Unsolved
This post is more than 5 years old
1 Rookie
•
2 Posts
0
2891
October 12th, 2018 00:00
NFS mount between centos and windows
Hi,
I'm using windows active directory to manage users and groups policy and isilon for storage. Now in local network 99% of users are using isilon from linux centos 7.5 (i.e mounting path_to_isilon local_path nfs defaults 0 0 in /etc/fstab) which are connected to active directory via SSSD. Now issue is whenever user chown or chmod or chgrp files/folder from linux, windows shows improper access permissions (may be because of remap of SID to UID & GID).
So tell me how to mount isilon share folder on windows to get proper access on both linux and windows even if chown or chgrp from linux side?
Thank you
0 events found
No Events found!
Phil.Lam
4 Apprentice
•
637 Posts
0
October 12th, 2018 09:00
ruchitbhatt
Are the username on CentOS linux & Windows the same? If yes, check out this Isilon Multiprotocol blogs.
EMC Isilon Multiprotocol Concepts Series
Multiprotocol Concept Series Part 1: Overview
Multiprotocol Concepts Series Part 2: Access Tokens, User Mapping, and ID Mapping
Multiprotocol concepts series part 3: On-disk identity
Multiprotocol Concepts Series part 4: Isilon file access checking
Multiprotocol Concepts Series part 5: Troubleshooting permissions issues and the Permissions Repair job
Please read this pdf also
https://www.dellemc.com/resources/en-us/asset/white-papers/products/storage/h13115-wp-emc-isilon-onefs-multiprotocol-sec…
The simplest user mapping case
Let’s explore the simplest case: the user name is the same in AD and LDAP, so you can map the AD user name to the LDAP user name. The mapping is on a per-zone basis, wildcard to wildcard. The rule looks like this:
isi zone zones view –zone=system
[info snipped]
User Mapping Rules: DOMAIN\* &= * [ ]
This rule says to map username to username: bsmith to bsmith, russ to russ, jchan to jchan, and so on.
NOTE:
Updated user mapping rule for OneFS 8+
# isi zone zones modify --user-mapping-rules=' \* += * [group,groups]' --zone=System
ruchitbhatt
1 Rookie
•
2 Posts
0
October 12th, 2018 09:00
@Phil Lam
Thank you for your reply.
Yes, username are same on both centos & windows
(by following this method on centos 7.5 https://www.linuxtechi.com/integrate-rh ... directory/ )
Multiprotocol concept seems interesting, will definitely check that blog. I hope this will solve file sharing permission directly on isilon side instead of managing separate samba server to resolve user/group permission on windows side. one more thing, this method also support SUID, SGID and sticky bit of Linux ?
Thanks again
crklosterman
450 Posts
1
October 15th, 2018 09:00
Also keep in mind that the goal of multi protocol file access summed up generally is that:
1. The same User
2. Gets the same access
3. to the Same Data
4. Regardless of what protocol they connect to the cluster with.
To reach that goal you need to store just one set of permissions on disk, and have proper AIMA or user mapping as Phil stated above. And definitely you don't want a SAMBA server in front of an Isilon cluster. Quite counter-productive.
~Chris
Phil.Lam
4 Apprentice
•
637 Posts
0
October 15th, 2018 10:00
ruchitbhatt,
No Samba server is needed for Isilon as Chris Klosterman mentioned. Isilon handles multiprotocol natively and permissions will align properly if configured correctly.