[gpfsug-discuss] Kerberos NFS

Sobey, Richard A r.sobey at imperial.ac.uk
Wed Jan 24 16:13:01 GMT 2018


Gosh.. Seriously? I need downtime to enable NFS? Can that change in future releases? I have major issues configuring Ad file auth and I would not be confident getting my SMB working again in a timely manner.

Thanks for letting me know anyway.

Get Outlook for Android<https://aka.ms/ghei36>

________________________________
From: gpfsug-discuss-bounces at spectrumscale.org <gpfsug-discuss-bounces at spectrumscale.org> on behalf of Chetan R Kulkarni <chetkulk at in.ibm.com>
Sent: Wednesday, January 24, 2018 9:37:01 AM
To: gpfsug main discussion list
Subject: Re: [gpfsug-discuss] Kerberos NFS


Hi,

One can't enable/disable smb/nfs service if file authentication is already configured.
Hence, with your already existing config; you can't enable NFS service directly.
You need to re-configure file authentication (i.e. remove file auth, enable nfs service; configure file auth).

May be following sequence of commands will help you.

mmuserauth service remove --data-access-method file
mmces service enable nfs
mmces service list -a # check nfs is enabled and running
mmuserauth service create --data-access-method file --type ad ..... # please complete this command as per your set up details (the way you already configured)

FYI, Enabling NFS service won't affect other services.

Thanks,
Chetan.

[Inactive hide details for "Sobey, Richard A" ---01/23/2018 04:42:33 PM---Many thanks Chetan. Next question, does enabling the N]"Sobey, Richard A" ---01/23/2018 04:42:33 PM---Many thanks Chetan. Next question, does enabling the NFS service on CES cause any existing services

From: "Sobey, Richard A" <r.sobey at imperial.ac.uk>
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Date: 01/23/2018 04:42 PM
Subject: Re: [gpfsug-discuss] Kerberos NFS
Sent by: gpfsug-discuss-bounces at spectrumscale.org
________________________________



Many thanks Chetan. Next question, does enabling the NFS service on CES cause any existing services to halt/timeout/fail/stop/go slow/cause an earthquake or is it completely transparent? My existing config is:

FILE access configuration : AD
PARAMETERS VALUES
-------------------------------------------------
ENABLE_NFS_KERBEROS true
SERVERS server.domain
USER_NAME username
NETBIOS_NAME store
IDMAP_ROLE master
IDMAP_RANGE 10000000-299999999
IDMAP_RANGE_SIZE 1000000
UNIXMAP_DOMAINS DOMAIN(500 - 2000000)
LDAPMAP_DOMAINS none

OBJECT access not configured
PARAMETERS VALUES


Enabled services: SMB
SMB is running

Thanks
Richard

From: gpfsug-discuss-bounces at spectrumscale.org [mailto:gpfsug-discuss-bounces at spectrumscale.org] On Behalf Of Chetan R Kulkarni
Sent: 23 January 2018 09:30
To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Subject: Re: [gpfsug-discuss] Kerberos NFS

Hi,

https://www.ibm.com/support/knowledgecenter/en/STXKQY/gpfsclustersfaq.html#protoreqs

Typically it should work on CentOS since we know it works on RHEL.

Thanks,
Chetan.

[Inactive hide details for "Sobey, Richard A" ---01/18/2018 08:41:06 PM---Quick starter for 10: *should* I be able to create a f]"Sobey, Richard A" ---01/18/2018 08:41:06 PM---Quick starter for 10: *should* I be able to create a file authentication definition using -enable-nf

From: "Sobey, Richard A" <r.sobey at imperial.ac.uk<mailto:r.sobey at imperial.ac.uk>>
To: "'gpfsug-discuss at spectrumscale.org'" <gpfsug-discuss at spectrumscale.org<mailto:gpfsug-discuss at spectrumscale.org>>
Date: 01/18/2018 08:41 PM
Subject: [gpfsug-discuss] Kerberos NFS
Sent by: gpfsug-discuss-bounces at spectrumscale.org<mailto:gpfsug-discuss-bounces at spectrumscale.org>

________________________________




Quick starter for 10: *should* I be able to create a file authentication definition using –enable-nfs-kerberos on CentOS 7.4? Or is this strictly for use with real RHEL nodes?

Using SS 4.2.3 and 5.

Thanks
Richard_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=uic-29lyJ5TCiTRi0FyznYhKJx5I7Vzu80WyYuZ4_iM&m=srqIkj3LKkatqQqyFKDDC2PliL3RusFC6lXPDz2iT3s&s=dwpAnqcDbbmQd8IY2XJJv0CwNAOurVJqyEyq-8q6akY&e=

_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwICAg&c=jf_iaSHvJObTbx-siA1ZOg&r=uic-29lyJ5TCiTRi0FyznYhKJx5I7Vzu80WyYuZ4_iM&m=mn6WfAqcjuBRZT4DaqmRBJ7KKacO2ma_baqc0GPm0PU&s=7ItSqugWx9SDxGAB2Odvj6oWUoFCiCzOH7cHdvRszY4&e=



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180124/9bc5429a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: graycol.gif
Type: image/gif
Size: 105 bytes
Desc: graycol.gif
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20180124/9bc5429a/attachment.gif>


More information about the gpfsug-discuss mailing list