As IPA is just an LDAP directory + kerberos, I believe you can follow example 7 in the mmuserauth manual.
Another way would be to install your CES nodes into your domain outside of GPFS, and use the userdefined mmuserauth config. That's how I would have preferred to do it in an IPA managed linux environment. But, I believe there are still some problems with it overwriting /etc/krb5.keytab and /etc/nsswitch.conf, and stopping "sssd" unnecessarily on mmshutdown. So you might want to make the keytab and nsswitch immutable (chatter +i), and have some logic in f.ex. /var/mmfs/etc/mmfsup that restarts or somehow makes sure sssd is running. Oh.. and you'll need a shared NFS service principal in the krb5.keytab on all nodes to be able to use failover addresses.. and same for samba (which I think hides the ticket in /var/lib/samba/private/netlogon_creds_cli.tdb). -jf man. 11. apr. 2016 kl. 18.05 skrev Matt Weil <[email protected]>: > Hello all, > > Is there any good documentation out there to integrate IPA with CES? > > Thanks > > Matt > > ____ > This email message is a private communication. The information > transmitted, including attachments, is intended only for the person or > entity to which it is addressed and may contain confidential, privileged, > and/or proprietary material. Any review, duplication, retransmission, > distribution, or other use of, or taking of any action in reliance upon, > this information by persons or entities other than the intended recipient > is unauthorized by the sender and is prohibited. If you have received this > message in error, please contact the sender immediately by return email and > delete the original message from all computer systems. Thank you. > _______________________________________________ > gpfsug-discuss mailing list > gpfsug-discuss at spectrumscale.org > http://gpfsug.org/mailman/listinfo/gpfsug-discuss >
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
