Configuring authentication and ID mapping for file access
The system administrator can decide whether to configure authentication and ID mapping method either during the installation of the IBM Spectrum Scale™ system or after the installation. If the authentication configuration is not configured during installation, you can manually do it by using the mmuserauth service create command from any protocol node of the IBM Spectrum Scale system. This section covers the manual method of configuring authentication for file access.
You can configure the following external authentication servers
for file access:
- Active Directory (AD)
- Light Weight Directory Access Protocol (LDAP)
- Network Information Service (NIS)
Before you configure the authentication method, ensure that the following RPMs
are installed on all the protocol nodes before you start configuring the authentication method:
Note: If
you try to configure the file authentication method manually, with the mmuserauth
cli command, the command displays an error message if the required RPMs are not installed
on the nodes. The error output includes a list of nodes in which some RPMs are not installed and a
list of the missing RPMs for each node.
- On Red Hat Enterprise Linux nodes
- For AD:
- bind-utils
- krb5-workstation
- For LDAP:
- openldap-clients
- sssd and its dependencies ( particularly sssd-common
and sssd-ldap). It is a good idea to install all the dependencies, as in the
following example:
yum install sssd*
- krb5-workstation only if Kerberized authentication is planned.
- For NIS:
- sssd and its dependencies ( particularly sssd-common and sssd-proxy)
- ypbind and its dependencies (yp-tools)
- For AD:
- On SLES nodes
- For AD:
- bind-utils
- krb5-client
- For LDAP:
- openldap2-client
- sssd and its dependencies ( particularly sssd-common,
sssd-ldap, and sssd-krb5). It is a good idea to install
all the dependencies, as in the following example:
zypper install sssd*
- krb5-client only if Kerberized authentication is planned.
- For NIS:
- sssd and its dependencies ( particularly sssd-common and sssd-proxy)
- ypbind and its dependencies (yp-tools)
- For AD:
- On Ubuntu 16 nodes
- For AD:
- dnsutils
- krb5-user (only if Kerberos authentication is planned)
- For LDAP:
- ldap-utils
- krb5-user (only if Kerberos authentication is planned)
- sssd and its dependencies. It is a good idea to install all the
dependencies, as in the following example:
apt-get install sssd
- For NIS:
- sssd and its dependencies ( particularly sssd-common and sssd-proxy)
- nis and libslp1 (nis package automatically installs the libslp1 package)
- For AD: