[gpfsug-discuss] Spectrum Scale for Windows Domain -UserRequirements

IBM Spectrum Scale scale at us.ibm.com
Fri Dec 7 22:55:06 GMT 2018 

Hello,

Unfortunately, to allow bidirectional passwordless ssh between 
Linux/Windows (for sole purpose of mm* commands), the literal username 
'root' is a requirement. Here are a few variations.

1.  Use domain account 'root', where 'root' belongs to "Domain Admins" 
group. This is the easiest 1-step and the recommended way.
     or
2.  Use domain account 'root', where 'root' does NOT belong to "Domain 
Admins" group. In this case, on each and every GPFS Windows node, add this 
'domain\root' account to local "Administrators" group.
     or
3.  On each and every GPFS Windows node, create a local 'root' account as 
a member of local "Administrators" group.

(1) and (2) work well reliably with Cygwin. I have seen inconsistent 
results with approach (3) wherein Cygwin passwordless ssh in incoming 
direction (linux->windows) sometimes breaks and prompts for password. Give 
it a try to see if you get better results.

If you cannot get around the 'root' literal username requirement, the 
suggested alternative is to use GPFS multi-clustering. Create a separate 
cluster of all Windows-only nodes (using mmwinrsh/mmwinrcp instead of 
ssh/scp... so that 'root' requirement is eliminated). And then remote 
mount from the Linux cluster (all non-Windows nodes) via mmauth, 
mmremotecluster and mmremotefs et al.
Regards, The Spectrum Scale (GPFS) team

------------------------------------------------------------------------------------------------------------------
If you feel that your question can benefit other users of  Spectrum Scale 
(GPFS), then please post it to the public IBM developerWroks Forum at 
https://www.ibm.com/developerworks/community/forums/html/forum?id=11111111-0000-0000-0000-000000000479
. 

If your query concerns a potential software error in Spectrum Scale (GPFS) 
and you have an IBM software maintenance contract please contact 
1-800-237-5511 in the United States or your local IBM Service Center in 
other countries. 

The forum is informally monitored as time permits and should not be used 
for priority messages to the Spectrum Scale (GPFS) team.



From:   "Grunenberg, Renar" <Renar.Grunenberg at huk-coburg.de>
To:     "gpfsug-discuss at spectrumscale.org" 
<gpfsug-discuss at spectrumscale.org>
Date:   12/06/2018 09:05 AM
Subject:        [gpfsug-discuss] Spectrum Scale for Windows Domain -User 
Requirements
Sent by:        gpfsug-discuss-bounces at spectrumscale.org



Hallo All,
 
i had a question about the domain-user root account on Windows. We have 
some requirements to restrict these level of authorization and found no 
info what is possible to change here.
Two questions:
1. It is possible to define a other Domain-Account other than as root for 
this.
2. If not, is it possible to define a local account as root on 
Windows-Clients?
 
Any hints are appreciate. 
Thanks Renar
Renar Grunenberg
Abteilung Informatik ? Betrieb

HUK-COBURG
Bahnhofsplatz
96444 Coburg
Telefon:
09561 96-44110
Telefax:
09561 96-44104
E-Mail:
Renar.Grunenberg at huk-coburg.de
Internet:
www.huk.de
HUK-COBURG Haftpflicht-Unterstützungs-Kasse kraftfahrender Beamter 
Deutschlands a. G. in Coburg
Reg.-Gericht Coburg HRB 100; St.-Nr. 9212/101/00021
Sitz der Gesellschaft: Bahnhofsplatz, 96444 Coburg
Vorsitzender des Aufsichtsrats: Prof. Dr. Heinrich R. Schradin.
Vorstand: Klaus-Jürgen Heitmann (Sprecher), Stefan Gronbach, Dr. Hans Olav 
Herøy, Dr. Jörg Rheinländer (stv.), Sarah Rössler, Daniel Thomas.
Diese Nachricht enthält vertrauliche und/oder rechtlich geschützte 
Informationen.
Wenn Sie nicht der richtige Adressat sind oder diese Nachricht irrtümlich 
erhalten haben,
informieren Sie bitte sofort den Absender und vernichten Sie diese 
Nachricht.
Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Nachricht 
ist nicht gestattet.

This information may contain confidential and/or privileged information.
If you are not the intended recipient (or have received this information 
in error) please notify the
sender immediately and destroy this information.
Any unauthorized copying, disclosure or distribution of the material in 
this information is strictly forbidden.

_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20181207/26747311/attachment.htm>

More information about the gpfsug-discuss mailing list