[gpfsug-discuss] GPFS 4.2 SMB with IPA

Jan-Frode Myklebust janfrode at tanso.net
Mon Apr 11 17:43:21 BST 2016


As IPA is just an LDAP directory + kerberos, I believe you can follow
example 7 in the mmuserauth manual.


Another way would be to install your CES nodes into your domain outside of
GPFS, and use the userdefined mmuserauth config. That's how I would have
preferred to do it in an IPA managed linux environment.

But, I believe there are still some problems with it overwriting
/etc/krb5.keytab and /etc/nsswitch.conf, and stopping "sssd" unnecessarily
on mmshutdown. So you might want to make the keytab and nsswitch immutable
(chatter +i), and have some logic in f.ex. /var/mmfs/etc/mmfsup that
restarts or somehow makes sure sssd is running.

Oh.. and you'll need a shared NFS service principal in the krb5.keytab on
all nodes to be able to use failover addresses.. and same for samba (which
I think hides the ticket in /var/lib/samba/private/netlogon_creds_cli.tdb).



-jf


man. 11. apr. 2016 kl. 18.05 skrev Matt Weil <mweil at genome.wustl.edu>:

> Hello all,
>
> Is there any good documentation out there to integrate IPA with CES?
>
> Thanks
>
> Matt
>
> ____
> This email message is a private communication. The information
> transmitted, including attachments, is intended only for the person or
> entity to which it is addressed and may contain confidential, privileged,
> and/or proprietary material. Any review, duplication, retransmission,
> distribution, or other use of, or taking of any action in reliance upon,
> this information by persons or entities other than the intended recipient
> is unauthorized by the sender and is prohibited. If you have received this
> message in error, please contact the sender immediately by return email and
> delete the original message from all computer systems. Thank you.
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20160411/8bd4b751/attachment.htm>


More information about the gpfsug-discuss mailing list