Hi Gethyn, >From what I recall, CTDB used underneath is used to share the secret and only >the primary named machine is joined, but CTDB and CES should work this backend >part out for you.
I do have a question though, do you want to have consistent UIDs across other systems? For example if you plan to use NFS to other *nix systems, then you probably want to think about LDAP mapping and using custom auth (we do this as out AD doesn't contain UIDs either). Simon From: <[email protected]<mailto:[email protected]>> on behalf of "Longworth, Gethyn" <[email protected]<mailto:[email protected]>> Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Date: Thursday, 25 February 2016 at 10:42 To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: [gpfsug-discuss] Integration with Active Directory Hi all, I’m new to both GPFS and to this mailing list, so I thought I’d introduce myself and one of the issues I am having. I am a consultant to Rolls-Royce Aerospace currently working on a large facilities project, part of my remit is to deliver a data system. We selected GPFS (sorry Spectrum Scale…) for this three clusters, with two of the clusters using storage provided by Spectrum Accelerate, and the other by a pair of IBM SANs and a tape library back up. My current issue is to do with integration into Active Directory. I’ve configured my three node test cluster with two protocol nodes and a quorum (version 4.2.0.1 on RHEL 7.1) as the master for an automated id mapping system (we can’t use RFC2307, as our IT department don’t understand what this is), but the problem I’m having is to do with domain joins. The documentation suggests that using the CES cluster hostname to register in the domain will allow all nodes in the cluster to share the identity mapping, but only one of my protocol nodes will authenticate – I can run “id” on that node with a domain account and it provides the correct answer – whereas the other will not and denies any knowledge of the domain or user. From a GPFS point of view, this results in a degraded CES, SMB, NFS and AUTH state. My small amount of AD knowledge says that this is expected – a single entry (e.g. the cluster name) can only have one SID. So I guess that my question is, what have I missed? Is there something in AD that I need to configure to make this work? Does one of the nodes in the cluster end up as the master and the other a subordinate? How do I configure that within the confines of mmuserauth? As I said I am a bit new to this, and am essentially learning on the fly, so any pointers that you can provide would be appreciated! Cheers, Gethyn Longworth MEng CEng MIET | Consultant Systems Engineer | AEROSPACE P Please consider the environment before printing this email
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
