|
|
| Line 1: |
Line 1: |
| − | = Manila File Share Access Of AD =
| |
| | | | |
| − | ==AD configuration on 3PAR==
| |
| − | ===Authentication parameters configuration===
| |
| − | * Clear existing authentication parameters
| |
| − | setauthparam –clearall
| |
| − | * Configure new AD authentication parameters
| |
| − | setauthparam ldap-server <ad_server_ip>
| |
| − | setauthparam binding simple
| |
| − | setauthparam user-attr <domain_name>\\
| |
| − | (For example, setauthparam user-attr SET\\)
| |
| − | setauthparam accounts-dn CN=Users,DC=<domain>
| |
| − | (For example, setauthparam accounts-dn CN=Users,DC=set,DC=rdlabs,DC=hpecorp,DC=net)
| |
| − | setauthparam account-obj user
| |
| − | setauthparam account-name-attr sAMAccountName
| |
| − | setauthparam memberof-attr memberOf
| |
| − | setauthparam super-map CN=<user_group>,DC=<domain>
| |
| − | (For example, setauthparam super-map CN=3Par\ Test,DC=set,DC=rdlabs,DC=hpecorp,DC=net)
| |
| − | * Verify new authentication parameters set as expected
| |
| − | showauthparam
| |
| − | * Verify AD users set as expected
| |
| − | checkpassword <AD user>
| |
| − | Command result should show ‘user <ad_user> is authenticated and authorized’ message for successful configuration
| |
| − |
| |
| − | ===Enable AD Service on File Share===
| |
| − | * Add 'ActiveDirectory' in authentication providers list
| |
| − | setfs auth ActiveDirectory Local
| |
| − | * Verify authentication provider list shows 'ActiveDirectory'
| |
| − | showfs –auth
| |
| − | * Set/Add AD user on FS
| |
| − | setfs ad –passwd <password> <username> <domain>
| |
| − | * Verify FS user details
| |
| − | showfs -ad
| |
| − |
| |
| − | ===AD settings On SMB File Share - Using 3PAR SSMC===
| |
| − | * Steps to set AD user for SMB file share
| |
| − | ** Select an SMB file share on SSMC
| |
| − | ** Go to Actions -> Edit
| |
| − | ** Click on Permission -> Add
| |
| − | ** Set User or group name: domain\user
| |
| − | ** Set Permission Type: Allow
| |
| − | ** Set Permission Settings: Read Only/Full Control
| |
| − | ** Click on Additional Settings -> Add
| |
| − | ** Set client/host IP address on which share should be mounted (Optional)
| |
| − |
| |
| − | ==Openstack Commands For Manila File Share==
| |
| − | * Go to devstack directory and get manila CLI access
| |
| − | source openrc admin admin
| |
| − | * Create a CIFS file share with 2GB of size:
| |
| − | manila –name <file_share_name> –share-type 3par CIFS 2
| |
| − | * Check file share created as expected
| |
| − | manila show <file_share_name>
| |
| − | * Configuration to provide share access to client:
| |
| − | manila access-allow <file_share_name> <client_ip_address>
| |
| − | * Configuration to provide share access to AD user:
| |
| − | manila access-allow <file_share_name> user <domain_name>\\\\<ad_user> --a
| |
| − | * Check users permission set as expected:
| |
| − | manila access-list <file_share_name>
| |
| − |
| |
| − |
| |
| − | ==File Share Access on Direct Host==
| |
| − | ===Mount File Share on Windows Host===
| |
| − | * Options 1: open windows command prompt and run below command
| |
| − | net use z: \\<vfs_ip_address>\<smb_share_name> /user:<ad_user>@<ad_domain_name>
| |
| − | Command will prompt to enter passoword of AD user
| |
| − | * Options 2: go to Start and click on Run and type path in below format
| |
| − | \\<vfs_ip>\<smb_share_name>
| |
| − | Command will prompt to enter user and passoword. Provide user credentials in below format
| |
| − | **Enter user: ad_user@ad_domain_name
| |
| − | **Enter password: ad_user_password
| |
| − | ===Mount File Share on Linux Host===
| |
| − | * Command to run on linux host
| |
| − | sudo mount –t cifs –rw,iocharset=utf8,file_mode=0777,dir_mode=0777,user_name=<ad_user>,domain=<ad_domain>,sec=ntlm //<vfs_ip_address>/smb_share_name /local_mount_dir_path
| |
