Trouble Accessing Exports When Authentication Server And Clientstorwize V7000 Unified Configurations Are Correct; Resolving Access Failures On An Storwize V7000 Unified System With A Subordinate Id Map Role - IBM Storwize V7000 Unified Problem Determination Manual
Hide thumbs
Also See for Storwize V7000 Unified:
- Introduction and implementation manual (670 pages) ,
- Problem determination manual (348 pages) ,
- Troubleshooting and maintenance manual (189 pages)
Table of Contents
Advertisement
$ lookupname --user SONAS\\userr
USER
GROUP
SONAS\userr SONAS\domain users
EFSSG1000I The command completed successfully.
$ chkauth -i -u SONAS\\userr
Command_Output_Data
FETCH USER INFO SUCCEED 12004360 12000513 /var/opt/IBM/sofs/scproot /usr/bin/rssh
EFSSG1000I The command completed successfully.
When the system is unable to authenticate against an external authentication
server, you must ensure that it can obtain user information from the authentication
server. For this user information, query commands can be run from the file
modules. For example, in the case of the LDAP authentication server, you can issue
a command as shown in the following example:
$ chkauth -a -u SONAS\\userr -p ******
AUTHENTICATE USER SUCCEED
EFSSG1000I The command completed successfully.
Trouble accessing exports when authentication server and
clientStorwize V7000 Unified configurations are correct
About this task
If you cannot access an export and the server and Storwize V7000 Unified
configurations are correct, it could be because of the following reasons.
v If Storwize V7000 Unified authentication is configured against an LDAP server,
the user entries are case-sensitive when you access exports. If the server and
client configurations are correct, ensure that the user entries have the correct
case.
v If Storwize V7000 Unified authentication is configured against an Active
Directory server, user entries are not case-sensitive when you access exports.
When you access CIFS exports, ensure that you use the domain name and user
name, separated by a backslash (\), for example, w2k3dom01\test1.
Resolving access failures on an Storwize V7000 Unified
system with a subordinate ID map role
About this task
When two or more Storwize V7000 Unified systems are in asynchronous
replication or remote caching relationship, and they both have authentication as AD
and ID mapping as auto, then one system can be given the ID map role as master
and another system is given the ID map role as subordinate. In this configuration,
if a user cannot access data on the subordinate system (or if chkauth -i CLI
command fails on the subordinate Storwize V7000 Unified system), then use the
following steps to troubleshoot the issue.
Note:
v Use the following steps only when the systems are under asynchronous
replication or remote caching relationship with AD authentication, auto ID
mapping, and ID map role as master or subordinate. If systems are using LDAP
authentication or AD authentication with SFU ID mapping, then these steps are
not applicable.
v If there are multiple systems in the environment with all using AD authentication
and auto ID mapping, and the systems share asynchronous replication or remote
UID
GID
Home_Directory
Template_Shell
193
Chapter 4. File module
Advertisement
Table of Contents
Troubleshooting
