[gpfsug-discuss] User Login Active Directory authentication on CES nodes with SMB protocol

Christopher Black cblack at nygenome.org
Wed Jan 9 19:11:40 GMT 2019 

We use realmd and some automation for sssd configs to get linux hosts to have local login and ssh tied to AD accounts, however we do not apply these configs on our protocol nodes.

From: <gpfsug-discuss-bounces at spectrumscale.org> on behalf of Christof Schmitt <christof.schmitt at us.ibm.com>
Reply-To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date: Wednesday, January 9, 2019 at 2:03 PM
To: "gpfsug-discuss at spectrumscale.org" <gpfsug-discuss at spectrumscale.org>
Cc: "gpfsug-discuss at spectrumscale.org" <gpfsug-discuss at spectrumscale.org>, Ingo Meents <MEENTS at de.ibm.com>
Subject: Re: [gpfsug-discuss] User Login Active Directory authentication on CES nodes with SMB protocol

There is the PAM module that would forward authentication requests to winbindd:
/usr/lpp/mmfs/lib64/security/pam_gpfs-winbind.so
In theory that can be added to the PAM configuration in /etc/pam.d/. On the other hand, we have never tested this nor claimed support, so there might be reasons why this won't work.

Other customers have configured sssd manually in addition to the Scale authentication to allow user logon and authentication for sudo.

If the request here is to configure AD authentication through mmuserauth and that should also provide user logon, that should probably be treated as a feature request through RFE.

Regards,

Christof Schmitt || IBM || Spectrum Scale Development || Tucson, AZ
christof.schmitt at us.ibm.com  ||  +1-520-799-2469    (T/L: 321-2469)


----- Original message -----
From: "Lyle Gayne" <lgayne at us.ibm.com>
Sent by: gpfsug-discuss-bounces at spectrumscale.org
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Cc: Ingo Meents <MEENTS at de.ibm.com>
Subject: Re: [gpfsug-discuss] User Login Active Directory authentication on CES nodes with SMB protocol
Date: Tue, Jan 8, 2019 2:54 PM


Adding Ingo Meents for response

[Inactive hide details for "Rob Logie" ---01/08/2019 04:50:22 PM---Hi All Is there a way to enable User Login Active Directory a]"Rob Logie" ---01/08/2019 04:50:22 PM---Hi All Is there a way to enable User Login Active Directory authentication on CES

From: "Rob Logie" <roblogie at au1.ibm.com>
To: gpfsug-discuss at spectrumscale.org
Date: 01/08/2019 04:50 PM
Subject: [gpfsug-discuss] User Login Active Directory authentication on CES nodes with SMB protocol
Sent by: gpfsug-discuss-bounces at spectrumscale.org

________________________________



Hi All
Is there a way to enable User Login Active Directory authentication on CES nodes with SMB protocol that are joined to an AD domain. ? The AD authentication is working for access to the SMB shares, but not for user login authentication on the CES nodes.


Thanks !


Regards,
Rob Logie
IT Specialist



_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwMFaQ&c=C9X8xNkG_lwP_-eFHTGejw&r=DopWM-bvfskhBn2zeglfyyw5U2pumni6m_QzQFYFepU&m=-xC5HBbNzLewkCoWiX54NDV2Ot9cHR8JqqV263Adf6A&s=0hU9OcUPXitAEavSzopApCsO0Or1PRmKCRO9SHr50o0&e=>




_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwMFaQ&c=C9X8xNkG_lwP_-eFHTGejw&r=DopWM-bvfskhBn2zeglfyyw5U2pumni6m_QzQFYFepU&m=-xC5HBbNzLewkCoWiX54NDV2Ot9cHR8JqqV263Adf6A&s=0hU9OcUPXitAEavSzopApCsO0Or1PRmKCRO9SHr50o0&e=>



________________________________
This message is for the recipient’s use only, and may contain confidential, privileged or protected information. Any unauthorized use or dissemination of this communication is prohibited. If you received this message in error, please immediately notify the sender and destroy all copies of this message. The recipient should check this email and any attachments for the presence of viruses, as we accept no liability for any damage caused by any virus transmitted by this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20190109/1a528981/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 106 bytes
Desc: image001.gif
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20190109/1a528981/attachment-0002.gif>

More information about the gpfsug-discuss mailing list