[gpfsug-discuss] Exporting remote GPFS mounts on a non-ces SMB share

Simon Thompson S.J.Thompson at bham.ac.uk
Thu Mar 7 23:00:46 GMT 2019


There is a custom Auth mode I think that allows you to use ad for Auth and LDAP for identity. You'd could do what you wanted but you'd need another LDAP instance that mapped the ad usernames to the UID that is only used by SMB. 

Hack yes.

Simon
________________________________________
From: gpfsug-discuss-bounces at spectrumscale.org [gpfsug-discuss-bounces at spectrumscale.org] on behalf of valleru at cbio.mskcc.org [valleru at cbio.mskcc.org]
Sent: 07 March 2019 22:10
To: gpfsug-discuss at spectrumscale.org; gpfsug main discussion list
Subject: Re: [gpfsug-discuss] Exporting remote GPFS mounts on a non-ces SMB share

We have many current usernames from LDAP that do not exactly match with the usernames from AD.
Unfortunately, i guess CES SMB will need us to use either AD or LDAP or use the same usernames in both AD and LDAP.
I have been looking for a solution where could map the different usernames from LDAP and AD but have not found a solution. So exploring ways to do this from RHEL SMB.
I would appreciate if you have any solution to this issue.

As of now we use LDAP uids/gids and SSH keys for authentication to the HPC cluster.
We want to use CES SMB to export the same mounts which have LDAP usernames/uids/gids however because of different usernames in AD - it has become a challenge.
Even if we do find a solution to this, i want to be able to use AD authentication for SMB and ssh key authentication for NFS.

The above are the reasons we are just using CES with NFS and user defined authentication for users to have access with login through ssh keys.

Regards,
Lohit

On Mar 7, 2019, 3:12 PM -0600, Andrew Beattie <abeattie at au1.ibm.com>, wrote:
That would not be supported

You shouldn't publish a remote mount Protocol cluster , and then connect a native client to that cluster and create a non CES protocol export
if you are going to use a Protocol cluster that's how you present your protocols.
otherwise don't set up the remote mount cluster.

Why are you trying to publish a non HA RHEL SMB share instead of using the HA CES protocols?
Andrew Beattie
File and Object Storage Technical Specialist - A/NZ
IBM Systems - Storage
Phone: 614-2133-7927
E-mail: abeattie at au1.ibm.com<mailto:abeattie at au1.ibm.com>


----- Original message -----
From: valleru at cbio.mskcc.org
Sent by: gpfsug-discuss-bounces at spectrumscale.org
To: gpfsug-discuss at spectrumscale.org, gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
Cc:
Subject: Re: [gpfsug-discuss] Exporting remote GPFS mounts on a non-ces SMB share
Date: Fri, Mar 8, 2019 7:05 AM

Thank you Andrew.

However, we are not using SMB from the CES cluster but instead running a Redhat based SMB on a GPFS client of the CES cluster and exporting it from the GPFS client.
Is the above supported, and not known to cause any issues?

Regards,
Lohit

On Mar 7, 2019, 2:45 PM -0600, Andrew Beattie <abeattie at au1.ibm.com>, wrote:

https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.2/com.ibm.spectrum.scale.v5r02.doc/bl1adv_configprotocolsonremotefs.htm
_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss


_______________________________________________
gpfsug-discuss mailing list
gpfsug-discuss at spectrumscale.org
http://gpfsug.org/mailman/listinfo/gpfsug-discuss



More information about the gpfsug-discuss mailing list