Difference between revisions of "Manila/ManilaFileShareAccessOfAD"
< Manila
Vijay.ladani (talk | contribs) (Created page with "= Manila File Share Access Of AD = ==AD configuration on 3PAR== ===Authentication parameters configuration=== * Clear existing authentication parameters setauthparam...") |
Vijay.ladani (talk | contribs) |
||
Line 44: | Line 44: | ||
** Set client/host IP address on which share should be mounted (Optional) | ** Set client/host IP address on which share should be mounted (Optional) | ||
− | ==File Share Access on Host | + | ==Openstack Commands For Manila File Share== |
+ | * Go to devstack directory and get manila CLI access | ||
+ | source openrc admin admin | ||
+ | * Create a CIFS file share with 2GB of size: | ||
+ | manila –name <file_share_name> –share-type 3par CIFS 2 | ||
+ | * Check file share created as expected | ||
+ | manila show <file_share_name> | ||
+ | * Configuration to provide share access to client: | ||
+ | manila access-allow <file_share_name> <client_ip_address> | ||
+ | * Configuration to provide share access to AD user: | ||
+ | manila access-allow <file_share_name> user <domain_name>\\\\<ad_user> --a | ||
+ | * Check users permission set as expected: | ||
+ | manila access-list <file_share_name> | ||
+ | |||
+ | |||
+ | ==File Share Access on Direct Host== | ||
===Mount File Share on Windows Host=== | ===Mount File Share on Windows Host=== | ||
* Options 1: open windows command prompt and run below command | * Options 1: open windows command prompt and run below command |
Revision as of 07:15, 1 September 2016
Contents
AD configuration on 3PAR
Authentication parameters configuration
- Clear existing authentication parameters
setauthparam –clearall
- Configure new AD authentication parameters
setauthparam ldap-server <ad_server_ip> setauthparam binding simple setauthparam user-attr <domain_name>\\ (For example, setauthparam user-attr SET\\) setauthparam accounts-dn CN=Users,DC=<domain> (For example, setauthparam accounts-dn CN=Users,DC=set,DC=rdlabs,DC=hpecorp,DC=net) setauthparam account-obj user setauthparam account-name-attr sAMAccountName setauthparam memberof-attr memberOf setauthparam super-map CN=<user_group>,DC=<domain> (For example, setauthparam super-map CN=3Par\ Test,DC=set,DC=rdlabs,DC=hpecorp,DC=net)
- Verify new authentication parameters set as expected
showauthparam
- Verify AD users set as expected
checkpassword <AD user>
Command result should show ‘user <ad_user> is authenticated and authorized’ message for successful configuration
- Add 'ActiveDirectory' in authentication providers list
setfs auth ActiveDirectory Local
- Verify authentication provider list shows 'ActiveDirectory'
showfs –auth
- Set/Add AD user on FS
setfs ad –passwd <password> <username> <domain>
- Verify FS user details
showfs -ad
- Steps to set AD user for SMB file share
- Select an SMB file share on SSMC
- Go to Actions -> Edit
- Click on Permission -> Add
- Set User or group name: domain\user
- Set Permission Type: Allow
- Set Permission Settings: Read Only/Full Control
- Click on Additional Settings -> Add
- Set client/host IP address on which share should be mounted (Optional)
- Go to devstack directory and get manila CLI access
source openrc admin admin
- Create a CIFS file share with 2GB of size:
manila –name <file_share_name> –share-type 3par CIFS 2
- Check file share created as expected
manila show <file_share_name>
- Configuration to provide share access to client:
manila access-allow <file_share_name> <client_ip_address>
- Configuration to provide share access to AD user:
manila access-allow <file_share_name> user <domain_name>\\\\<ad_user> --a
- Check users permission set as expected:
manila access-list <file_share_name>
- Options 1: open windows command prompt and run below command
net use z: \\<vfs_ip_address>\<smb_share_name> /user:<ad_user>@<ad_domain_name>
Command will prompt to enter passoword of AD user
- Options 2: go to Start and click on Run and type path in below format
\\<vfs_ip>\<smb_share_name>
Command will prompt to enter user and passoword. Provide user credentials in below format
- Enter user: ad_user@ad_domain_name
- Enter password: ad_user_password
- Command to run on linux host
sudo mount –t cifs –rw,iocharset=utf8,file_mode=0777,dir_mode=0777,user_name=<ad_user>,domain=<ad_domain>,sec=ntlm //<vfs_ip_address>/smb_share_name /local_mount_dir_path