[gpfsug-discuss] gpfsug-discuss Digest, Vol 88, Issue 19

L.walid (PowerM) l.walid at powerm.ma
Mon May 20 00:39:31 BST 2019


Hi,

Thanks for the feedback, i have tried the suggested command :

mmuserauth service create --data-access-method file --type ad --servers
powermdomain.powerm.ma --user-name cn=walid,cn=users,dc=powerm,dc=ma
--idmap-role master --netbios-name scaleces --unixmap-domains
"DOMAIN_NETBIOS_NAME(10000-9999999)"
Enter Active Directory User 'cn=walid,cn=users,dc=powerm,dc=ma' password:
Invalid credentials specified for the server powermdomain.powerm.ma
mmuserauth service create: Command failed. Examine previous error messages
to determine cause.



[root at scale1 ~]# mmuserauth service create --data-access-method file --type
ad --servers powermdomain.powerm.ma --user-name walid --idmap-role master
--netbios-name scaleces --unixmap-domains
"DOMAIN_NETBIOS_NAME(10000-9999999)"
Enter Active Directory User 'walid' password:
Invalid credentials specified for the server powermdomain.powerm.ma
mmuserauth service create: Command failed. Examine previous error messages
to determine cause.



i tried both domain qualifier and plain user in the --name parameters but i
get Invalid Credentials (knowing that walid is an Administrator in Active
Directory)

[root at scale1 ~]# ldapsearch -H ldap://powermdomain.powerm.ma -x -W -D "
walid at powerm.ma" -b "dc=powerm,dc=ma" "(sAMAccountName=walid)"
Enter LDAP Password:
# extended LDIF
#
# LDAPv3
# base <dc=powerm,dc=ma> with scope subtree
# filter: (sAMAccountName=walid)
# requesting: ALL
#

# Walid, Users, powerm.ma
dn: CN=Walid,CN=Users,DC=powerm,DC=ma
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Walid
sn: Largou
givenName: Walid
distinguishedName: CN=Walid,CN=Users,DC=powerm,DC=ma
instanceType: 4
whenCreated: 20190518224649.0Z
whenChanged: 20190520001645.0Z
uSNCreated: 12751
memberOf: CN=Domain Admins,CN=Users,DC=powerm,DC=ma
uSNChanged: 16404
name: Walid
objectGUID:: Le4tH38qy0SfcxaroNGPEg==
userAccountControl: 512
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 132028055547447029
lastLogoff: 0
lastLogon: 132028055940741392
pwdLastSet: 132026934129698743
primaryGroupID: 513
objectSid:: AQUAAAAAAAUVAAAAG4qBuwTv6AKWAIpcTwQAAA==
adminCount: 1
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: walid
sAMAccountType: 805306368
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=powerm,DC=ma
dSCorePropagationData: 20190518225159.0Z
dSCorePropagationData: 16010101000000.0Z
lastLogonTimestamp: 132027850050695698

# search reference
ref: ldap://ForestDnsZones.powerm.ma/DC=ForestDnsZones,DC=powerm,DC=ma

# search reference
ref: ldap://DomainDnsZones.powerm.ma/DC=DomainDnsZones,DC=powerm,DC=ma

# search reference
ref: ldap://powerm.ma/CN=Configuration,DC=powerm,DC=ma

# search result
search: 2
result: 0 Success


On Sun, 19 May 2019 at 23:31, <gpfsug-discuss-request at spectrumscale.org>
wrote:

