PowerScaleOneFS CLI Command Reference

isi auth ads modify

Modifies an Active Directory authentication provider.

Syntax

isi auth ads modify <provider-name>
  [--reset-schannel {yes | no}]
  [--domain-controller <string>]
  [--authentication {yes | no}]
  [--allocate-gids {yes | no}]
  [--allocate-uids {yes | no}]
  [--assume-default-domain {yes | no}]
  [--check-online-interval <duration>]
  [--create-home-directory {yes | no}]
  [--domain-offline-alerts {yes | no}]
  [--findable-groups <string>...]
  [--clear-findable-groups]
  [--add-findable-groups <string>...]
  [--remove-findable-groups <string>...]
  [--findable-users <string>...]
  [--clear-findable-users]
  [--add-findable-users <string>...]
  [--remove-findable-users <string>...]
  [--home-directory-template <path>]
  [--ignore-all-trusts {yes | no}]
  [--ignored-trusted-domains <dns-domain>]
  [--clear-ignored-trusted-domains]
  [--add-ignored-trusted-domains <dns-domain>]
  [--remove-ignored-trusted-domains <dns-domain>]
  [--include-trusted-domains <dns-domain>]
  [--clear-include-trusted-domains]
  [--add-include-trusted-domains <dns-domain>]
  [--remove-include-trusted-domains <dns-domain>]
  [--ldap-sign-and-seal {yes | no}]
  [--login-shell <path>]
  [--lookup-domains <dns-domain>]
  [--clear-lookup-domains]
  [--add-lookup-domains <dns-domain>]
  [--remove-lookup-domains <dns-domain>]
  [--lookup-groups {yes | no}]
  [--lookup-normalize-groups {yes | no}]
  [--lookup-normalize-users {yes | no}]
  [--lookup-users {yes | no}]
  [--machine-password-changes {yes | no}]
  [--machine-password-lifespan <duration>]
  [--node-dc-affinity <string>]
  [--node-dc-affinity-timeout <timestamp>]
  [--nss-enumeration {yes | no}]
  [--restrict-findable {yes | no}]
  [--rpc-call-timeout <integer>]
  [--server-retry-limit <duration>]
  [--sfu-support {none | rfc2307}]
  [--store-sfu-mappings {true | false}]
  [--unfindable-groups <string>...]
  [--clear-unfindable-groups]
  [--add-unfindable-groups <string>...]
  [--remove-unfindable-groups <string>...]
  [--unfindable-users <string>...]
  [--clear-unfindable-users]
  [--add-unfindable-users <string>...]
  [--remove-unfindable-users <string>...]
  [--verbose]

