Well not seeing anything odd about the second try (just the username only) except that your NETBIOS domain name needs to be put in place of the placeholder (DOMAIN_NETBIOS_NAME).
You can copy from a text file and then paste into the stdin when the command asks for your password. Just a way to be sure no typos are in the password entry. Thanks, Will From: <[email protected]> on behalf of "L.walid (PowerM)" <[email protected]> Reply-To: gpfsug main discussion list <[email protected]> Date: Sunday, May 19, 2019 at 18:39 To: "[email protected]" <[email protected]> Subject: Re: [gpfsug-discuss] gpfsug-discuss Digest, Vol 88, Issue 19 Caution: External Sender Hi, Thanks for the feedback, i have tried the suggested command : mmuserauth service create --data-access-method file --type ad --servers powermdomain.powerm.ma<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=e550J4Mi%2FuxvD%2Bn2KXAyFsN4NQdiSykTBy0DMMfrHqo%3D&reserved=0> --user-name cn=walid,cn=users,dc=powerm,dc=ma --idmap-role master --netbios-name scaleces --unixmap-domains "DOMAIN_NETBIOS_NAME(10000-9999999)" Enter Active Directory User 'cn=walid,cn=users,dc=powerm,dc=ma' password: Invalid credentials specified for the server powermdomain.powerm.ma<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=e550J4Mi%2FuxvD%2Bn2KXAyFsN4NQdiSykTBy0DMMfrHqo%3D&reserved=0> mmuserauth service create: Command failed. Examine previous error messages to determine cause. [root@scale1 ~]# mmuserauth service create --data-access-method file --type ad --servers powermdomain.powerm.ma<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=e550J4Mi%2FuxvD%2Bn2KXAyFsN4NQdiSykTBy0DMMfrHqo%3D&reserved=0> --user-name walid --idmap-role master --netbios-name scaleces --unixmap-domains "DOMAIN_NETBIOS_NAME(10000-9999999)" Enter Active Directory User 'walid' password: Invalid credentials specified for the server powermdomain.powerm.ma<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=e550J4Mi%2FuxvD%2Bn2KXAyFsN4NQdiSykTBy0DMMfrHqo%3D&reserved=0> mmuserauth service create: Command failed. Examine previous error messages to determine cause. i tried both domain qualifier and plain user in the --name parameters but i get Invalid Credentials (knowing that walid is an Administrator in Active Directory) [root@scale1 ~]# ldapsearch -H ldap://powermdomain.powerm.ma<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=e550J4Mi%2FuxvD%2Bn2KXAyFsN4NQdiSykTBy0DMMfrHqo%3D&reserved=0> -x -W -D "[email protected]<mailto:[email protected]>" -b "dc=powerm,dc=ma" "(sAMAccountName=walid)" Enter LDAP Password: # extended LDIF # # LDAPv3 # base <dc=powerm,dc=ma> with scope subtree # filter: (sAMAccountName=walid) # requesting: ALL # # Walid, Users, powerm.ma<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowerm.ma&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=XHcjIaRj2bGiWYXZUsDJFDJ2Ts3Y%2FKHzxD3yUhcHNgc%3D&reserved=0> dn: CN=Walid,CN=Users,DC=powerm,DC=ma objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: Walid sn: Largou givenName: Walid distinguishedName: CN=Walid,CN=Users,DC=powerm,DC=ma instanceType: 4 whenCreated: 20190518224649.0Z whenChanged: 20190520001645.0Z uSNCreated: 12751 memberOf: CN=Domain Admins,CN=Users,DC=powerm,DC=ma uSNChanged: 16404 name: Walid objectGUID:: Le4tH38qy0SfcxaroNGPEg== userAccountControl: 512 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 132028055547447029 lastLogoff: 0 lastLogon: 132028055940741392 pwdLastSet: 132026934129698743 primaryGroupID: 513 objectSid:: AQUAAAAAAAUVAAAAG4qBuwTv6AKWAIpcTwQAAA== adminCount: 1 accountExpires: 9223372036854775807 logonCount: 0 sAMAccountName: walid sAMAccountType: 805306368 objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=powerm,DC=ma dSCorePropagationData: 20190518225159.0Z dSCorePropagationData: 16010101000000.0Z lastLogonTimestamp: 132027850050695698 # search reference ref: ldap://ForestDnsZones.powerm.ma/DC=ForestDnsZones,DC=powerm,DC=ma<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2FForestDnsZones.powerm.ma%2FDC%3DForestDnsZones%2CDC%3Dpowerm%2CDC%3Dma&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=k6CYQeGq2lgAtY1qmVueO9OmK1a9SzGMNGm%2BPlyfwto%3D&reserved=0> # search reference ref: ldap://DomainDnsZones.powerm.ma/DC=DomainDnsZones,DC=powerm,DC=ma<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2FDomainDnsZones.powerm.ma%2FDC%3DDomainDnsZones%2CDC%3Dpowerm%2CDC%3Dma&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=TFYJ1nBOLaxelI2KZPaoZidLvCOPv6lrD51ZRjEBkqA%3D&reserved=0> # search reference ref: ldap://powerm.ma/CN=Configuration,DC=powerm,DC=ma<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowerm.ma%2FCN%3DConfiguration%2CDC%3Dpowerm%2CDC%3Dma&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=8cVvHhnXPrqogSd8QLP6McEAoGrc2oRIKbtZYBiDz3M%3D&reserved=0> # search result search: 2 result: 0 Success On Sun, 19 May 2019 at 23:31, <[email protected]<mailto:[email protected]>> wrote: Send gpfsug-discuss mailing list submissions to [email protected]<mailto:[email protected]> To subscribe or unsubscribe via the World Wide Web, visit http://gpfsug.org/mailman/listinfo/gpfsug-discuss<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgpfsug.org%2Fmailman%2Flistinfo%2Fgpfsug-discuss&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=hsZ3rLuyxLIr2B0TrHCD2kMKSzR52sIzAmyepo1KELo%3D&reserved=0> or, via email, send a message with subject or body 'help' to [email protected]<mailto:[email protected]> You can reach the person managing the list at [email protected]<mailto:[email protected]> When replying, please edit your Subject line so it is more specific than "Re: Contents of gpfsug-discuss digest..." Today's Topics: 1. Re: Active Directory Authentification (Schmied, Will) ---------------------------------------------------------------------- Message: 1 Date: Sun, 19 May 2019 23:24:15 +0000 From: "Schmied, Will" <[email protected]<mailto:[email protected]>> To: gpfsug main discussion list <[email protected]<mailto:[email protected]>> Subject: Re: [gpfsug-discuss] Active Directory Authentification Message-ID: <[email protected]<mailto:[email protected]>> Content-Type: text/plain; charset="utf-8" Hi Walid, Without knowing any specifics of your environment, the below command is what I have used, successfully across multiple clusters at 4.2.x. The binding account you specify needs to be able to add computers to the domain. mmuserauth service create --data-access-method file --type ad --servers some_dc.foo.bar --user-name some_ad_bind_account --idmap-role master --netbios-name some_ad_computer_name --unixmap-domains "DOMAIN_NETBIOS_NAME(10000-9999999)" 10000-9999999 is the acceptable range of UID / GID for AD accounts. Thanks, Will From: <[email protected]<mailto:[email protected]>> on behalf of "L.walid (PowerM)" <[email protected]<mailto:[email protected]>> Reply-To: gpfsug main discussion list <[email protected]<mailto:[email protected]>> Date: Sunday, May 19, 2019 at 14:30 To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: [gpfsug-discuss] Active Directory Authentification Caution: External Sender Hi, I'm planning to integrate Active Directory with our Spectrum Scale, but it seems i'm missing out something, please note that i'm on a 2 protocol nodes with only service SMB running Spectrum Scale 5.0.3.0 (latest version). I've tried from the gui the two ways, connect to Active Directory, and the other to LDAP. Connect to LDAP : mmuserauth service create --data-access-method 'file' --type 'LDAP' --servers 'powermdomain.powerm.ma:389<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma%3A389&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=Mi5M5of5vnyzZbIl0%2Fj72PHs%2FJtsQ1S%2FvagsRASXag8%3D&reserved=0><https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma%3A389&data=01%7C01%7Cwill.schmied%40stjude.org%7C5f5f690cddd748100dde08d6dc906f79%7C22340fa892264871b677d3b3e377af72%7C0&sdata=93WuDa2hnFQNGoSTzw%2F4pBQE0fIN29v0Fu9Jti8mYFo%3D&reserved=0<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma%3A389&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=Mi5M5of5vnyzZbIl0%2Fj72PHs%2FJtsQ1S%2FvagsRASXag8%3D&reserved=0>>' --user-name 