> Send gpfsug-discuss mailing list submissions to
>         gpfsug-discuss at spectrumscale.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://gpfsug.org/mailman/listinfo/gpfsug-discuss
> or, via email, send a message with subject or body 'help' to
>         gpfsug-discuss-request at spectrumscale.org
>
> You can reach the person managing the list at
>         gpfsug-discuss-owner at spectrumscale.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of gpfsug-discuss digest..."
>
>
> Today's Topics:
>
>    1. Re: Active Directory Authentification (Schmied, Will)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sun, 19 May 2019 23:24:15 +0000
> From: "Schmied, Will" <will.schmied at stjude.org>
> To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
> Subject: Re: [gpfsug-discuss] Active Directory Authentification
> Message-ID: <4A5C9EC6-5E53-4CC7-925C-CCA954969826 at stjude.org>
> Content-Type: text/plain; charset="utf-8"
>
> Hi Walid,
>
> Without knowing any specifics of your environment, the below command is
> what I have used, successfully across multiple clusters at 4.2.x.  The
> binding account you specify needs to be able to add computers to the domain.
>
> mmuserauth service create --data-access-method file --type ad --servers
> some_dc.foo.bar --user-name some_ad_bind_account --idmap-role master
> --netbios-name some_ad_computer_name --unixmap-domains
> "DOMAIN_NETBIOS_NAME(10000-9999999)"
>
> 10000-9999999 is the acceptable range of UID / GID for AD accounts.
>
>
>
> Thanks,
> Will
>
>
> From: <gpfsug-discuss-bounces at spectrumscale.org> on behalf of "L.walid
> (PowerM)" <l.walid at powerm.ma>
> Reply-To: gpfsug main discussion list <gpfsug-discuss at spectrumscale.org>
> Date: Sunday, May 19, 2019 at 14:30
> To: "gpfsug-discuss at spectrumscale.org" <gpfsug-discuss at spectrumscale.org>
> Subject: [gpfsug-discuss] Active Directory Authentification
>
> Caution: External Sender
>
> Hi,
>
> I'm planning to integrate Active Directory with our Spectrum Scale, but it
> seems i'm missing out something, please note that i'm on a 2 protocol nodes
> with only service SMB running Spectrum Scale 5.0.3.0 (latest version). I've
> tried from the gui the two ways, connect to Active Directory, and the other
> to LDAP.
>
> Connect to LDAP :
> mmuserauth service create --data-access-method 'file' --type 'LDAP'
> --servers 'powermdomain.powerm.ma:389<
> https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma%3A389&data=01%7C01%7Cwill.schmied%40stjude.org%7C5f5f690cddd748100dde08d6dc906f79%7C22340fa892264871b677d3b3e377af72%7C0&sdata=93WuDa2hnFQNGoSTzw%2F4pBQE0fIN29v0Fu9Jti8mYFo%3D&reserved=0>'
> --user-name 'cn=walid,cn=users,dc=powerm,dc=ma' --pwd-file 'auth_pass.txt'
> --netbios-name 'scaleces' --base-dn 'cn=users,dc=powerm,dc=ma'
> 7:26 PM
> Either failed to create a samba domain entry on LDAP server if not present
> or could not read the already existing samba domain entry from the LDAP
> server
> 7:26 PM
> Detailed message:smbldap_search_domain_info: Adding domain info for
> SCALECES failed with NT_STATUS_UNSUCCESSFUL
> 7:26 PM
> pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the
> domain. We cannot work reliably without it.
> 7:26 PM
> pdb backend ldapsam:"ldap://powermdomain.powerm.ma:389<
> https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma%3A389&data=01%7C01%7Cwill.schmied%40stjude.org%7C5f5f690cddd748100dde08d6dc906f79%7C22340fa892264871b677d3b3e377af72%7C0&sdata=93WuDa2hnFQNGoSTzw%2F4pBQE0fIN29v0Fu9Jti8mYFo%3D&reserved=0>"
> did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
> 7:26 PM
> WARNING: Could not open passdb
> 7:26 PM
> File authentication configuration failed.
> 7:26 PM
> mmuserauth service create: Command failed. Examine previous error messages
> to determine cause.
> 7:26 PM
> Operation Failed
> 7:26 PM
> Error: Either failed to create a samba domain entry on LDAP server if not
> present or could not read the already existing samba domain entry from the
> LDAP server
> Detailed message:smbldap_search_domain_info: Adding domain info for
> SCALECES failed with NT_STATUS_UNSUCCESSFUL
> pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the
> domain. We cannot work reliably without it.
