46 Posts
0
3857
April 3rd, 2022 01:00
Isilon Ldap samba authenticating issue
Hi,
We have a cluster of X400 nodes, still on OneFS 7.1.1.11.
We have an Xserve MacOs Ldap server, OneFS is connected to it, I can list the users and groups from the Ldap server in the webgui.
The issue is that I can't mount any of the smb mountpoints I created from Linux, Win or Mac, I get a permission denied if I try to mount with a network user credentials. I created local users on the cluster, I was able to smb mount with these local users credentials but I need to be able to do the same with network users credentials from the Ldap server..
I found a manual how to set it but I can't get it to work.
Could someone please help me solve this issue?
Many thx
AndrewF76
46 Posts
0
April 6th, 2022 22:00
Hi,
I would not do a reformat, almost 300TB of data on it is needed, can't go to waste, Only a regular OneFS update, from 7.1.1.11 to 8.1.x.x , witch can be done in simultaneous upgrade.
AndrewF76
46 Posts
0
April 7th, 2022 04:00
AndrewF76
46 Posts
0
April 7th, 2022 04:00
I can't find 8.0.x.x anywhere to download.
I have 8.1.2.0 downloaded.
Phil.Lam
3 Apprentice
•
637 Posts
0
April 7th, 2022 12:00
@AndrewF76,
Auth Providers still show empty.
Auth Providers: - <--empty
example:
PowerScale OneFS 9.2.1.7
philler-2# isi zone zones list -v
Name: System
Path: /ifs
Groupnet: groupnet0
Map Untrusted:
Auth Providers: lsa-activedirectory-provider:ICSLAB.LOCAL, lsa-local-provider:System, lsa-file-provider:System
NetBIOS Name:
User Mapping Rules: *\* += * [user,group,groups]
Home Directory Umask: 0077
...
Phil.Lam
3 Apprentice
•
637 Posts
0
April 7th, 2022 12:00
AndrewF76
46 Posts
0
April 7th, 2022 22:00
Hi,
All Auth Providers: Yes
AndrewF76
46 Posts
0
April 7th, 2022 22:00
just created a Zone-SMB, added only Ldap:
Phil.Lam
3 Apprentice
•
637 Posts
0
April 11th, 2022 10:00
try no and list providers then
AndrewF76
46 Posts
0
April 11th, 2022 11:00
tried with new zone, only ldap, but it's not working
Phil.Lam
3 Apprentice
•
637 Posts
0
April 12th, 2022 15:00
@AndrewF76,
what does this command output?
isi auth users list --provider=lsa-ldap-provider:xserver01.local --zone=Zone-SMB
Phil.Lam
3 Apprentice
•
637 Posts
0
April 12th, 2022 15:00
@AndrewF76,
what does this command output? Maybe ldap not set correctly.
isi auth users list --provider=lsa-ldap-provider:xserver01.local --zone=Zone-SMB
example:
xpedia-1% isi auth users list --provider=lsa-ldap-provider:"LDAP" | more
Name
--------------------------------
00_ace.pf
00_apac.ace.pf
00_iace.pf
01_01_baf.iace.pf
...
zzhiyuan
zzhou
zzhu
zztynthetictrans
--------------------------------------------------
Total: 57832
AndrewF76
46 Posts
0
April 14th, 2022 23:00
Hi,
here it is:
gyar-3# isi auth users list --provider=lsa-ldap-provider:xserve01.local --zone=Zone-SMB
Name
-----------
diradmin
andras
adam
heni
robert
kati
gergo
freelancer1
gara
driverke
aron
piri
balage
habalazs
lac
luki
ndiana
studio
night
haron2
zoli
stibi
palfilidia
kristof
freelancer2
bekezoli
viktor
mzoli
marton
szabina
jennifer
macmzoli
nemedi
studio1
liza
shahab
rakgab
istvan
ivan
szabolcs
mwdev
domi
henrietta
user
-----------
Total: 44
gyar-3#
Phil.Lam
3 Apprentice
•
637 Posts
0
April 19th, 2022 19:00
@AndrewF76
that works then on access zone Zone-SMB. Is a network pool on that access zone Zone-SMB?
AndrewF76
46 Posts
0
April 20th, 2022 01:00
@PhilLam
Hi.
This works for system zone too:
gyar-3# isi auth users list --provider=lsa-ldap-provider:xserve01.local --zone=System
Name
-----------
diradmin
andras
adam
heni
robert
kati
gergo
freelancer1
gara
driverke
....
I can't find anywhere the pool settings from your last message, could you send me a description where to look for it?
Thx
Phil.Lam
3 Apprentice
•
637 Posts
0
April 22nd, 2022 14:00
@AndrewF76
WebUI->Network configuration->External network->(groupnet)->(subnet)->(pool)->Edit/View->Edit