'cn=walid,cn=users,dc=powerm,dc=ma' --pwd-file 'auth_pass.txt' --netbios-name 'scaleces' --base-dn 'cn=users,dc=powerm,dc=ma' 7:26 PM Either failed to create a samba domain entry on LDAP server if not present or could not read the already existing samba domain entry from the LDAP server 7:26 PM Detailed message:smbldap_search_domain_info: Adding domain info for SCALECES failed with NT_STATUS_UNSUCCESSFUL 7:26 PM pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it. 7:26 PM pdb backend ldapsam:"ldap://powermdomain.powerm.ma:389<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma%3A389&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=Mi5M5of5vnyzZbIl0%2Fj72PHs%2FJtsQ1S%2FvagsRASXag8%3D&reserved=0><https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma%3A389&data=01%7C01%7Cwill.schmied%40stjude.org%7C5f5f690cddd748100dde08d6dc906f79%7C22340fa892264871b677d3b3e377af72%7C0&sdata=93WuDa2hnFQNGoSTzw%2F4pBQE0fIN29v0Fu9Jti8mYFo%3D&reserved=0<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma%3A389&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=Mi5M5of5vnyzZbIl0%2Fj72PHs%2FJtsQ1S%2FvagsRASXag8%3D&reserved=0>>" did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO) 7:26 PM WARNING: Could not open passdb 7:26 PM File authentication configuration failed. 7:26 PM mmuserauth service create: Command failed. Examine previous error messages to determine cause. 7:26 PM Operation Failed 7:26 PM Error: Either failed to create a samba domain entry on LDAP server if not present or could not read the already existing samba domain entry from the LDAP server Detailed message:smbldap_search_domain_info: Adding domain info for SCALECES failed with NT_STATUS_UNSUCCESSFUL pdb_init_ldapsam: WARNING: Could not get domain info, nor add one to the domain. We cannot work reliably without it. pdb backend ldapsam:"ldap://powermdomain.powerm.ma:389<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma%3A389&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=Mi5M5of5vnyzZbIl0%2Fj72PHs%2FJtsQ1S%2FvagsRASXag8%3D&reserved=0><https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma%3A389&data=01%7C01%7Cwill.schmied%40stjude.org%7C5f5f690cddd748100dde08d6dc906f79%7C22340fa892264871b677d3b3e377af72%7C0&sdata=93WuDa2hnFQNGoSTzw%2F4pBQE0fIN29v0Fu9Jti8mYFo%3D&reserved=0<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowermdomain.powerm.ma%3A389&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=Mi5M5of5vnyzZbIl0%2Fj72PHs%2FJtsQ1S%2FvagsRASXag8%3D&reserved=0>>" did not correctly init (error was NT_STATUS_CANT_ACCESS_DOMAIN_INFO) WARNING: Could not open passdb File authentication configuration failed. mmuserauth service create: Command failed. Examine previous error messages to determine cause. Connect to Active Directory : mmuserauth service create --data-access-method 'file' --type 'AD' --servers '192.168.56.5' --user-name 'walid' --pwd-file 'auth_pass.txt' --netbios-name 'scaleces' --idmap-role 'MASTER' --ldapmap-domains 'powerm.ma<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowerm.ma&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=XHcjIaRj2bGiWYXZUsDJFDJ2Ts3Y%2FKHzxD3yUhcHNgc%3D&reserved=0><https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowerm.ma&data=01%7C01%7Cwill.schmied%40stjude.org%7C5f5f690cddd748100dde08d6dc906f79%7C22340fa892264871b677d3b3e377af72%7C0&sdata=tJKajnPMlWowHIAHnoxbceVIbE4t19KiLCaohZRwwYQ%3D&reserved=0<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fpowerm.ma&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=XHcjIaRj2bGiWYXZUsDJFDJ2Ts3Y%2FKHzxD3yUhcHNgc%3D&reserved=0>>(type=stand-alone:ldap_srv=192.168.56.5:range=-9000000000000000-4294967296:usr_dn=cn=users,dc=powerm,dc=ma:grp_dn=cn=users,dc=powerm,dc=ma:bind_dn=cn=walid,cn=users,dc=powerm,dc=ma:bind_dn_pwd=P@ssword)' 7:29 PM mmuserauth service create: Invalid parameter passed for --ldapmap-domain 7:29 PM mmuserauth service create: Command failed. Examine previous error messages to determine cause. 