|
|
(One intermediate revision by the same user not shown) |
Line 1: |
Line 1: |
− | = Manila File Share Access Of AD =
| |
| | | |
− | ==AD configuration on 3PAR==
| |
− | ===Authentication parameters configuration===
| |
− | * Clear existing authentication parameters
| |
− | setauthparam –clearall
| |
− | * Configure new AD authentication parameters
| |
− | setauthparam ldap-server <ad_server_ip>
| |
− | setauthparam binding simple
| |
− | setauthparam user-attr <domain_name>\\
| |
− | (For example, setauthparam user-attr SET\\)
| |
− | setauthparam accounts-dn CN=Users,DC=<domain>
| |
− | (For example, setauthparam accounts-dn CN=Users,DC=set,DC=rdlabs,DC=hpecorp,DC=net)
| |
− | setauthparam account-obj user
| |
− | setauthparam account-name-attr sAMAccountName
| |
− | setauthparam memberof-attr memberOf
| |
− | setauthparam super-map CN=<user_group>,DC=<domain>
| |
− | (For example, setauthparam super-map CN=3Par\ Test,DC=set,DC=rdlabs,DC=hpecorp,DC=net)
| |
− | * Verify new authentication parameters set as expected
| |
− | showauthparam
| |
− | * Verify AD users set as expected
| |
− | checkpassword <AD user>
| |
− | Command result should show ‘user <ad_user> is authenticated and authorized’ message for successful configuration
| |
− |
| |
− | ===Enable AD Service on File Share===
| |
− | * Add 'ActiveDirectory' in authentication providers list
| |
− | setfs auth ActiveDirectory Local
| |
− | * Verify authentication provider list shows 'ActiveDirectory'
| |
− | showfs –auth
| |
− | * Set/Add AD user on FS
| |
− | setfs ad –passwd <password> <username> <domain>
| |
− | * Verify FS user details
| |
− | showfs -ad
| |
− |
| |
− | ===AD settings On SMB File Share - Using 3PAR SSMC===
| |
− | * Steps to set AD user for SMB file share
| |
− | ** Select an SMB file share on SSMC
| |
− | ** Go to Actions -> Edit
| |
− | ** Click on Permission -> Add
| |
− | ** Set User or group name: domain\user
| |
− | ** Set Permission Type: Allow
| |
− | ** Set Permission Settings: Read Only/Full Control
| |
− | ** Click on Additional Settings -> Add
| |
− | ** Set client/host IP address on which share should be mounted (Optional)
| |
− |
| |
− | ==File Share Access on Host - Using AD User Credentials==
| |
− | ===Mount File Share on Windows Host===
| |
− | * Options 1: open windows command prompt and run below command
| |
− | net use z: \\<vfs_ip_address>\<smb_share_name> /user:<ad_user>@<ad_domain_name>
| |
− | Command will prompt to enter passoword of AD user
| |
− | * Options 2: go to Start and click on Run and type path in below format
| |
− | \\<vfs_ip>\<smb_share_name>
| |
− | Command will prompt to enter user and passoword. Provide user credentials in below format
| |
− | **Enter user: ad_user@ad_domain_name
| |
− | **Enter password: ad_user_password
| |
− | ===Mount File Share on Linux Host===
| |
− | * Command to run on linux host
| |
− | sudo mount –t cifs –rw,iocharset=utf8,file_mode=0777,dir_mode=0777,user_name=<ad_user>,domain=<ad_domain>,sec=ntlm //<vfs_ip_address>/smb_share_name /local_mount_dir_path
| |