Options

<provider-name>: Specifies the domain name that the Active Directory provider is joined to, which is also the Active Directory provider name.
--reset-schannel {yes | no}: Resets the secure channel to the primary domain.
--domain-controller <dns-domain>: Specifies a domain controller.
--authentication {yes | no}: Enables the use of the provider for authentication and identity.
--allocate-gids {yes | no}: Enables or disables GID allocation for unmapped Active Directory groups. Active Directory groups without GIDs can be proactively assigned a GID by the ID mapper. If this option is disabled, GIDs are not assigned proactively, but when a user's primary group does not include a GID, the system may allocate one.
--allocate-uids {yes | no}: Enables or disables UID allocation for unmapped Active Directory users. Active Directory users without UIDs can be proactively assigned a UID by the ID mapper. If this option is disabled, UIDs are not assigned proactively, but when a user's identity does not include a UID, the system may allocate one.
--assume-default-domain {yes | no}: Enables lookup of unqualified user names in the primary domain.
--check-online-interval <duration>: Specifies the time between provider online checks, in the format <integer>{Y|M|W|D|H|m|s}.
--create-home-directory {yes | no}: Specifies whether to create a home directory the first time a user logs in, if a home directory does not already exist for the user.
--domain-offline-alerts {yes | no}: Specifies whether to send an alert if the domain goes offline. If this option is set to yes, notifications are sent as specified in the global notification rules. The default value is no.
--findable-groups <string>...: Specifies a list of groups that can be resolved by this authentication provider. Repeat this option to specify multiple list items.
--clear-findable-groups: Removes all entries from the list of findable groups.
--add-findable-groups <string>...: Adds an entry to the list of groups that can be resolved by this authentication provider. Repeat this option to specify multiple list items.
--remove-findable-groups <string>...: Removes an entry from the list of groups that can be resolved by this authentication provider. Repeat this option to specify multiple list items.
--findable-users <string>...: Specifies a list of users that can be resolved by this authentication provider. Repeat this option to specify multiple list items.
--clear-findable-users: Removes all entries from the list of findable users.
--add-findable-users <string>...: Adds an entry to the list of users that can be resolved by this authentication provider. Repeat this option to specify multiple list items.
--remove-findable-users <string>...: Removes an entry from the list of users that can be resolved by this authentication provider. Repeat this option to specify multiple list items.
--home-directory-template <path>: Specifies the template path to use when creating home directories. The path must begin with /ifs and can include special character sequences that are dynamically replaced with strings at home directory creation time that represent specific variables. For example, %U, %D, and %Z are replaced with the user name, provider domain name, and zone name, respectively. For more information, see the Home directories section.
NOTE:If you are using Active Directory with Services for UNIX (SFU), spaces in Windows-created directory names are converted to underscores for UNIX compatibility.
--ignore-all-trusts {yes | no}: Specifies whether to ignore all trusted domains.
--ignored-trusted-domains <dns-domain>: Specifies a list of trusted domains to ignore if --ignore-all-trusts is disabled. Repeat this option to specify multiple list items.
--clear-ignored-trusted-domains: Clears the list of ignored trusted domains if --ignore-all-trusts is disabled.
--add-ignored-trusted-domains <dns-domain>: Adds a domain to the list of trusted domains to ignore if --ignore-all-trusts is disabled. Repeat this option to specify multiple list items.
--remove-ignored-trusted-domains <dns-domain>: Removes a specified domain from the list of trusted domains to ignore if --ignore-all-trusts is disabled. Repeat this option to specify multiple list items.
--include-trusted-domains <dns-domain>: Specifies a list of trusted domains to include if --ignore-all-trusts is enabled. Repeat this option to specify multiple list items.
--clear-include-trusted-domains: Clears the list of trusted domains to include if --ignore-all-trusts is enabled.
--add-include-trusted-domains <dns-domain>: Adds a domain to the list of trusted domains to include if --ignore-all-trusts is enabled. Repeat this option to specify multiple list items.
--remove-include-trusted-domains <dns-domain>: Removes a specified domain from the list of trusted domains to include if --ignore-all-trusts is enabled. Repeat this option to specify multiple list items.
--ldap-sign-and-seal {yes | no}: Specifies whether to use encryption and signing on LDAP requests to a domain controller.
--login-shell <path>: Specifies the path to the login shell to use if the Active Directory server does not provide login-shell information. This setting applies only to users who access the file system through SSH.
--lookup-domains <string>: Specifies a list of domains to which user and group lookups are to be limited. Repeat this option to specify multiple list items.
--clear-lookup-domains: Clears the list of restricted domains for user and group lookups.
--add-lookup-domains <string>: Adds an entry to the restricted list of domains to use for user and group lookups. Repeat this option to specify multiple list items.
--remove-lookup-domains <string>: Removes an entry from the list of domains to use for user and group lookups. Repeat this option to specify multiple list items.
--lookup-groups {yes | no}: Specifies whether to look up Active Directory groups in other providers before allocating a GID.
--lookup-normalize-groups {yes | no}: Specifies whether to normalize Active Directory group names to lowercase before looking them up.
--lookup-normalize-users {yes | no}: Specifies whether to normalize Active Directory user names to lowercase before looking them up.
--lookup-users {yes | no}: Specifies whether to look up Active Directory users in other providers before allocating a UID.
--machine-password-changes {yes | no}: Specifies whether to enable periodic changes of the machine account password for security purposes.
--machine-password-lifespan <duration>: Sets the maximum age of the machine account password, in the format <integer>{Y|M|W|D|H|m|s}.
{--node-dc-affinity | -x} <string>: Specifies the domain controller that the node should exclusively communicate with (affinitize). This option should be used with a timeout value, which is configured using the --node-dc-affinity-timeout option. Otherwise, the default timeout value of 30 minutes is assigned.; NOTE:This setting is for debugging purposes and should be left unconfigured during normal operation. To disable this feature, use a timeout value of 0.
{--node-dc-affinity-timeout} <timestamp>: Specifies the timeout setting for the local node affinity to a domain controller, using the date format <YYYY>-<MM>-<DD> or the date/time format <YYYY>-<MM>-<DD>T<hh>:<mm>[:<ss>].
NOTE:A value of 0 disables the affinity. When affinitization is disabled, communication with the specified domain controller may not end immediately. It may persist until another domain controller can be chosen.
--nss-enumeration {yes | no}: Specifies whether to allow the Active Directory provider to respond to getpwent and getgrent requests.
--restrict-findable {yes | no}: Specifies whether to check the authentication provider for filtered lists of findable and unfindable users and groups.

--rpc-call-timeout <integer>: The maximum amount of time (in seconds) that an RPC call to Active Directory is allowed to take. A value of 0 indicates no timeout.
--server-retry-limit <duration>: The number of retries to attempt when a call to Active Directory fails due to a network error.
--sfu-support {none | rfc2307}: Specifies whether to support RFC 2307 attributes for domain controllers. RFC 2307 is required for Windows UNIX Integration and for Services For UNIX (SFU) technologies.
--store-sfu-mappings {true | false}: Specifies whether to store SFU mappings permanently in the ID mapper.
--unfindable-groups <string>...: Specifies a list of groups that cannot be resolved by this authentication provider. Repeat this option to specify multiple list items.
--clear-unfindable-groups: Removes all entries from the list of unfindable groups.
--add-unfindable-groups <string>...: Adds an entry to the list of groups that cannot be resolved by this authentication provider. Repeat this option to specify multiple list items.
--remove-unfindable-groups <string>...: Removes an entry from the list of groups that cannot be resolved by this authentication provider. Repeat this option to specify multiple list items.
--unfindable-users <string>...: Specifies a list of users that cannot be resolved by this authentication provider. Repeat this option to specify multiple list items.
--clear-unfindable-users: Removes all entries from the list of unfindable users.
--add-unfindable-users <string>...: Adds an entry to the list of users that cannot be resolved by this authentication provider. Repeat this option to specify multiple list items.
--remove-unfindable-users <string>...: Removes an entry from the list of users that cannot be resolved by this authentication provider. Repeat this option to specify multiple list items.
{--verbose | -v}: Displays the results of running the command.

Welcome

Welcome to Dell

PowerScaleOneFS CLI Command Reference

isi auth ads modify

Syntax

Options

Rate this content