[gpfsug-discuss] SS 4.2.1 + CES NFS / SMB
Yaron Daniel
YARD at il.ibm.com
Mon Nov 14 20:05:11 GMT 2016
Hi
The protocols CES nodes are configure to get users data from the AD, so
all files there show as "DOMain\User" output.
When files created from NFSv3 is will have the same UID as in the CES
nodes - but different user name - and there is mismatch when u work with
NFSv4.
Since NFSv4 check for "Domain\user" format - in both server & client u
must have the same username in the CES & Nodes.
Now - if files were create from CIFS share , i guess you will not have
problem to define in the ACL inherent permissions so each file will be
created with Domain\User , and when u mount it from NFSv3 it will take the
UID - and have the right permissions.
One more thing - in case u see permissions for files create from CIFS like
this:
d --- --- ---
Put in the CIFS share the OWNER USER + OWNER group ACL inherent
permissions , this will show u the right permissions when working with
NFSv3.
Regards
Yaron Daniel
94 Em Ha'Moshavot Rd
Server, Storage and Data Services - Team Leader
Petach Tiqva, 49527
Global Technology Services
Israel
Phone:
+972-3-916-5672
Fax:
+972-3-916-5672
Mobile:
+972-52-8395593
e-mail:
yard at il.ibm.com
IBM Israel
From: "Mark.Bush at siriuscom.com" <Mark.Bush at siriuscom.com>
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date: 11/14/2016 09:48 PM
Subject: Re: [gpfsug-discuss] SS 4.2.1 + CES NFS / SMB
Sent by: gpfsug-discuss-bounces at spectrumscale.org
I don?t have the exact answer to this issue but I had dealt with something
similar before. I?m thinking this may have something to do with NFSv4
needing to be kerberized to work with AD? Again, not really sure on the
SpecScale specifics here but worth seeing if you need Kerberos as well to
get this to authenticate properly with AD and NFSv4.
From: <gpfsug-discuss-bounces at spectrumscale.org> on behalf of Andy Parker1
<andy_parker1 at uk.ibm.com>
Reply-To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date: Friday, November 11, 2016 at 10:20 AM
To: "gpfsug-discuss at spectrumscale.org" <gpfsug-discuss at spectrumscale.org>
Subject: [gpfsug-discuss] SS 4.2.1 + CES NFS / SMB
We have setup a small cluster to test, play & learn about the protocol
servers. We have setup mmuserauth for AD + RFC2307 and
we can share and access data via SMB and access is on windows clients with
no issues.
The file DAC of a file created via windows looks like this from the SS
cesNode:
$ ls -l
total 0
-rwxr--r-- 1 SPECTRUMSCALE\newmanjo SPECTRUMSCALE\ces-admins 33 Nov 10
17:29 helloworld.txt
The NFS protocol is also exported for NFS 3,4 and when mount using NFS
version '3' from an AIX 7.1 server I see also
OK DAC names uid / group, so the UID mapping is working. The AIX is
linked to the AD for LDAP account services and
I can query accounts and get shell logon for accounts defined within AD
for unix services.
# ls -l ( from AIX client NFS V3)
total 0
-rwxr--r-- 1 newmanjo ces-admi 33 10 Nov 17:29 helloworld.txt
Now the Problem:
When I mount the AIX client as NFS4 I do no see the user/group names. I
know NFS4 passes names and not UID/GID numbers so I
guess this is linked.
# pwd
/mnt/ibm/hurss/share1
# ls -l ( from AIX client NFS V4)
total 0
-rwxr--r-- 1 nobody nobody 33 10 Nov 17:29 helloworld.txt
On the AIX server I have set NFS domain to virtual1.com
# chnfsdom
Current local domain: virtual1.com
This matches the DOMAIN from the mmnfs config list domain ( not 100% sure
this is correct)
[root at hurss4 ~]# mmnfs config list
NFS Ganesha Configuration:
==========================
NFS_PROTOCOLS: 3,4
NFS_PORT: 2049
MNT_PORT: 0
NLM_PORT: 0
RQUOTA_PORT: 0
SHORT_FILE_HANDLE: FALSE
LEASE_LIFETIME: 60
DOMAINNAME: VIRTUAL1.COM
DELEGATIONS: Disabled
Also the 'nfsrgyd' a name translation service for NFS servers and clients
is running.
lssrc -s nfsrgyd
Subsystem Group PID Status
nfsrgyd nfs 8585412 active
Summary / Question:
Can anybody explain why I do not see userID / Group names when viewing
via a NFS4 client and ideally how to fix this.
Rgds Andy P
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
This message (including any attachments) is intended only for the use of
the individual or entity to which it is addressed and may contain
information that is non-public, proprietary, privileged, confidential, and
exempt from disclosure under applicable law. If you are not the intended
recipient, you are hereby notified that any use, dissemination,
distribution, or copying of this communication is strictly prohibited.
This message may be viewed by parties at Sirius Computer Solutions other
than those named in the message header. This message does not contain an
official representation of Sirius Computer Solutions. If you have received
this communication in error, notify Sirius Computer Solutions immediately
and (i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication. Thank you.
Sirius Computer Solutions _______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20161114/75d28a2b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1851 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20161114/75d28a2b/attachment.gif>
More information about the gpfsug-discuss
mailing list