[gpfsug-discuss] SMB and AD authentication

Laurence Horrocks-Barlow laurence at qsplace.co.uk
Mon Feb 27 19:46:59 GMT 2017


Do you have UID/GID for the user in your AD schema? or the rfc 2307 extended schema?

AFAIK it uses winbinds IDMAP so requires rfc 2307 attributes rather than using the windows SID and working the UID/GID using autorid etc.

-- Lauz

On 27 February 2017 19:40:57 GMT+00:00, "Mark.Bush at siriuscom.com" <Mark.Bush at siriuscom.com> wrote:
>For some reason, I just can’t seem to get this to work.  I have
>configured my protocol nodes to authenticate to AD using the following
>
>mmuserauth service create --type ad --data-access-method file --servers
>192.168.88.3 --user-name administrator --netbios-name scale
>--idmap-role master --password ********* --idmap-range-size 1000000
>--idmap-range 10000000-299999999 --enable-nfs-kerberos
>--unixmap-domains 'sirius(10000-20000)'
>
>
>All goes well, I see the nodes in AD and all of the wbinfo commands
>show good (id Sirius\\administrator doesn’t work though), but when I
>try to mount an SMB share (after doing all the necessary mmsmb export
>stuff) I get permission denied.  I’m curious if I missed a step
>(followed the docs pretty much to the letter).  I’m trying
>Administrator, mark.bush, and a dummy aduser I created.  None seem to
>gain access to the share.
>
>Protocol gurus help!  Any ideas are appreciated.
>
>
>[id:image001.png at 01D2709D.6EF65720]
>Mark R. Bush| Storage Architect
>Mobile: 210-237-8415
>Twitter: @bushmr<https://twitter.com/bushmr> | LinkedIn:
>/markreedbush<https://www.linkedin.com/in/markreedbush>
>10100 Reunion Place, Suite 500, San Antonio, TX 78216
>www.siriuscom.com<http://www.siriuscom.com/>
>|mark.bush at siriuscom.com<mailto:mark.bush at siriuscom.com>
>
>
>This message (including any attachments) is intended only for the use
>of the individual or entity to which it is addressed and may contain
>information that is non-public, proprietary, privileged, confidential,
>and exempt from disclosure under applicable law. If you are not the
>intended recipient, you are hereby notified that any use,
>dissemination, distribution, or copying of this communication is
>strictly prohibited. This message may be viewed by parties at Sirius
>Computer Solutions other than those named in the message header. This
>message does not contain an official representation of Sirius Computer
>Solutions. If you have received this communication in error, notify
>Sirius Computer Solutions immediately and (i) destroy this message if a
>facsimile or (ii) delete this message immediately if this is an
>electronic communication. Thank you.
>
>Sirius Computer Solutions<http://www.siriuscom.com>

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20170227/86549feb/attachment.htm>


More information about the gpfsug-discuss mailing list