Error trying to enable LDAP with kerberos authentication with GPFS

Question

I have 3 RHEL7 nodes with GPFS / Spectrum Scale 4.2.0.0 installed. The 3 nodes have been setup with GPFS as a cluster with a GPFS filesystem created.

I am trying enable LDAP based authentication with kerberos on that filesystem.

Here's the process I followed:

From AD/LDAP domain controller I created the krb5.keytab file:

ktpass /princ mbarker@bdtest.com /pass Temp4now /ptype KRB5_NT_PRINCIPAL /out username.keytab

I then copied that onto the primary GPFS node in /var/mmfs/tmp

On the GPFS node I cd to /usr/lpp/mmfs/bin and run:

mmuserauth service create --type ldap --data-access-method file --servers bdtestdc01 --base-dn dc=bdtest,dc=com --user-name cn=mbarker,dc=bdtest,dc=com --password Temp4now --netbios-name bdgpfs01 --enable-kerberos --kerberos-server bdtestdc01 --kerberos-realm bdtest.com

I expect to see: File Authentication configuration completed successfully.

But What I see is:

[E] Failed to execute command ldapsearch ldap_bind: Invalid credentials (49) additional info: 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 mmuserauth service create: Command failed. Examine previous error messages to determine cause.

I googled the error message but everything I read wanted to verify the password is fine. I know the password is correct. Any suggestions?

score 0 · Answer 1 · answered Mar 30 '16 at 05:59

0

If you are running Active Directory in your infrastructure you should integrate Spectrum Scale with Active Directory using the --type ad option of the "mmuserauth service create" command. Integrating AD as an LDAP server is not supported.

answered Mar 30 '16 at 05:59

Kaustubh Katruwar

11
1

I need kerberos though and Spectrum Scale does not support kerberos with AD only with AD. – mrbarker Apr 22 '16 at 17:07

Error trying to enable LDAP with kerberos authentication with GPFS

1 Answers1