Thanks a lot Andrew. It does look promising but It does not strike me immediately on how this could solve the SMB export where user authenticates with an AD username but the gpfs files that are present are owned by LDAP username. May be you are saying that if i enable GPFS to use these scripts - then GPFS will map the AD username to the LDAP username?
I found this url too.. https://www.ibm.com/support/knowledgecenter/en/SSFKCN/com.ibm.cluster.gpfs.doc/gpfs_uid/uid_gpfs.html I will give it a read, try to understand how to implement it and get back if i have any more questions. If this works, it should help me configure and use the CES SMB. (Hopefully, CES file based authentication will allow both ssh key authentication for NFS and AD for SMB in same CES cluster). Regards, Lohit On Mar 7, 2019, 4:52 PM -0600, Andrew Beattie <[email protected]>, wrote: > Lohit > > Have you looked at mmUIDtoName mmNametoUID > > Yes it will require some custom scripting on your behalf but it would be a > far more elegant solution and not run the risk of data corruption issues. > > There is at least one university on this mailing list that is doing exactly > what you are talking about, and they successfully use > mmUIDtoName / mmNametoUID to provide the relevant mapping between different > authentication environments - both internally in the university and > externally from other institutions. > > They use AFM to move data between different storage clusters, and mmUIDtoName > / mmNametoUID, to manage the ACL and permissions, they then move the data > from the AFM filesystem to the HPC scratch filesystem for processing by the > HPC (different filesystems within the same cluster) > > > Regards, > Andrew Beattie > File and Object Storage Technical Specialist - A/NZ > IBM Systems - Storage > Phone: 614-2133-7927 > E-mail: [email protected] > > > > ----- Original message ----- > > From: [email protected] > > Sent by: [email protected] > > To: [email protected], gpfsug main discussion list > > <[email protected]> > > Cc: > > Subject: Re: [gpfsug-discuss] Exporting remote GPFS mounts on a non-ces SMB > > share > > Date: Fri, Mar 8, 2019 8:21 AM > > > > We have many current usernames from LDAP that do not exactly match with the > > usernames from AD. > > Unfortunately, i guess CES SMB will need us to use either AD or LDAP or use > > the same usernames in both AD and LDAP. > > I have been looking for a solution where could map the different usernames > > from LDAP and AD but have not found a solution. So exploring ways to do > > this from RHEL SMB. > > I would appreciate if you have any solution to this issue. > > > > As of now we use LDAP uids/gids and SSH keys for authentication to the HPC > > cluster. > > We want to use CES SMB to export the same mounts which have LDAP > > usernames/uids/gids however because of different usernames in AD - it has > > become a challenge. > > Even if we do find a solution to this, i want to be able to use AD > > authentication for SMB and ssh key authentication for NFS. > > > > The above are the reasons we are just using CES with NFS and user defined > > authentication for users to have access with login through ssh keys. > > > > Regards, > > Lohit > > > > On Mar 7, 2019, 3:12 PM -0600, Andrew Beattie <[email protected]>, wrote: > > > That would not be supported > > > > > > You shouldn't publish a remote mount Protocol cluster , and then connect > > > a native client to that cluster and create a non CES protocol export > > > if you are going to use a Protocol cluster that's how you present your > > > protocols. > > > otherwise don't set up the remote mount cluster. > > > > > > Why are you trying to publish a non HA RHEL SMB share instead of using > > > the HA CES protocols? > > > Andrew Beattie > > > File and Object Storage Technical Specialist - A/NZ > > > IBM Systems - Storage > > > Phone: 614-2133-7927 > > > E-mail: [email protected] > > > > > > > > > > ----- Original message ----- > > > > From: [email protected] > > > > Sent by: [email protected] > > > > To: [email protected], gpfsug main discussion list > > > > <[email protected]> > > > > Cc: > > > > Subject: Re: [gpfsug-discuss] Exporting remote GPFS mounts on a non-ces > > > > SMB share > > > > Date: Fri, Mar 8, 2019 7:05 AM > > > > > > > > Thank you Andrew. > > > > > > > > However, we are not using SMB from the CES cluster but instead running > > > > a Redhat based SMB on a GPFS client of the CES cluster and exporting it > > > > from the GPFS client. > > > > Is the above supported, and not known to cause any issues? > > > > > > > > Regards, > > > > Lohit > > > > > > > > On Mar 7, 2019, 2:45 PM -0600, Andrew Beattie <[email protected]>, > > > > wrote: > > > > > > > > > > https://www.ibm.com/support/knowledgecenter/en/STXKQY_5.0.2/com.ibm.spectrum.scale.v5r02.doc/bl1adv_configprotocolsonremotefs.htm > > > > _______________________________________________ > > > > gpfsug-discuss mailing list > > > > gpfsug-discuss at spectrumscale.org > > > > http://gpfsug.org/mailman/listinfo/gpfsug-discuss > > > > > > > > > _______________________________________________ > > > gpfsug-discuss mailing list > > > gpfsug-discuss at spectrumscale.org > > > http://gpfsug.org/mailman/listinfo/gpfsug-discuss > > _______________________________________________ > > gpfsug-discuss mailing list > > gpfsug-discuss at spectrumscale.org > > http://gpfsug.org/mailman/listinfo/gpfsug-discuss > > > _______________________________________________ > gpfsug-discuss mailing list > gpfsug-discuss at spectrumscale.org > http://gpfsug.org/mailman/listinfo/gpfsug-discuss
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
