[gpfsug-discuss] SS 4.2.1 + CES NFS / SMB

Yaron Daniel YARD at il.ibm.com
Mon Nov 14 20:05:11 GMT 2016 

Hi

The protocols CES nodes are configure to get users data from the AD, so 
all files there show as "DOMain\User" output.

When files created from NFSv3 is will have the same UID as in the CES 
nodes - but different user name - and there is mismatch when u work with 
NFSv4.

Since NFSv4 check for "Domain\user" format - in both server & client u 
must have the same username in the CES & Nodes.

Now - if files were create from CIFS share , i guess you will not have 
problem to define in the ACL inherent permissions so each file will be 
created with Domain\User , and when u mount it from NFSv3 it will take the 
UID - and have the right permissions.

One more thing - in case u see permissions for files create from CIFS like 
this:
d --- --- ---

Put in the CIFS share the OWNER USER + OWNER group ACL inherent 
permissions , this will show u the right permissions when working with 
NFSv3.
 
Regards
 


 
 
Yaron Daniel
 94 Em Ha'Moshavot Rd

Server, Storage and Data Services - Team Leader  
 Petach Tiqva, 49527
Global Technology Services
 Israel
Phone:
+972-3-916-5672
 
 
Fax:
+972-3-916-5672
 
 
Mobile:
+972-52-8395593
 
 
e-mail:
yard at il.ibm.com
 
 
IBM Israel
 
 
 
 

 



From:   "Mark.Bush at siriuscom.com" <Mark.Bush at siriuscom.com>
To:     gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date:   11/14/2016 09:48 PM
Subject:        Re: [gpfsug-discuss] SS 4.2.1 + CES NFS / SMB
Sent by:        gpfsug-discuss-bounces at spectrumscale.org



I don?t have the exact answer to this issue but I had dealt with something 
similar before.  I?m thinking this may have something to do with NFSv4 
needing to be kerberized to work with AD?  Again, not really sure on the 
SpecScale specifics here but worth seeing if you need Kerberos as well to 
get this to authenticate properly with AD and NFSv4.
 
 
 
From: <gpfsug-discuss-bounces at spectrumscale.org> on behalf of Andy Parker1 
<andy_parker1 at uk.ibm.com>
Reply-To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date: Friday, November 11, 2016 at 10:20 AM
To: "gpfsug-discuss at spectrumscale.org" <gpfsug-discuss at spectrumscale.org>
Subject: [gpfsug-discuss] SS 4.2.1 + CES NFS / SMB
 
We have setup a small cluster to test, play & learn about the protocol 
servers.  We have setup mmuserauth for AD + RFC2307 and 
we can share and access data via SMB and access is on windows clients with 
no issues. 

The file DAC of a file created via windows looks like this from the SS 
cesNode: 

$ ls -l 
total 0 
-rwxr--r-- 1 SPECTRUMSCALE\newmanjo SPECTRUMSCALE\ces-admins 33 Nov 10 
17:29 helloworld.txt 


The NFS protocol is also exported for  NFS 3,4  and when mount using  NFS 
version '3' from an AIX 7.1 server I see also 
OK DAC names uid / group, so the UID mapping is working.  The AIX is 
linked to the AD for LDAP account services and 
I can query accounts and get shell logon for accounts defined within AD 
for unix services. 

# ls -l   ( from AIX client NFS V3) 
total 0 
-rwxr--r--    1 newmanjo ces-admi         33 10 Nov 17:29 helloworld.txt 

Now the Problem: 
When I mount the AIX client as NFS4  I do no see the  user/group names.  I 
know NFS4 passes names and not UID/GID numbers so I 
guess this is linked. 

# pwd 
/mnt/ibm/hurss/share1 
# ls -l    ( from AIX client NFS V4) 
total 0 
-rwxr--r--    1 nobody   nobody           33 10 Nov 17:29 helloworld.txt 

On the AIX server I have set NFS domain to virtual1.com 

# chnfsdom 
Current local domain: virtual1.com 

This matches the DOMAIN from the mmnfs config list domain ( not 100% sure 
this is correct) 

[root at hurss4 ~]# mmnfs config list 

NFS Ganesha Configuration: 
========================== 
NFS_PROTOCOLS: 3,4 
NFS_PORT: 2049 
MNT_PORT: 0 
NLM_PORT: 0 
RQUOTA_PORT: 0 
SHORT_FILE_HANDLE: FALSE 
LEASE_LIFETIME: 60 
DOMAINNAME: VIRTUAL1.COM 
DELEGATIONS: Disabled 

Also the 'nfsrgyd'  a name translation service for NFS servers and clients 
is running. 

lssrc -s nfsrgyd 
Subsystem         Group            PID          Status 
 nfsrgyd          nfs              8585412      active 

Summary / Question: 

Can anybody explain why I do not see userID / Group names when  viewing 
via a NFS4 client and ideally how to fix this. 

Rgds Andy P 

Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 
741598. 
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU

This message (including any attachments) is intended only for the use of 
the individual or entity to which it is addressed and may contain 
information that is non-public, proprietary, privileged, confidential, and 
exempt from disclosure under applicable law. If you are not the intended 
recipient, you are hereby notified that any use, dissemination, 
distribution, or copying of this communication is strictly prohibited. 
This message may be viewed by parties at Sirius Computer Solutions other 
than those named in the message header. This message does not contain an 
official representation of Sirius Computer Solutions. If you have received 
this communication in error, notify Sirius Computer Solutions immediately 
and (i) destroy this message if a facsimile or (ii) delete this message 
immediately if this is an electronic communication. Thank you. 
Sirius Computer Solutions _______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20161114/75d28a2b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1851 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20161114/75d28a2b/attachment.gif>

More information about the gpfsug-discuss mailing list