Jump to: navigation, search

Manila/ManilaFileShareAccessOfAD

< Manila
Revision as of 07:15, 1 September 2016 by Vijay.ladani (talk | contribs)

Manila File Share Access Of AD

AD configuration on 3PAR

Authentication parameters configuration

  • Clear existing authentication parameters
     setauthparam –clearall
  • Configure new AD authentication parameters
     setauthparam ldap-server <ad_server_ip>
     setauthparam binding simple
     setauthparam user-attr <domain_name>\\
     (For example, setauthparam user-attr SET\\)
     setauthparam accounts-dn CN=Users,DC=<domain>
     (For example, setauthparam accounts-dn CN=Users,DC=set,DC=rdlabs,DC=hpecorp,DC=net)
     setauthparam account-obj user
     setauthparam account-name-attr sAMAccountName
     setauthparam memberof-attr memberOf	
     setauthparam super-map CN=<user_group>,DC=<domain>
     (For example, setauthparam super-map CN=3Par\ Test,DC=set,DC=rdlabs,DC=hpecorp,DC=net)
  • Verify new authentication parameters set as expected
     showauthparam
  • Verify AD users set as expected
     checkpassword <AD user>

Command result should show ‘user <ad_user> is authenticated and authorized’ message for successful configuration

Enable AD Service on File Share

  • Add 'ActiveDirectory' in authentication providers list
     setfs auth ActiveDirectory Local
  • Verify authentication provider list shows 'ActiveDirectory'
     showfs –auth
  • Set/Add AD user on FS
     setfs ad –passwd <password> <username> <domain>
  • Verify FS user details
     showfs -ad

AD settings On SMB File Share - Using 3PAR SSMC

  • Steps to set AD user for SMB file share
    • Select an SMB file share on SSMC
    • Go to Actions -> Edit
    • Click on Permission -> Add
    • Set User or group name: domain\user
    • Set Permission Type: Allow
    • Set Permission Settings: Read Only/Full Control
    • Click on Additional Settings -> Add
    • Set client/host IP address on which share should be mounted (Optional)

Openstack Commands For Manila File Share

  • Go to devstack directory and get manila CLI access
     source openrc admin admin
  • Create a CIFS file share with 2GB of size:
     manila –name <file_share_name> –share-type 3par CIFS 2
  • Check file share created as expected
     manila show <file_share_name>
  • Configuration to provide share access to client:
     manila access-allow <file_share_name> <client_ip_address>
  • Configuration to provide share access to AD user:
     manila access-allow <file_share_name> user <domain_name>\\\\<ad_user> --a
  • Check users permission set as expected:
     manila access-list <file_share_name>


File Share Access on Direct Host

Mount File Share on Windows Host

  • Options 1: open windows command prompt and run below command
     net use z: \\<vfs_ip_address>\<smb_share_name>  /user:<ad_user>@<ad_domain_name>

Command will prompt to enter passoword of AD user

  • Options 2: go to Start and click on Run and type path in below format
     \\<vfs_ip>\<smb_share_name>

Command will prompt to enter user and passoword. Provide user credentials in below format

    • Enter user: ad_user@ad_domain_name
    • Enter password: ad_user_password

Mount File Share on Linux Host

  • Command to run on linux host
     sudo mount –t cifs –rw,iocharset=utf8,file_mode=0777,dir_mode=0777,user_name=<ad_user>,domain=<ad_domain>,sec=ntlm //<vfs_ip_address>/smb_share_name /local_mount_dir_path
Retrieved from "https://wiki.openstack.org/w/index.php?title=Manila/ManilaFileShareAccessOfAD&oldid=132366"