Hi Walid, Without knowing any specifics of your environment, the below command is what I have used, successfully across multiple clusters at 4.2.x. The binding account you specify needs to be able to add computers to the domain.
mmuserauth service create --data-access-method file --type ad --servers some_dc.foo.bar --user-name some_ad_bind_account --idmap-role master --netbios-name some_ad_computer_name --unixmap-domains "DOMAIN_NETBIOS_NAME(10000-9999999)" 10000-9999999 is the acceptable range of UID / GID for AD accounts. Thanks, Will From: <[email protected]> on behalf of "L.walid (PowerM)" <[email protected]> Reply-To: gpfsug main discussion list <[email protected]> Date: Sunday, May 19, 2019 at 14:30 To: "[email protected]" <[email protected]> Subject: [gpfsug-discuss] Active Directory Authentification Caution: External Sender Hi, I'm planning to integrate Active Directory with our Spectrum Scale, but it seems i'm missing out something, please note that i'm on a 2 protocol nodes with only service SMB running Spectrum Scale 5.0.3.0 (latest version). I've tried from the gui the two ways, connect to Active Directory, and the other to LDAP. Connect to LDAP : mmuserauth service create --data-access-method 'file' --type 'LDAP' --servers 'powermdomain.powerm.ma:389<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma%3A389&data=01%7C01%7Cwill.schmied%40stjude.org%7C5f5f690cddd748100dde08d6dc906f79%7C22340fa892264871b677d3b3e377af72%7C0&sdata=93WuDa2hnFQNGoSTzw%2F4pBQE0fIN29v0Fu9Jti8mYFo%3D&reserved=0>' --user-name 'cn=walid,cn=users,dc=powerm,dc=ma' --pwd-file 'auth_pass.txt' --netbios-name 'scaleces' --base-dn 'cn=users,dc=powerm,dc=ma' 7:26 PM Either failed to create a samba domain entry on LDAP server if not present or could not read the already existing samba domain entry from the LDAP server 7:26 PM Detailed message:smbldap_search_domain_info: Adding domain info for SCALECES failed with NT_STATUS_UNSUCCESSFUL 7:26 PM pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it. 7:26 PM pdb backend ldapsam:"ldap://powermdomain.powerm.ma:389<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma%3A389&data=01%7C01%7Cwill.schmied%40stjude.org%7C5f5f690cddd748100dde08d6dc906f79%7C22340fa892264871b677d3b3e377af72%7C0&sdata=93WuDa2hnFQNGoSTzw%2F4pBQE0fIN29v0Fu9Jti8mYFo%3D&reserved=0>" did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO) 7:26 PM WARNING: Could not open passdb 7:26 PM File authentication configuration failed. 7:26 PM mmuserauth service create: Command failed. Examine previous error messages to determine cause. 7:26 PM Operation Failed 7:26 PM Error: Either failed to create a samba domain entry on LDAP server if not present or could not read the already existing samba domain entry from the LDAP server Detailed message:smbldap_search_domain_info: Adding domain info for SCALECES failed with NT_STATUS_UNSUCCESSFUL pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it. pdb backend ldapsam:"ldap://powermdomain.powerm.ma:389<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma%3A389&data=01%7C01%7Cwill.schmied%40stjude.org%7C5f5f690cddd748100dde08d6dc906f79%7C22340fa892264871b677d3b3e377af72%7C0&sdata=93WuDa2hnFQNGoSTzw%2F4pBQE0fIN29v0Fu9Jti8mYFo%3D&reserved=0>" did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO) WARNING: Could not open passdb File authentication configuration failed. mmuserauth service create: Command failed. Examine previous error messages to determine cause. Connect to Active Directory : mmuserauth service create --data-access-method 'file' --type 'AD' --servers '192.168.56.5' --user-name 'walid' --pwd-file 'auth_pass.txt' --netbios-name 'scaleces' --idmap-role 'MASTER' --ldapmap-domains 'powerm.ma<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowerm.ma&data=01%7C01%7Cwill.schmied%40stjude.org%7C5f5f690cddd748100dde08d6dc906f79%7C22340fa892264871b677d3b3e377af72%7C0&sdata=tJKajnPMlWowHIAHnoxbceVIbE4t19KiLCaohZRwwYQ%3D&reserved=0>(type=stand-alone:ldap_srv=192.168.56.5:range=-9000000000000000-4294967296:usr_dn=cn=users,dc=powerm,dc=ma:grp_dn=cn=users,dc=powerm,dc=ma:bind_dn=cn=walid,cn=users,dc=powerm,dc=ma:bind_dn_pwd=P@ssword)' 7:29 PM mmuserauth service create: Invalid parameter passed for --ldapmap-domain 7:29 PM mmuserauth service create: Command failed. Examine previous error messages to determine cause. 7:29 PM Operation Failed 7:29 PM Error: mmuserauth service create: Invalid parameter passed for --ldapmap-domain mmuserauth service create: Command failed. Examine previous error messages to determine cause. -- Best regards, Walid Largou Senior IT Specialist Power Maroc Mobile : +212 62<tel:+212%20661%2015%2021%2055>1 31 98 71 Email: [email protected]<mailto:[email protected]> 320 Bd Zertouni 6th Floor, Casablanca, Morocco https://www.powerm.ma<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.powerm.ma%2F&data=01%7C01%7Cwill.schmied%40stjude.org%7C5f5f690cddd748100dde08d6dc906f79%7C22340fa892264871b677d3b3e377af72%7C0&sdata=qpwCQkujjr3Sq0wCySyjRMGZrp94mvRQAK0iGlh7DqQ%3D&reserved=0> [cid:A8AE246E-9B75-4FE9-AE84-3DC9C8753FEA] This message is confidential .Its contents do not constitute a commitment by Power Maroc S.A.R.L except where provided for in a written agreement between you and Power Maroc S.A.R.L. Any authorized disclosure, use or dissemination, either whole or partial, is prohibited. If you are not the intended recipient of the message, please notify the sender immediately. ________________________________ Email Disclaimer: www.stjude.org/emaildisclaimer Consultation Disclaimer: www.stjude.org/consultationdisclaimer
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
