Manualshelf

6.5 HP StoreAll OS User Guide

ManualsBrandsHP ManualsStorageHP X9320 IB 21.6TB Network Storage System
81828384858687888990
NOTE: The following command is displayed on two lines, but the command should be
entered on one line:
sh /usr/local/ibrix/bin/set_provider_loadorder \ -c
"Ldap" "ActiveDirectory" "Local"
When configuring Provider Stacking be aware of the following:
Be aware that the StoreAll Management Console does not allow configuring multiple providers
simultaneously and will affect how provider configurations are handled For example, if you
configure the Active Directory provider first and then configure the LDAP provider, the Active
Directory provider remains in the provider list but the configuration is removed. If you configure
the LDAP provider first and then configure the Active Directory provider, the LDAP provider is
removed from the provider list. Therefore, you can configure one provider using the StoreAll
Management Console, but then you must use the CLI to configure the other providers.
If the same user token is found in multiple authentication providers, the first provider match
will effectively be the user token that is authenticated. This effectively hides the tokens found
in the other authentication backends, because they will never be reached. The order of
providers listed in the LoadOrder registry variable decides the order of provider resolution.
Do not assign the same user name or the same group name in multiple stacked name services,
such as Local and LDAP. This includes names where only the character case is different (for
example, User1 and user1). Further, do not assign multiple users with the same UID or assign
multiple groups with the same GID. These configurations may lead to unexpected results.
Configuring authentication from the CLI
To configure Active Directory, AD ID mapping with NIS and FILES, LDAP, LDAP ID mapping, or
Local Users and Groups from the CLI, see the ibrix_auth, ibrix_cifsconfig,
ibrix_idmapping, ibrix_ldapconfig, ibrix_ldapidmapping, ibrix_localusers,
and ibrix_localgroups commands in the HP StoreAll OS CLI Reference Guide.
Configuring shell access
By default, root and ibrix accounts have shell access to the cluster node. To obtain shell access for
additional users to the cluster node via SSH, add the user name (Active Directory or UNIX users)
specified in the down-level logon name format in the AllowUsers field in the
/etc/ssh/sshd_config file. The account must be in the following format in lower case:
Table 3 Required Syntax for the AllowUsers field
Required syntax for the account (lower case required)Type of User
allowusers root ibrix <domain>\usernameActive Directory users: Use
the down-level logon name
format.
allowusers root ibrix ldapuser localuserLocal and LDAP users: Use
the UNIX user format.
Restart the sshd service by entering the following command for your changes to the sshd_config
file to take effect:
/etc/init.d/sshd restart
82 Configuring authentication for SMB, FTP, and HTTP