Hi, (sorry, lots of questions about this stuff at the moment!)
I¹m currently looking at removing the sernet smb configs we had previously and moving to IBM SMB. I¹ve removed all the old packages and only now have gpfs.smb installed on the systems. I¹m struggling to get the config tools to work for our environment. We have MS Windows AD Domain for authentication. For various reasons, however doesn¹t hold the UIDs/GIDs, which are instead held in a different LDAP directory. In the past, we¹d configure the Linux servers running Samba so that NSLCD was configured to get details from the LDAP server. (e.g. getent passwd would return the data for an AD user). The Linux boxes would also be configured to use KRB5 authentication where users were allowed to ssh etc in for password authentication. So as far as Samba was concerned, it would do ³security = ADS² and then we¹d also have "idmap config * : backend = tdb2² I.e. Use Domain for authentication, but look locally for ID mapping data. Now I can configured IBM SMB to use ADS for authentication: mmuserauth service create --type ad --data-access-method file --netbios-name its-rds --user-name ADMINUSER --servers DOMAIN.ADF --idmap-role subordinate However I can¹t see anyway for me to manipulate the config so that it doesn¹t use autorid. Using this we end up with: mmsmb config list | grep -i idmap idmap config * : backend autorid idmap config * : range 10000000-299999999 idmap config * : rangesize 1000000 idmap config * : read only yes idmap:cache no It also adds: mmsmb config list | grep -i auth auth methods guest sam winbind (though I don¹t think that is a problem). I also can¹t change the idmap using the mmsmb command (I think would look like this): # mmsmb config change --option="idmap config * : backend=tdb2" idmap config * : backend=tdb2: [E] Unsupported smb option. More information about smb options is availabe in the man page. I can¹t see anything in the docs at: http://www-01.ibm.com/support/knowledgecenter/#!/STXKQY_4.1.1/com.ibm.spect rum.scale.v4r11.adm.doc/bl1adm_configfileauthentication.htm That give me a clue how to do what I want. I¹d be happy to do some mixture of AD for authentication and LDAP for lookups (rather than just falling back to ³local² from nslcd), but I can¹t see a way to do this, and ³manual² seems to stop ADS authentication in Samba. Anyone got any suggestions? Thanks Simon _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at gpfsug.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
