On 5/5/22 08:31, Spike White wrote:
Ed,
That sounds like an excellent plan. Every major NAS vendor (I work for
one) supports LDAP authentication. Even against AD domain controllers.
(I'm a Linux engineer, not a storage engineer -- so I don't know the
details of the NAS LDAP auth, only that it's fully supported and used
here internally on the NAS mgmt heads.)
Are you doing NFSv3 or NFSv4? I believe that NFSv4 bases file/dir
access on 'user@domain', not UIDs. NFSv3 uses traditional UIDs/GIDs.
I'm guessing you're doing NFSv3.
NFSv4 can also use traditional UIDs/GIDs for authorization. POSIX
extended ACLs work as well.
(We do NFSv3 from the NAS shares onto our Linux servers whenever
possible ourselves. We do NFSv4 only when one of the new NFSv4 features
is required.)
Spike
On Wed, May 4, 2022 at 5:21 PM <[email protected]
<mailto:[email protected]>> wrote:
Thanks Spike!
It looks like extending the AD to cater for UIDs and GIDs is the
most supported and least effort change to allow us to use any NAS.
If we get approval, we'll likely come up with a system to populate
these values in the AD from an existing SSSD Linux client so that
they match, then we can transition all other Linux clients over from
using the SSSD mapping algorithm to using these values from AD.
Ed
4 May 2022 12:26:01 am Spike White <[email protected]
<mailto:[email protected]>>:
> Ed,
>
> Got this from our AD team:
>
> This MS article contains info regarding RFC 2307 and mentions it
being included in Window 2003 and later. Hopefully, this helps.
>
>
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/213f515b-9cf2-43e8-b6c8-47b13cd61281
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fopenspecs%2Fwindows_protocols%2Fms-adts%2F213f515b-9cf2-43e8-b6c8-47b13cd61281&data=05%7C01%7C%7Cd49d4a8104ef45f18a1308da2e9b8e68%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C0%7C0%7C637873542902207635%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=X8rbAV7xug4rhBGtkk9tg3B7hibz%2F7qeVVO75rvcLOU%3D&reserved=0>
>
> We are currently up to schema version 88 (Windows 2019).
>
> Spike
_______________________________________________
sssd-users mailing list -- [email protected]
<mailto:[email protected]>
To unsubscribe send an email to
[email protected]
<mailto:[email protected]>
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.fedoraproject.org%2Fen-US%2Fproject%2Fcode-of-conduct%2F&data=05%7C01%7C%7Cd49d4a8104ef45f18a1308da2e9b8e68%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C0%7C0%7C637873542902207635%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=GsIqoo2x%2FIZs%2BsrP5aoL4v0mpclw5artiXdscO7dblQ%3D&reserved=0>
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffedoraproject.org%2Fwiki%2FMailing_list_guidelines&data=05%7C01%7C%7Cd49d4a8104ef45f18a1308da2e9b8e68%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C0%7C0%7C637873542902207635%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=PUAfqvxnTInq%2BfjRSCWsNjoq%2Fh8axP6Ju%2BFAsAlnCSw%3D&reserved=0>
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.fedorahosted.org%2Farchives%2Flist%2Fsssd-users%40lists.fedorahosted.org&data=05%7C01%7C%7Cd49d4a8104ef45f18a1308da2e9b8e68%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C0%7C0%7C637873542902207635%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=wMaXkzMfqqvp4KLwkSz1lXMb9ybgOUJVXKEVpBEEoj8%3D&reserved=0>
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
<https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fpagure.io%2Ffedora-infrastructure&data=05%7C01%7C%7Cd49d4a8104ef45f18a1308da2e9b8e68%7C31d7e2a5bdd8414e9e97bea998ebdfe1%7C0%7C0%7C637873542902207635%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=VRQnpOQaHGyk7%2B5C4PihSMHK8fSs%2BXNHY1o4r3KpZ7Y%3D&reserved=0>
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
This message is from an external sender. Learn more about why this <<
matters at https://links.utexas.edu/rtyclf. <<
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
