[gpfsug-discuss] Integration with Active Directory

Longworth, Gethyn Gethyn.Longworth at Rolls-Royce.com
Thu Feb 25 10:42:39 GMT 2016 

Hi all,

 

I'm new to both GPFS and to this mailing list, so I thought I'd introduce
myself and one of the issues I am having.

 

I am a consultant to Rolls-Royce Aerospace currently working on a large
facilities project, part of my remit is to deliver a data system.  We
selected GPFS (sorry Spectrum Scale.) for this three clusters, with two of
the clusters using storage provided by Spectrum Accelerate, and the other by
a pair of IBM SANs and a tape library back up.

 

My current issue is to do with integration into Active Directory.  I've
configured my three node test cluster with two protocol nodes and a quorum
(version 4.2.0.1 on RHEL 7.1) as the master for an automated id mapping
system (we can't use RFC2307, as our IT department don't understand what
this is), but the problem I'm having is to do with domain joins.  The
documentation suggests that using the CES cluster hostname to register in
the domain will allow all nodes in the cluster to share the identity
mapping, but only one of my protocol nodes will authenticate - I can run
"id" on that node with a domain account and it provides the correct answer -
whereas the other will not and denies any knowledge of the domain or user.
>From a GPFS point of view, this results in a degraded CES, SMB, NFS and AUTH
state.  My small amount of AD knowledge says that this is expected - a
single entry (e.g. the cluster name) can only have one SID.

 

So I guess that my question is, what have I missed?  Is there something in
AD that I need to configure to make this work?  Does one of the nodes in the
cluster end up as the master and the other a subordinate?  How do I
configure that within the confines of mmuserauth?

 

As I said I am a bit new to this, and am essentially learning on the fly, so
any pointers that you can provide would be appreciated!

 

Cheers,

 

Gethyn Longworth

MEng CEng MIET | Consultant Systems Engineer | AEROSPACE

 

P Please consider the environment before printing this email

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20160225/efb83795/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6181 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20160225/efb83795/attachment.bin>
-------------- next part --------------
The data contained in, or attached to, this e-mail, may contain confidential information. If you have received it in error you should notify the sender immediately by reply e-mail, delete the message from your system and contact +44 (0) 3301235850 (Security Operations Centre) if you need assistance. Please do not copy it for any purpose, or disclose its contents to any other person.

An e-mail response to this address may be subject to interception or monitoring for operational reasons or for lawful business practices.

(c) 2016 Rolls-Royce plc

Registered office: 62 Buckingham Gate, London SW1E 6AT Company number: 1003142. Registered in England.

More information about the gpfsug-discuss mailing list