When the IBM Spectrum Scale™ system
is configured for AD-based authentication, automatic ID mapping method
can be used to create UID or GID of a user or group respectively.
The ID maps are stored within the IBM
Spectrum Scale system.
The following provides an example of how to configure an IBM
Spectrum Scale system with
Active Directory and automatic ID mapping.
- Issue the mmuserauth service create command
as shown in the following example:
# mmuserauth service create --type ad --data-access-method file --netbios-name
ess --user-name administrator --idmap-role master --servers myADserver
--password Passw0rd --idmap-range-size 1000000 --idmap-range 10000000-299999999
The system displays the following output:
File Authentication configuration completed successfully.
- Verify the authentication configuration by issuing the mmuserauth
service list command as shown in the following example:
# mmuserauth service list
The system displays the following output:FILE access configuration : AD
PARAMETERS VALUES
-------------------------------------------------
ENABLE_NFS_KERBEROS false
SERVERS myADserver
USER_NAME administrator
NETBIOS_NAME ess
IDMAP_ROLE master
IDMAP_RANGE 10000000-299999999
IDMAP_RANGE_SIZE 1000000
UNIXMAP_DOMAINS none
OBJECT access not configured
PARAMETERS VALUES
-------------------------------------------------
- Verify the user resolution on the system:
# id "DOMAIN\\user1"
uid=12001172(DOMAIN\user1) gid=12001174(DOMAIN\group1) groups=12001174
(DOMAIN\group1),12001172(DOMAIN\user1),12000513(DOMAIN\domain users),
11000545(BUILTIN\users)