Ah, terrific. I didn't get that memo ;-) Thanks! --Matt
On Tue, May 1, 2012 at 8:55 PM, Jonathan <[email protected]> wrote: > Hi Matt, > > The VNX 5300 supports "NFSv2, v3, and v4 (including NFSv4.1 with pNFS > support)" > > The catch with Likewise Open (as far as I know) is that it has its own > mapping between MS SIDs and Unix UID/GIDs. I really need to use the > UID/GID as it appears in AD, so that the VNX and my Unix boxes are all > doing the same mapping. To quote from the beyondtrust.com website "When > to Use Open Edition: ... Single UID automatically assigned" > > SSSD seems to hold a lot of promise. I just can't get my head around the > documentation. > > Many thanks, > Jonathan. > > > > On 01/05/2012 12:30, Matt Simmons wrote: > > Hi Jonathan, > > Off-topic, but to the best of my knowledge, VNXe doesn't support NFSv4 > (yet?). > > On-topic, my favorite solution to authenticating *nix with AD has > historically been Likewise Open, but Likewise was recently purchased by > BeyondTrust. They still offer a free version (http://bit.ly/JagHPi) but I > can't vouch for it specifically because I haven't used it. When it was > Likewise Open, it worked so well that I gushed about it to anyone that > would listen. > > --Matt > > > On Tue, May 1, 2012 at 5:54 AM, Jonathan <[email protected]> wrote: > >> Hi, >> >> At work we're about to deploy an EMC VNX solution to provide CIFS and NFS >> shares to our WIndows, *nix and Mac desktops. >> >> We plan to have Unix volumes and Windows volumes on the VNX (the Unix >> volumes will have Unix semantics, whilst the Windows ones will have >> case-independent file names etc). Both volume types will be >> cross-mounted. As we're working in a reasonably hostile environment (a >> university) we plan to move to NFSv4. (Previously we have run NFSv3, but >> the Unix file store has not been considered particularly secure, and Unix >> users have not had access to Windows shares.) Currently authentication for >> our Windows desktops uses AD, whilst on Unix we're using LDAP to an >> E-Directory server. >> >> In order to glue everything together, we have configured the VNX to use >> AD to do the SID->UID/GID mapping for CIFS access (Unix UID and GID are >> held in AD, and the VNX uses UID/GID not SIDs internally). What we then >> want to do, is to get our Unix desktops to authenticate against AD, and >> present a Kerberos ticket for NFSv4 to the VNX. >> >> It's this last stage where we are stumbling. It looks like SSSD >> https://fedorahosted.org/sssd/ can provide the hooks we need, on the >> Unix side (primarily an Ubuntu/Debian environment). Does anyone have a >> recipe for configuring SSSD for authentication against AD 2008r2 and >> integration with Kerberos for accessing the VNX via NFSv4? (My team does >> not own the AD infrastructure, so we cannot make schema extensions.) >> >> Any assistance greatly appreciated. >> >> -- >> Jonathan >> >> >> _______________________________________________ >> Tech mailing list >> [email protected] >> https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech >> This list provided by the League of Professional System Administrators >> http://lopsa.org/ >> >> > > > -- > LITTLE GIRL: But which cookie will you eat FIRST? > COOKIE MONSTER: Me think you have misconception of cookie-eating process. > > > -- LITTLE GIRL: But which cookie will you eat FIRST? COOKIE MONSTER: Me think you have misconception of cookie-eating process.
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
