I don’t have the exact answer to this issue but I had dealt with something similar before. I’m thinking this may have something to do with NFSv4 needing to be kerberized to work with AD? Again, not really sure on the SpecScale specifics here but worth seeing if you need Kerberos as well to get this to authenticate properly with AD and NFSv4.
From: <[email protected]> on behalf of Andy Parker1 <[email protected]> Reply-To: gpfsug main discussion list <[email protected]> Date: Friday, November 11, 2016 at 10:20 AM To: "[email protected]" <[email protected]> Subject: [gpfsug-discuss] SS 4.2.1 + CES NFS / SMB We have setup a small cluster to test, play & learn about the protocol servers. We have setup mmuserauth for AD + RFC2307 and we can share and access data via SMB and access is on windows clients with no issues. The file DAC of a file created via windows looks like this from the SS cesNode: $ ls -l total 0 -rwxr--r-- 1 SPECTRUMSCALE\newmanjo SPECTRUMSCALE\ces-admins 33 Nov 10 17:29 helloworld.txt The NFS protocol is also exported for NFS 3,4 and when mount using NFS version '3' from an AIX 7.1 server I see also OK DAC names uid / group, so the UID mapping is working. The AIX is linked to the AD for LDAP account services and I can query accounts and get shell logon for accounts defined within AD for unix services. # ls -l ( from AIX client NFS V3) total 0 -rwxr--r-- 1 newmanjo ces-admi 33 10 Nov 17:29 helloworld.txt Now the Problem: When I mount the AIX client as NFS4 I do no see the user/group names. I know NFS4 passes names and not UID/GID numbers so I guess this is linked. # pwd /mnt/ibm/hurss/share1 # ls -l ( from AIX client NFS V4) total 0 -rwxr--r-- 1 nobody nobody 33 10 Nov 17:29 helloworld.txt On the AIX server I have set NFS domain to virtual1.com # chnfsdom Current local domain: virtual1.com This matches the DOMAIN from the mmnfs config list domain ( not 100% sure this is correct) [root@hurss4 ~]# mmnfs config list NFS Ganesha Configuration: ========================== NFS_PROTOCOLS: 3,4 NFS_PORT: 2049 MNT_PORT: 0 NLM_PORT: 0 RQUOTA_PORT: 0 SHORT_FILE_HANDLE: FALSE LEASE_LIFETIME: 60 DOMAINNAME: VIRTUAL1.COM DELEGATIONS: Disabled Also the 'nfsrgyd' a name translation service for NFS servers and clients is running. lssrc -s nfsrgyd Subsystem Group PID Status nfsrgyd nfs 8585412 active Summary / Question: Can anybody explain why I do not see userID / Group names when viewing via a NFS4 client and ideally how to fix this. Rgds Andy P Unless stated otherwise above: IBM United Kingdom Limited - Registered in England and Wales with number 741598. Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. This message may be viewed by parties at Sirius Computer Solutions other than those named in the message header. This message does not contain an official representation of Sirius Computer Solutions. If you have received this communication in error, notify Sirius Computer Solutions immediately and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. Sirius Computer Solutions<http://www.siriuscom.com>
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