> pdb backend ldapsam:"ldap://powermdomain.powerm.ma:389<
> https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma%3A389&data=01%7C01%7Cwill.schmied%40stjude.org%7C5f5f690cddd748100dde08d6dc906f79%7C22340fa892264871b677d3b3e377af72%7C0&sdata=93WuDa2hnFQNGoSTzw%2F4pBQE0fIN29v0Fu9Jti8mYFo%3D&reserved=0>"
> did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO)
> WARNING: Could not open passdb
> File authentication configuration failed.
> mmuserauth service create: Command failed. Examine previous error messages
> to determine cause.
>
>
> Connect to Active Directory :
> mmuserauth service create --data-access-method 'file' --type 'AD'
> --servers '192.168.56.5' --user-name 'walid' --pwd-file 'auth_pass.txt'
> --netbios-name 'scaleces' --idmap-role 'MASTER' --ldapmap-domains '
> powerm.ma<
> https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowerm.ma&data=01%7C01%7Cwill.schmied%40stjude.org%7C5f5f690cddd748100dde08d6dc906f79%7C22340fa892264871b677d3b3e377af72%7C0&sdata=tJKajnPMlWowHIAHnoxbceVIbE4t19KiLCaohZRwwYQ%3D&reserved=0
> >(type=stand-alone:ldap_srv=192.168.56.5:
> range=-9000000000000000-4294967296:usr_dn=cn=users,dc=powerm,dc=ma:grp_dn=cn=users,dc=powerm,dc=ma:bind_dn=cn=walid,cn=users,dc=powerm,dc=ma:bind_dn_pwd=P at ssword
> )'
> 7:29 PM
> mmuserauth service create: Invalid parameter passed for --ldapmap-domain
> 7:29 PM
> mmuserauth service create: Command failed. Examine previous error messages
> to determine cause.
> 7:29 PM
> Operation Failed
> 7:29 PM
> Error: mmuserauth service create: Invalid parameter passed for
> --ldapmap-domain
> mmuserauth service create: Command failed. Examine previous error messages
> to determine cause.
> --
> Best regards,
>
>
> Walid Largou
> Senior IT Specialist
>
> Power Maroc
>
> Mobile : +212 62<tel:+212%20661%2015%2021%2055>1 31 98 71
>
> Email: l.walid at powerm.ma<mailto:y.largou at powerm.ma>
> 320 Bd Zertouni 6th Floor, Casablanca, Morocco
>
> https://www.powerm.ma<
> https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.powerm.ma%2F&data=01%7C01%7Cwill.schmied%40stjude.org%7C5f5f690cddd748100dde08d6dc906f79%7C22340fa892264871b677d3b3e377af72%7C0&sdata=qpwCQkujjr3Sq0wCySyjRMGZrp94mvRQAK0iGlh7DqQ%3D&reserved=0
> >
>
> [cid:A8AE246E-9B75-4FE9-AE84-3DC9C8753FEA]
> This message is confidential .Its contents do not constitute a commitment
> by Power Maroc S.A.R.L except where provided for in a written agreement
> between you and Power Maroc S.A.R.L. Any authorized disclosure, use or
> dissemination, either whole or partial, is prohibited. If you are not the
> intended recipient of the message, please notify the sender immediately.
>
> ________________________________
>
> Email Disclaimer: www.stjude.org/emaildisclaimer
> Consultation Disclaimer: www.stjude.org/consultationdisclaimer
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://gpfsug.org/pipermail/gpfsug-discuss/attachments/20190519/9b579ecf/attachment.html
> >
>
> ------------------------------
>
> _______________________________________________
> gpfsug-discuss mailing list
> gpfsug-discuss at spectrumscale.org
> http://gpfsug.org/mailman/listinfo/gpfsug-discuss
>
>
> End of gpfsug-discuss Digest, Vol 88, Issue 19
> **********************************************
>


-- 
Best regards,

Walid Largou
Senior IT Specialist
Power Maroc
Mobile : +212 62 <+212%20661%2015%2021%2055>1 31 98 71
Email: l.walid at powerm.ma <y.largou at powerm.ma>
320 Bd Zertouni 6th Floor, Casablanca, Morocco
https://www.powerm.ma


This message is confidential .Its contents do not constitute a commitment
by Power Maroc S.A.R.L except where provided for in a written agreement
between you and Power Maroc S.A.R.L. Any authorized disclosure, use or
dissemination, either whole or partial, is prohibited. If you are not the
intended recipient of the message, please notify the sender immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20190519/b4b1a642/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PastedGraphic-2.png
Type: image/png
Size: 10214 bytes
Desc: not available
URL: <http://gpfsug.org/pipermail/gpfsug-discuss_gpfsug.org/attachments/20190519/b4b1a642/attachment.png>


More information about the gpfsug-discuss mailing list