Isilon: OneFS: External Authentication Provider information missing for newly added nodes

A newly added node may not show the same authentication status as the original cluster nodes. In the following example, nodes 4-6 are newly added nodes that do not see the domain the cluster is joined to:

# isi_for_array -s "isi auth status | grep -i corp.xxx.org " 
xxx-ISILON-1: lsa-activedirectory-provider:CORP.xxx.ORG xxx.xxx.xxx.org online 
xxx-ISILON-2: lsa-activedirectory-provider:CORP.xxx.ORG xxx.xxx.xxx.org online 
xxx-ISILON-3: lsa-activedirectory-provider:CORP.xxx.ORG xxx.xxx.xxx.org online 
xxx-ISILON-4 exited with status 1 
xxx-ISILON-5 exited with status 1 
xxx-ISILON-6 exited with status 1 

If a node is added to a cluster before the networking configuration is implemented, lsass may have exhausted the number of attempts permitted to query the external authentication provider to load the configuration. Once a route from the node to the authentication provider is made available (cabling, external network configuration and adding the new node interfaces to a network pool that can reach the authentication provider), the lsass process is not automatically prompted to query again.

Run this command on the new node or nodes to refresh the configuration and the nodes attempt to connect to any configured external authentication providers:

# isi auth refresh

Or:

# isi_for_array -n <Low LNN-High LNN> 'isi auth refresh'

In this example, the command would be:

# isi_for_array -n 4-6 'isi auth refresh'

One method to mitigate the issue is to use node provisioning rules to automatically configure interfaces in specified network pools.
Refer to the PowerScale OneFS 9.14.0.0 CLI Administration Guide for more information. For OneFS 8.0.0.x, see information starting on page 537 under Managing network provisioning rules.

An lsass restart may be required. This is a per node command.

# /usr/likewise/bin/lwsm restart lsass