> ACCESS_TYPE: NONE
> >> PROTOCOLS: 3,4
> >> TRANSPORTS: TCP
> >> ANONYMOUS_UID: -2
> >> ANONYMOUS_GID: -2
> >> SECTYPE: SYS
> >> PRIVILEGEDPORT: FALSE
> >> MANAGE_GIDS: FALSE
> >> SQUASH: ROOT_SQUASH
> >> NFS_COMMIT: FALSE
> >> ==========================
> >>
> >> Log Configuration
> >> ==========================
> >> LOG_LEVEL: EVENT
> >> ==========================
> >>
> >> Idmapd Configuration
> >> ==========================
> >> DOMAIN: DS.LEEDS.AC.UK
> >> ==========================
> >>
>
> --
> Aidan Richmond
> Apple/Unix Support Officer, IT
> Garstang 10.137
> Faculty of Biological Sciences
> University of Leeds
> Clarendon Way
> LS2 9JT
>
> Tel:0113 3434252
> a.g.richmond at leeds.ac.uk
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20170302/17277507/attachment-0002.htm>
More information about the gpfsug-discuss
mailing list