7:29 PM Operation Failed 7:29 PM Error: mmuserauth service create: Invalid parameter passed for --ldapmap-domain mmuserauth service create: Command failed. Examine previous error messages to determine cause. -- Best regards, Walid Largou Senior IT Specialist Power Maroc Mobile : +212 62<tel:+212%20661%2015%2021%2055>1 31 98 71 Email: [email protected]<mailto:[email protected]><mailto:[email protected]<mailto:[email protected]>> 320 Bd Zertouni 6th Floor, Casablanca, Morocco https://www.powerm.ma<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.powerm.ma&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=lFUQnvPlecsmKcAL%2FC4PbmfqyxW0sn5PI%2Bu4aCD5448%3D&reserved=0><https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.powerm.ma%2F&data=01%7C01%7Cwill.schmied%40stjude.org%7C5f5f690cddd748100dde08d6dc906f79%7C22340fa892264871b677d3b3e377af72%7C0&sdata=qpwCQkujjr3Sq0wCySyjRMGZrp94mvRQAK0iGlh7DqQ%3D&reserved=0<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.powerm.ma%2F&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=atqyy5y7T%2FnzfUkOukPmT%2BAprZQDIrtQFemjHpYDLDE%3D&reserved=0>> [cid:A8AE246E-9B75-4FE9-AE84-3DC9C8753FEA] This message is confidential .Its contents do not constitute a commitment by Power Maroc S.A.R.L except where provided for in a written agreement between you and Power Maroc S.A.R.L. Any authorized disclosure, use or dissemination, either whole or partial, is prohibited. If you are not the intended recipient of the message, please notify the sender immediately. ________________________________ Email Disclaimer: www.stjude.org/emaildisclaimer<http://www.stjude.org/emaildisclaimer> Consultation Disclaimer: www.stjude.org/consultationdisclaimer<http://www.stjude.org/consultationdisclaimer> -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://gpfsug.org/pipermail/gpfsug-discuss/attachments/20190519/9b579ecf/attachment.html<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgpfsug.org%2Fpipermail%2Fgpfsug-discuss%2Fattachments%2F20190519%2F9b579ecf%2Fattachment.html&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=DlY%2Bdy25zq2TcPBLwf%2FDQm0cngmIu6FTDzEW9PgTsrc%3D&reserved=0>> ------------------------------ _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fspectrumscale.org&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=UNt7Tspdurvw2nLSOYUf3T5pbwfD0xmW91PlwxOJi2Y%3D&reserved=0> http://gpfsug.org/mailman/listinfo/gpfsug-discuss<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fgpfsug.org%2Fmailman%2Flistinfo%2Fgpfsug-discuss&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=hsZ3rLuyxLIr2B0TrHCD2kMKSzR52sIzAmyepo1KELo%3D&reserved=0> End of gpfsug-discuss Digest, Vol 88, Issue 19 ********************************************** -- Best regards, Walid Largou Senior IT Specialist Power Maroc Mobile : +212 62<tel:+212%20661%2015%2021%2055>1 31 98 71 Email: [email protected]<mailto:[email protected]> 320 Bd Zertouni 6th Floor, Casablanca, Morocco https://www.powerm.ma<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.powerm.ma%2F&data=01%7C01%7Cwill.schmied%40stjude.org%7Cd2f49b0330c843ce107208d6dcb347c0%7C22340fa892264871b677d3b3e377af72%7C0&sdata=atqyy5y7T%2FnzfUkOukPmT%2BAprZQDIrtQFemjHpYDLDE%3D&reserved=0> [cid:A8AE246E-9B75-4FE9-AE84-3DC9C8753FEA] This message is confidential .Its contents do not constitute a commitment by Power Maroc S.A.R.L except where provided for in a written agreement between you and Power Maroc S.A.R.L. Any authorized disclosure, use or dissemination, either whole or partial, is prohibited. If you are not the intended recipient of the message, please notify the sender immediately.
_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
