Manila/ManilaFileShareAccessOfAD
< Manila
Revision as of 07:15, 1 September 2016 by Vijay.ladani (talk | contribs)
Contents
AD configuration on 3PAR
Authentication parameters configuration
- Clear existing authentication parameters
setauthparam –clearall
- Configure new AD authentication parameters
setauthparam ldap-server <ad_server_ip> setauthparam binding simple setauthparam user-attr <domain_name>\\ (For example, setauthparam user-attr SET\\) setauthparam accounts-dn CN=Users,DC=<domain> (For example, setauthparam accounts-dn CN=Users,DC=set,DC=rdlabs,DC=hpecorp,DC=net) setauthparam account-obj user setauthparam account-name-attr sAMAccountName setauthparam memberof-attr memberOf setauthparam super-map CN=<user_group>,DC=<domain> (For example, setauthparam super-map CN=3Par\ Test,DC=set,DC=rdlabs,DC=hpecorp,DC=net)
- Verify new authentication parameters set as expected
showauthparam
- Verify AD users set as expected
checkpassword <AD user>
Command result should show ‘user <ad_user> is authenticated and authorized’ message for successful configuration
- Add 'ActiveDirectory' in authentication providers list
setfs auth ActiveDirectory Local
- Verify authentication provider list shows 'ActiveDirectory'
showfs –auth
- Set/Add AD user on FS
setfs ad –passwd <password> <username> <domain>
- Verify FS user details
showfs -ad
- Steps to set AD user for SMB file share
- Select an SMB file share on SSMC
- Go to Actions -> Edit
- Click on Permission -> Add
- Set User or group name: domain\user
- Set Permission Type: Allow
- Set Permission Settings: Read Only/Full Control
- Click on Additional Settings -> Add
- Set client/host IP address on which share should be mounted (Optional)
- Go to devstack directory and get manila CLI access
source openrc admin admin
- Create a CIFS file share with 2GB of size:
manila –name <file_share_name> –share-type 3par CIFS 2
- Check file share created as expected
manila show <file_share_name>
- Configuration to provide share access to client:
manila access-allow <file_share_name> <client_ip_address>
- Configuration to provide share access to AD user:
manila access-allow <file_share_name> user <domain_name>\\\\<ad_user> --a
- Check users permission set as expected:
manila access-list <file_share_name>
- Options 1: open windows command prompt and run below command
net use z: \\<vfs_ip_address>\<smb_share_name> /user:<ad_user>@<ad_domain_name>
Command will prompt to enter passoword of AD user
- Options 2: go to Start and click on Run and type path in below format
\\<vfs_ip>\<smb_share_name>
Command will prompt to enter user and passoword. Provide user credentials in below format
- Enter user: ad_user@ad_domain_name
- Enter password: ad_user_password
- Command to run on linux host
sudo mount –t cifs –rw,iocharset=utf8,file_mode=0777,dir_mode=0777,user_name=<ad_user>,domain=<ad_domain>,sec=ntlm //<vfs_ip_address>/smb_share_name /local_mount_dir_path