Configuring authentication and ID mapping for file access

The system administrator can decide whether to configure authentication and ID mapping method either during the installation of the IBM Spectrum Scale™ system or after the installation. If the authentication configuration is not configured during installation, you can manually do it by using the mmuserauth service create command from any protocol node of the IBM Spectrum Scale system. This section covers the manual method of configuring authentication for file access.

You can configure the following external authentication servers for file access:
  • Active Directory (AD)
  • Light Weight Directory Access Protocol (LDAP)
  • Network Information Service (NIS)
Before you configure the authentication method, ensure that the following RPMs are installed on all the protocol nodes before you start configuring the authentication method:
Note: If you try to configure the file authentication method manually, with the mmuserauth cli command, the command displays an error message if the required RPMs are not installed on the nodes. The error output includes a list of nodes in which some RPMs are not installed and a list of the missing RPMs for each node.
On Red Hat Enterprise Linux nodes
  • For AD:
    • bind-utils
    • krb5-workstation
  • For LDAP:
    • openldap-clients
    • sssd and its dependencies ( particularly sssd-common and sssd-ldap). It is a good idea to install all the dependencies, as in the following example:
      yum install sssd*
    • krb5-workstation only if Kerberized authentication is planned.
  • For NIS:
    • sssd and its dependencies ( particularly sssd-common and sssd-proxy)
    • ypbind and its dependencies (yp-tools)
On SLES nodes
  • For AD:
    • bind-utils
    • krb5-client
  • For LDAP:
    • openldap2-client
    • sssd and its dependencies ( particularly sssd-common, sssd-ldap, and sssd-krb5). It is a good idea to install all the dependencies, as in the following example:
      zypper install sssd*
    • krb5-client only if Kerberized authentication is planned.
  • For NIS:
    • sssd and its dependencies ( particularly sssd-common and sssd-proxy)
    • ypbind and its dependencies (yp-tools)
On Ubuntu 16 nodes
  • For AD:
    • dnsutils
    • krb5-user (only if Kerberos authentication is planned)
  • For LDAP:
    • ldap-utils
    • krb5-user (only if Kerberos authentication is planned)
    • sssd and its dependencies. It is a good idea to install all the dependencies, as in the following example:
      apt-get install sssd
  • For NIS:
    • sssd and its dependencies ( particularly sssd-common and sssd-proxy)
    • nis and libslp1 (nis package automatically installs the libslp1 package)
Parent topic: Managing protocol user authentication
Related concepts:
Setting up authentication servers to configure protocol user access
Managing user-defined authentication
Configuring authentication for object access
Deleting the authentication and the ID mapping configuration
Listing the authentication configuration
Verifying the authentication services configured in the system
Modifying the authentication method
Authentication limitations
Related reference:
mmuserauth command