On 5/5/22 08:31, Spike White wrote:
Ed,
That sounds like an excellent plan. Every major NAS vendor (I work for
one) supports LDAP authentication. Even against AD domain controllers.
(I'm a Linux engineer, not a storage engineer -- so I don't know the
details of the NAS LDAP auth, only
Thanks Bryan,
Yes, that's my point! I still feel that the issue is with the NAS vendors.
Adding the SSSD algorithm would be a small amount of effort and "just work" for
most of us working with Linux systems. As I mentioned before it seems that
multiple people say they've asked their NAS
Define 'large'?
In general many NAS, SAN and even Network vendors have issues with LDAP
trees and attributes any way.
So UID, GID and UPN (user@domain) and NT/Dom SID enumeration and mapping is
a secondary issue.
I.e., I spend a lot more time dealing with maintaining a 'light' 389/RHDS
or
Ed,
I'm a Linux engineer, reading and learning on this sssd mailing list. I
had just never seen a large company that used that algorithm that's all.
Spike
On Mon, May 9, 2022 at 2:21 AM wrote:
> Hey Spike,
>
> I'm curious, why is it you previously said that SSSD based ID mapping is
> only
Hey Spike,
I'm curious, why is it you previously said that SSSD based ID mapping is only
used at small scale?
I understand that it's not using a single source of truth (the directory) to
provide UID and GID values, but the algorithm is so consistent. I ran a test
across all our systems in one
Hey Spike,
We need to use NFS v4 with Kerberos for security reasons.
This reminds me why we've kept running our file servers on Linux VMs -
everything just worked with SSD and at a surprising scale. Now (if we go
ahead) we've got a lot of work to do affecting all Linux systems, all to just
Ed,
That sounds like an excellent plan. Every major NAS vendor (I work for
one) supports LDAP authentication. Even against AD domain controllers.
(I'm a Linux engineer, not a storage engineer -- so I don't know the
details of the NAS LDAP auth, only that it's fully supported and used here
On Thu, 2022-05-05 at 00:49 +0200, Joakim Tjernlund wrote:
> On Wed, 2022-05-04 at 22:21 +, mythm...@runbox.com wrote:
> > Thanks Spike!
> >
> > It looks like extending the AD to cater for UIDs and GIDs is the most
> > supported and least effort change to allow us to use any NAS.
> >
> > If
On Wed, 2022-05-04 at 22:21 +, mythm...@runbox.com wrote:
> Thanks Spike!
>
> It looks like extending the AD to cater for UIDs and GIDs is the most
> supported and least effort change to allow us to use any NAS.
>
> If we get approval, we'll likely come up with a system to populate these
>
Thanks Spike!
It looks like extending the AD to cater for UIDs and GIDs is the most supported
and least effort change to allow us to use any NAS.
If we get approval, we'll likely come up with a system to populate these values
in the AD from an existing SSSD Linux client so that they match,
Ed,
Got this from our AD team:
This MS article contains info regarding RFC 2307 and mentions it being
included in Window 2003 and later. Hopefully, this helps.
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-adts/213f515b-9cf2-43e8-b6c8-47b13cd61281
We are currently up to
On 30/4/22 8:03 am, Ed wrote:
From what I've read that RFC and the schema extension for AD has been
deprecated for some time. (Sorry I can't find the link now on my phone but I'm
confident that it's right)
Hi Spike,
Turns out that I might be wrong. Microsoft pulled their "Identity
Thanks for the suggestion James!
That sounds similar to what our existing SAN vendor (Hitachi) does with their
NAS devices. We avoided it as it had a very low maximum user limit (from memory
only 1000 at a time) and it sounded unmanageable through automation anyway (no
API etc).
It sounds
Hi Spike,
Yes I mean exactly that.
From what I've read that RFC and the schema extension for AD has been
deprecated for some time. (Sorry I can't find the link now on my phone but I'm
confident that it's right)
Thanks!
Ed
___
sssd-users mailing list
On Thu, Apr 28, 2022 at 10:39 PM wrote:
> For good reasons we need to move from Linux based file servers to a
> NAS. The problem is that all our Linux systems use the SSD ID
> mapping algorithm to calculate UID and GIDs (and it works
> great!). We've not found a commercial NAS vendor who
Ed,
When you say "uses the SSSD ID mapping algorithm to calculate UID and GID",
do you mean that algorithm that formulaically calculates the user's UID off
the Windows SID?
We are a large company (~25 - 27k sssd clients), but we use the RFC 2307bis
schema extension from Microsoft. Beaucoup NAS
16 matches
Mail list logo