We use realmd and some automation for sssd configs to get linux hosts to have local login and ssh tied to AD accounts, however we do not apply these configs on our protocol nodes.
From: <[email protected]> on behalf of Christof Schmitt <[email protected]> Reply-To: gpfsug main discussion list <[email protected]> Date: Wednesday, January 9, 2019 at 2:03 PM To: "[email protected]" <[email protected]> Cc: "[email protected]" <[email protected]>, Ingo Meents <[email protected]> Subject: Re: [gpfsug-discuss] User Login Active Directory authentication on CES nodes with SMB protocol There is the PAM module that would forward authentication requests to winbindd: /usr/lpp/mmfs/lib64/security/pam_gpfs-winbind.so In theory that can be added to the PAM configuration in /etc/pam.d/. On the other hand, we have never tested this nor claimed support, so there might be reasons why this won't work. Other customers have configured sssd manually in addition to the Scale authentication to allow user logon and authentication for sudo. If the request here is to configure AD authentication through mmuserauth and that should also provide user logon, that should probably be treated as a feature request through RFE. Regards, Christof Schmitt || IBM || Spectrum Scale Development || Tucson, AZ [email protected] || +1-520-799-2469 (T/L: 321-2469) ----- Original message ----- From: "Lyle Gayne" <[email protected]> Sent by: [email protected] To: gpfsug main discussion list <[email protected]> Cc: Ingo Meents <[email protected]> Subject: Re: [gpfsug-discuss] User Login Active Directory authentication on CES nodes with SMB protocol Date: Tue, Jan 8, 2019 2:54 PM Adding Ingo Meents for response [Inactive hide details for "Rob Logie" ---01/08/2019 04:50:22 PM---Hi All Is there a way to enable User Login Active Directory a]"Rob Logie" ---01/08/2019 04:50:22 PM---Hi All Is there a way to enable User Login Active Directory authentication on CES From: "Rob Logie" <[email protected]> To: [email protected] Date: 01/08/2019 04:50 PM Subject: [gpfsug-discuss] User Login Active Directory authentication on CES nodes with SMB protocol Sent by: [email protected] ________________________________ Hi All Is there a way to enable User Login Active Directory authentication on CES nodes with SMB protocol that are joined to an AD domain. ? The AD authentication is working for access to the SMB shares, but not for user login authentication on the CES nodes. Thanks ! Regards, Rob Logie IT Specialist _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwMFaQ&c=C9X8xNkG_lwP_-eFHTGejw&r=DopWM-bvfskhBn2zeglfyyw5U2pumni6m_QzQFYFepU&m=-xC5HBbNzLewkCoWiX54NDV2Ot9cHR8JqqV263Adf6A&s=0hU9OcUPXitAEavSzopApCsO0Or1PRmKCRO9SHr50o0&e=> _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss<https://urldefense.proofpoint.com/v2/url?u=http-3A__gpfsug.org_mailman_listinfo_gpfsug-2Ddiscuss&d=DwMFaQ&c=C9X8xNkG_lwP_-eFHTGejw&r=DopWM-bvfskhBn2zeglfyyw5U2pumni6m_QzQFYFepU&m=-xC5HBbNzLewkCoWiX54NDV2Ot9cHR8JqqV263Adf6A&s=0hU9OcUPXitAEavSzopApCsO0Or1PRmKCRO9SHr50o0&e=> ________________________________ This message is for the recipient’s use only, and may contain confidential, privileged or protected information. Any unauthorized use or dissemination of this communication is prohibited. If you received this message in error, please immediately notify the sender and destroy all copies of this message. The recipient should check this email and any attachments for the presence of viruses, as we accept no liability for any damage caused by any virus transmitted by this email.
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
