Hi,
At work we're about to deploy an EMC VNX solution to provide CIFS and NFS shares
to our WIndows, *nix and Mac desktops.
We plan to have Unix volumes and Windows volumes on the VNX (the Unix volumes
will have Unix semantics, whilst the Windows ones will have case-independent
file names etc). Both volume types will be cross-mounted. As we're working in
a reasonably hostile environment (a university) we plan to move to NFSv4.
(Previously we have run NFSv3, but the Unix file store has not been considered
particularly secure, and Unix users have not had access to Windows shares.)
Currently authentication for our Windows desktops uses AD, whilst on Unix we're
using LDAP to an E-Directory server.
In order to glue everything together, we have configured the VNX to use AD to do
the SID->UID/GID mapping for CIFS access (Unix UID and GID are held in AD, and
the VNX uses UID/GID not SIDs internally). What we then want to do, is to get
our Unix desktops to authenticate against AD, and present a Kerberos ticket for
NFSv4 to the VNX.
It's this last stage where we are stumbling. It looks like SSSD
https://fedorahosted.org/sssd/ can provide the hooks we need, on the Unix side
(primarily an Ubuntu/Debian environment). Does anyone have a recipe for
configuring SSSD for authentication against AD 2008r2 and integration with
Kerberos for accessing the VNX via NFSv4? (My team does not own the AD
infrastructure, so we cannot make schema extensions.)
Any assistance greatly appreciated.
--
Jonathan
_______________________________________________
Tech mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
