Hello All, I am trying to export a single remote filesystem over NFS/SMB using GPFS CES. ( GPFS 5.0.0.2 and CentOS 7 ).
We need NFS exports to be accessible on client nodes, that use public key authentication and ldap authorization. I already have this working with a previous CES setup on user-defined authentication, where users can just login to the client nodes, and access NFS mounts. However, i will also need SAMBA exports for the same GPFS filesystem with AD/kerberos authentication. Previously, we used to have a working SAMBA export for a local filesystem with SSSD and AD integration with SAMBA as mentioned in the below solution from redhat. https://access.redhat.com/solutions/2221561 We find the above as cleaner solution with respect to AD and Samba integration compared to centrify or winbind. I understand that GPFS does offer AD authentication, however i believe i cannot use the same since NFS will need user-defined authentication and SAMBA will need AD authentication. I have thus been trying to use user-defined authentication. I tried to edit smb.cnf from GPFS ( with a bit of help from this blog, written by Simon. https://www.roamingzebra.co.uk/2015/07/smb-protocol-support-with-spectrum.html) /usr/lpp/mmfs/bin/net conf list realm = xxxx workgroup = xxxx security = ads kerberos method = secrets and key tab idmap config * : backend = tdb template homedir = /home/%U dedicated keytab file = /etc/krb5.keytab I had joined the node to AD with realmd and i do get relevant AD info when i try: /usr/lpp/mmfs/bin/net ads info However, when i try to display keytab or add principals to keytab. It just does not work. /usr/lpp/mmfs/bin/net ads keytab list -> does not show the keys present in /etc/krb5.keytab. /usr/lpp/mmfs/bin/net ads keytab add cifs -> does not add the keys to the /etc/krb5.keytab As per the samba documentation, these two parameters should help samba automatically find the keytab file. kerberos method = secrets and key tab dedicated keytab file = /etc/krb5.keytab I have not yet tried to see, if a SAMBA export is working with AD authentication but i am afraid it might not work. Have anyone tried the AD integration with SSSD/SAMBA for GPFS, and any suggestions on how to debug the above would be really helpful. Thanks, Lohit
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
