The --user-name option applies to both, AD and LDAP authentication. In the LDAP case, this information is correct. I will try to get some clarification added for the AD case.
The same applies to the information shown in "service list". There is a common field that holds the information and the parameter from the initial "service create" is stored there. The meaning is different for AD and LDAP: For LDAP it is the username being used to access the LDAP server, while in the AD case it was only the user initially used until the machine account was created. Regards, Christof Schmitt || IBM || Spectrum Scale Development || Tucson, AZ [email protected] || +1-520-799-2469 (T/L: 321-2469) From: Jan-Frode Myklebust <[email protected]> To: gpfsug main discussion list <[email protected]> Date: 08/26/2016 05:59 AM Subject: Re: [gpfsug-discuss] CES and mmuserauth command Sent by: [email protected] On Fri, Aug 26, 2016 at 1:49 AM, Christof Schmitt < [email protected]> wrote: When joinging the AD domain, --user-name, --password and --server are only used to initially identify and logon to the AD and to create the machine account for the cluster. Once that is done, that information is no longer used, and e.g. the account from --user-name could be deleted, the password changed or the specified DC could be removed from the domain (as long as other DCs are remaining). That was my initial understanding of the --user-name, but when reading the man-page I get the impression that it's also used to do connect to AD to do user and group lookups: ------------------------------------------------------------------------------------------------------ ‐‐user‐name userName Specifies the user name to be used to perform operations against the authentication server. The specified user name must have sufficient permissions to read user and group attributes from the authentication server. ------------------------------------------------------------------------------------------------------- Also it's strange that "mmuserauth service list" would list the USER_NAME if it was only somthing that was used at configuration time..? -jf_______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss _______________________________________________ gpfsug-discuss mailing list gpfsug-discuss at spectrumscale.org http://gpfsug.org/mailman/listinfo/gpfsug-discuss
