Isilon

Question

Hi guys,

i was wondering ifs someone came across the following issue and may have a suggestion

I have a 4 node X210 isilon cluster and i am trying to join it to two domains.

i have configured 1 groupnet with 2 DNS servers and 2 search domains

ex. DNS 10.10.2.5

10.10.2.7

Search domain1.com

domain2.com

i have one subnet for each of these domains (10.10.2.100-10.10.2.108; 10.10.4.100-10.10.4.108)

the isilon is added with the corresponding subnet service IP in both DNS servers

i have more issues which i came across trying to troubleshoot.

- when i try to add the isilon to either domain, i get a DC not found error

- i can ping domain1.com in the situation above, but not domain2.com

- also i get the DC when running the _ldap._tcp.dc._msdcs.domain1.com command

- it fails with _ldap._tcp.dc._msdcs.domain2.com

- if i invert the entries (both IPs and Search Domains) i can ping domain2.com and not domain1.com

- also i get the DC when running the _ldap._tcp.dc._msdcs.domain2.com command

- it fails with _ldap._tcp.dc._msdcs.domain1.com

- all ports are open (i ran the nc -z DC_IP command)

Is it dependent to the way the DNS entries are listed?

is there a best way to add the isilon to two diferent domains

what i wanted to achieve was the following:

- isilon registered in both domains

- three access zones (System, Domain1, Domain2)

- System Access zones with local access

- Domain1 and Domain2 access zones both with 1 AD authentication provider pointing to the same share so that users in both domains to access the shared resources.

I could really use your help because i am stuck with the troubleshooting and ran out of ideas.

(tried also with two groupnets but this is not ok for me as i cannot have two access zones with the same base folder)

Many thanks!

Mike.

chughh27 · Accepted Answer

Hello,

I suspect this issue is because of DNS request is not getting forwarded to next DNS. This issue is fixed in OneFS 8.x You can try creating forwarded in primary DNS and test it out it should work.

Thanks

Chughh

bergec · Answer

Hello

I assume that there is not forwarder between the DNS domains

In that case I think you should create 2 separate groupnets each one with it's own search list, DNS servers and subnet

Claude Berges

Sent from my mobile device

bergec · Answer

If you have 2 access zone and each have their own path then you cannot create have one directory shares in both access zones

It looks like what you want to do is somehow contradictory with a multi-tenant setup

Claude Berges

Sent from my mobile device

mapostol · Answer

Hi Claude and thank you for the quick reply

i tried using two groupnets but then i end up not being able to share the same folder to both... or am i missing something...

this is usually for multi-tenant environment right?

many thanks!

Mike

mapostol · Answer

That's the idea i want to give access to the same ressource but unfortunately i have two domainsbut as i understand a trust should fix the issue am i right?Mike

sluetze · Answer

a Domain trust is (in my opinion) not necessary.to achieve what you are trying to do it should be enough to Setup a DNS which knows both Domains.

A) Setup an explicit DNS which delegates to the domain1-DNS and domain2-DNS

or

B) configure domain1-DNS with a Delegation for domain2-DNS and vise versa

or

C) Setup a domaintrust between domain1 and domain2 and only join the isilon to one of the domains

or

D) use one accesszone and implement domain1 as AD-Authenticator and domain2 as ldap authenticator for the same Accesszone. (not quite sure if that works, will be the most awful solution)

These shall be only ideas what *should* work from my Point of knowledge. didn't setup anything of that.

mapostol · Answer

HiThanks for the inputi managed to solve it more easily than expected just with DNS Forwarding.I removed one of the DNS servers as it was driving the isilon crazy now it works fine.Thanks guys!

Isilon - multiple domain join issue

Was this post helpful?