在GPFS文件系统中启用AD身份验证时出错

时间:2015-12-21 20:27:10

标签: filesystems

我在2个linux节点(都运行RHEL 7)GPFS集群上创建了一个文件系统。我正在尝试启用AD身份验证,但收到错误,无法找到修复的答案。以下是我在管理器节点上遵循的流程:

./spectrumscale file auth ad

是编辑模板

我使用以下信息填写模板:

[file_ad]
servers = bdtestdc01 <--- my test AD server
netbios_name = gpfscluser <--- the name I gave the cluster during setup Is  this field looking for another name?
idmap_role = master
bind_username = administrator
bind_password = the domain password of the administrator account

unixmap_domains = bdtest.subdomain.company.com

我保存模板并设置密码。然后我跑:

./spectrumscale deploy

安装身份验证时出错。日志文件说:

Error executing action run on resource 'execute[Configure file authentication]

2015-12-21 10:45:31,440 [ TRACE ] bdgpfs01.subdomain.company.com Chef Client failed. 1 resources updated in 3.641691552 seconds
2015-12-21 10:45:31,456 [ TRACE ] bdgpfs01.subdomain.company.com [2015-12-21T10:45:31-08:00] ERROR: execute[Configure file authentication] (auth::auth_file_configure line 22) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '1'
2015-12-21 10:45:31,456 [ TRACE ] bdgpfs01.subdomain.company.com ---- Begin output of /usr/lpp/mmfs/bin/mmuserauth service create --data-access-method file --type ad --servers 'bdtestbluedc01' --netbios-name 'gpfscluster' --idmap-role 'master' --user-name 'administrator' --password XXXXXX --unixmap-domains 'bdtest.subdomain.company.com' --idmap-range '10000000-299999999' --idmap-range-size '1000000' --enable-nfs-kerberos ----
2015-12-21 10:45:31,456 [ TRACE ] bdgpfs01.subdomain.company.com STDOUT:
2015-12-21 10:45:31,457 [ TRACE ] bdgpfs01.subdomain.company.com STDERR: mmuserauth service create: Syntax error. The correct syntax is:
2015-12-21 10:45:31,457 [ TRACE ] bdgpfs01.subdomain.company.com   --unixmap-domains domain(lower value-higher value)
2015-12-21 10:45:31,457 [ TRACE ] bdgpfs01.subdomain.company.com mmuserauth service create: Command failed. Examine previous error messages to determine cause.
2015-12-21 10:45:31,438 [ TRACE ] bdgpfs01.subdomain.company.com     mmuserauth service create: Command failed. Examine previous error messages to determine cause.

1 个答案:

答案 0 :(得分:0)

域名字段正在寻找非空白字符和ID地图范围。

我没有使用配置模板,而是运行了以下命令,该命令成功启用了身份验证... 

mmuserauth service create --type ad --data-access-method file --netbios-name bdtestnode --user-name administrator --idmap-role master --servers myADserver --password Passwr0rd --idmap-range-size 1000000 --idmap-range 10000000-299999999

然后我运行以下命令进行测试:

id "testdomain\administrator"

它返回了正确的组和ID

相关问题
最新问题