Configuring AD-based authentication with automatic ID mapping

When the IBM Storage Scale system is configured for AD-based authentication, automatic ID mapping method can be used to create UID or GID of a user or group respectively. The ID maps are stored within the IBM Storage Scale system.

The following provides an example of how to configure an IBM Storage Scale system with Active Directory and automatic ID mapping.
  1. Issue the mmuserauth service create command as shown in the following example: 
    # mmuserauth service create --type ad --data-access-method file --netbios-name 
ess --user-name administrator --idmap-role master --servers myADserver  --idmap-range-size 1000000
--idmap-range 10000000-299999999
    The system displays the following output:
    File authentication configuration completed successfully.
  2. Verify the authentication configuration by issuing the mmuserauth service list command as shown in the following example: 
    # mmuserauth service list
    The system displays the following output:
    FILE access configuration : AD
PARAMETERS               VALUES
-------------------------------------------------
ENABLE_NFS_KERBEROS      false
SERVERS                  "*"
USER_NAME                ess$
NETBIOS_NAME             ess
IDMAP_ROLE               master
IDMAP_RANGE              10000000-299999999
IDMAP_RANGE_SIZE         1000000
UNIXMAP_DOMAINS          none
LDAPMAP_DOMAINS          none

OBJECT access not configured
PARAMETERS               VALUES
-------------------------------------------------
  3. Verify the user resolution on the system: 
    # id "DOMAIN\\user1"
uid=12001172(DOMAIN\user1) gid=12001174(DOMAIN\group1) groups=12001174
(DOMAIN\group1),12001172(DOMAIN\user1),12000513(DOMAIN\domain users),
11000545(BUILTIN\users)
  4. To configure an IBM Storage Scale system with Active Directory that has IPv6 address, issue the following command: 
    # mmuserauth service create --type ad --data-access-method file --servers [2001:192::e61f:122:feb7:5df0]
--netbios-name specscale --user-name adUser --idmap-role master --idmap-range-size
1000000 --idmap-range 10000000-299999999
    The system displays the following output:
    File authentication configuration completed successfully.
  5. To verify the authentication configuration with Active Directory that has IPv6 address, issue the mmuserauth service list command as shown in the following example: 
    # mmuserauth service list
    The system displays the following output:
    FILE access configuration : AD
PARAMETERS               VALUES                   
-------------------------------------------------
ENABLE_NFS_KERBEROS      false                    
SERVERS                  "*"                      
USER_NAME                adUser$             
NETBIOS_NAME             specscale              
IDMAP_ROLE               master                   
IDMAP_RANGE              10000000-299999999       
IDMAP_RANGE_SIZE         1000000                  
UNIXMAP_DOMAINS          none                     
LDAPMAP_DOMAINS          none                     

OBJECT access not configured
PARAMETERS               VALUES                   
-------------------------------------------------