[gpfsug-discuss] Exporting remote GPFS mounts on a non-ces SMB share

valleru at cbio.mskcc.org valleru at cbio.mskcc.org
Thu Mar 7 23:29:49 GMT 2019


Thanks a lot Andrew.

It does look promising but It does not strike me immediately on how this could solve the SMB export where user authenticates with an AD username but the gpfs files that are present are owned by LDAP username.
May be you are saying that if i enable GPFS to use these scripts - then GPFS will map the AD username to the LDAP username?

I found this url too..

https://www.ibm.com/support/knowledgecenter/en/SSFKCN/com.ibm.cluster.gpfs.doc/gpfs_uid/uid_gpfs.html

I will give it a read, try to understand how to implement it and get back if i have any more questions.

If this works, it should help me configure and use the CES SMB. (Hopefully, CES file based authentication will allow both ssh key authentication for NFS and AD for SMB in same CES cluster).

Regards,
Lohit

On Mar 7, 2019, 4:52 PM -0600, Andrew Beattie <abeattie at au1.ibm.com>, wrote:
> Lohit
>
> Have you looked at mmUIDtoName mmNametoUID
>
> Yes it will require some custom scripting on your behalf but it would be a far more elegant solution and not run the risk of data corruption issues.
>
> There is at least one university on this mailing list that is doing exactly what you are talking about, and they successfully use
> mmUIDtoName / mmNametoUID  to provide the relevant mapping between different authentication environments - both internally in the university and externally from other institutions.
>
> They use AFM to move data between different storage clusters, and mmUIDtoName / mmNametoUID, to manage the ACL and permissions, they then move the data from the AFM filesystem to the HPC scratch filesystem for processing by the HPC (different filesystems within the same cluster)
>
>
> Regards,
> Andrew Beattie
> File and Object Storage Technical Specialist - A/NZ
> IBM Systems - Storage
> Phone: 614-2133-7927
> E-mail: abeattie at au1.ibm.com
>
>
> > ----- Original message -----
> > From: valleru at cbio.mskcc.org
> > Sent by: gpfsug-discuss-bounces at spectrumscale.org
> > To: gpfsug-discuss at spectrumscale.org, gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
> > Cc:
> > Subject: Re: [gpfsug-discuss] Exporting remote GPFS mounts on a non-ces SMB share
> > Date: Fri, Mar 8, 2019 8:21 AM
> >
> > We have many current usernames from LDAP that do not exactly match with the usernames from AD.
> > Unfortunately, i guess CES SMB will need us to use either AD or LDAP or use the same usernames in both AD and LDAP.
> > I have been looking for a solution where could map the different usernames from LDAP and AD but have not found a solution. So exploring ways to do this from RHEL SMB.
> > I would appreciate if you have any solution to this issue.
> >
> > As of now we use LDAP uids/gids and SSH keys for authentication to the HPC cluster.
> > We want to use CES SMB to export the same mounts which have LDAP usernames/uids/gids however because of different usernames in AD - it has become a challenge.
> > Even if we do find a solution to this, i want to be able to use AD authentication for SMB and ssh key authentication for NFS.
> >
> > The above are the reasons we are just using CES with NFS and user defined authentication for users to have access with login through ssh keys.
> >
> > Regards,
> > Lohit
> >
> > On Mar 7, 2019, 3:12 PM -0600, Andrew Beattie <abeattie at au1.ibm.com>, wrote:
> > > That would not be supported
> > >
> > > You shouldn't publish a remote mount Protocol cluster , and then connect a native client to that cluster and create a non CES protocol export
> > > if you are going to use a Protocol cluster that's how you present your protocols.
> > > otherwise don't set up the remote mount cluster.
> > >
> > > Why are you trying to publish a non HA RHEL SMB share instead of using the HA CES protocols?
> > > Andrew Beattie
> > > File and Object Storage Technical Specialist - A/NZ
> > > IBM Systems - Storage
> > > Phone: 614-2133-7927
> > > E-mail: abeattie at au1.ibm.com
> > >
> > >
> > > > ----- Original message -----
> > > > From: valleru at cbio.mskcc.org
> > > > Sent by: gpfsug-discuss-bounces at spectrumscale.org
> > > > To: gpfsug-discuss at spectrumscale.org, gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
> > > > Cc:
> > > > Subject: Re: [gpfsug-discuss] Exporting remote GPFS mounts on a non-ces SMB share
> > > > Date: Fri, Mar 8, 2019 7:05 AM
> > > >
> > > > Thank you Andrew.
> > > >
> > > > However, we are not using SMB from the CES cluster but instead running a Redhat based SMB on a GPFS client of the CES cluster and exporting it from the GPFS client.
> > > > Is the above supported, and not known to cause any issues?
> > > >
> > > > Regards,
> > > > Lohit
> > > >
> > > > On Mar 7, 2019, 2:45 PM -0600, Andrew Beattie <abeattie at au1.ibm.com>, wrote:
> > > > >
> > > > > https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.2/com.ibm.spectrum.scale.v5r02.doc/bl1adv_configprotocolsonremotefs.htm
> > > > _______________________________________________
> > > > gpfsug-discuss mailing list
> > > > gpfsug-discuss at spectrumscale.org
> > > > http://gpfsug.org/mailman/listinfo/gpfsug-discuss
> > >
> > >
> > > _______________________________________________
> > > gpfsug-discuss mailing list
> > > gpfsug-discuss at spectrumscale.org
> > > http://gpfsug.org/mailman/listinfo/gpfsug-discuss
> > _______________________________________________
> > gpfsug-discuss mailing list
> > gpfsug-discuss at spectrumscale.org
> > http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>
>
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20190307/91e927ef/attachment-0002.htm>


More information about the gpfsug-discuss mailing list