Hello fellow toasters,
I’m deep into the NFSv4 wormhole and flailing miserably. Any help or advice would be greatly appreciated.
I am exporting an NFSv4.1 volume from our filer (9.6P6). I can mount the volume on a CentOS7 client. I can make directories as root and chown them to a user in our LDAP directory. I can see the ACL with nfs4_getfacl, but I cannot set/edit the ACLs with nfs4_setfacl.
I’ve read both of Justin Parisi’s TRs (TR-4835 - How to Configure LDAP in ONTAP, TR-4067 NFS Best Practice and Implementation Guide) so I think I’ve done everything correctly.
I’ve configured both the NetApp and the client to talk to the same OpenLDAP server. Here are some relevant diagnostics:
# on the client:
[root@als-enable ~]# nfsstat -m /als/BL-831/data from ae10g-1:/BL831/ISPYB Flags: rw,relatime,vers=4.1,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.40.38,local_lock=none,addr=192.168.40.100
[root@als-enable ~]# nfs4_getfacl /als/BL-831/data/TEST/ # file: /als/BL-831/data/TEST/ A:d:nobody:rwaDxtTnNcCy A::OWNER@:rwaDxtTnNcCy A:g:GROUP@:rxtncy A::EVERYONE@:rxtncy
[root@als-enable ~]# nfs4_setfacl -a A::classen@als-enable.bl1231.als.lbl.gov:rwaDxtTnNcCy /als/BL-831/data/TEST Failed setxattr operation: Invalid argument
[root@als-enable ~]# nfs4_setfacl -a A::classen@ALS-ENABLE.BL1231.ALS.LBL.GOV:rwaDxtTnNcCy /als/BL-831/data/TEST Failed setxattr operation: Invalid argument
I think nfsid mapping is working.
[root@als-enable ~]# nfsidmap -l 4 .id_resolver keys found: gid:root@als-enable.bl1231.als.lbl.gov uid:root@als-enable.bl1231.als.lbl.gov gid:staff@als-enable.bl1231.als.lbl.gov uid:classen@als-enable.bl1231.als.lbl.gov
on the filer:
sibyls2::*> vserver nfs show -vserver als-enable-ds1 -fields v4.1-acl,v4-id-domain,v4.0-acl vserver v4.0-acl v4-id-domain v4.1-acl -------------- -------- ----------------------------- -------- als-enable-ds1 enabled als-enable.bl1231.als.lbl.gov enabled
sibyls2::*> vserver services name-service ns-switch show -vserver als-enable-ds1 Source Vserver Database Order --------------- ------------ --------- als-enable-ds1 hosts files, dns als-enable-ds1 group files, ldap als-enable-ds1 passwd files, ldap als-enable-ds1 netgroup files als-enable-ds1 namemap files, ldap
sibyls2::*> vserver services name-service ldap client show -client-config ae-ldap
Vserver: als-enable-ds1 Client Configuration Name: ae-ldap LDAP Server List: 192.168.40.38 (DEPRECATED)-LDAP Server List: - Active Directory Domain: - Preferred Active Directory Servers: - Bind Using the Vserver's CIFS Credentials: false Schema Template: RFC-2307 LDAP Server Port: 389 Query Timeout (sec): 3 Minimum Bind Authentication Level: anonymous Bind DN (User): cn=ldapadmin,dc=als-enable,dc=als,dc=lbl,dc=gov Base DN: dc=als-enable,dc=als,dc=lbl,dc=gov Base Search Scope: subtree User DN: - User Search Scope: subtree Group DN: - Group Search Scope: subtree Netgroup DN: - Netgroup Search Scope: subtree Vserver Owns Configuration: true Use start-tls Over LDAP Connections: true Enable Netgroup-By-Host Lookup: false Netgroup-By-Host DN: - Netgroup-By-Host Scope: subtree Client Session Security: none LDAP Referral Chasing: false Group Membership Filter:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scott Classen, Ph.D. ALS-ENABLE TomAlberTron Beamline 8.3.1 SIBYLS Beamline 12.3.1 Advanced Light Source Lawrence Berkeley National Laboratory 1 Cyclotron Rd MS6R2100 Berkeley, CA 94720 mobile 510.206.4418 desk 510.495.2697 beamline 510.495.2134 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Did you enable nfs-v4.1-acls? https://docs.netapp.com/ontap-9/topic/com.netapp.doc.cdot-famg-nfs/GUID-ECC9...
--tmac
*Tim McCarthy, **Principal Consultant*
*Proud Member of the #NetAppATeam https://twitter.com/NetAppATeam*
On Fri, Jun 5, 2020 at 4:18 PM Scott Classen sclassen@lbl.gov wrote:
Hello fellow toasters,
I’m deep into the NFSv4 wormhole and flailing miserably. Any help or advice would be greatly appreciated.
I am exporting an NFSv4.1 volume from our filer (9.6P6). I can mount the volume on a CentOS7 client. I can make directories as root and chown them to a user in our LDAP directory. I can see the ACL with nfs4_getfacl, but I cannot set/edit the ACLs with nfs4_setfacl.
I’ve read both of Justin Parisi’s TRs (TR-4835 - How to Configure LDAP in ONTAP, TR-4067 NFS Best Practice and Implementation Guide) so I think I’ve done everything correctly.
I’ve configured both the NetApp and the client to talk to the same OpenLDAP server. Here are some relevant diagnostics:
# on the client:
[root@als-enable ~]# nfsstat -m /als/BL-831/data from ae10g-1:/BL831/ISPYB Flags: rw,relatime,vers=4.1,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.40.38,local_lock=none,addr=192.168.40.100
[root@als-enable ~]# nfs4_getfacl /als/BL-831/data/TEST/ # file: /als/BL-831/data/TEST/ A:d:nobody:rwaDxtTnNcCy A::OWNER@:rwaDxtTnNcCy A:g:GROUP@:rxtncy A::EVERYONE@:rxtncy
[root@als-enable ~]# nfs4_setfacl -a A:: classen@als-enable.bl1231.als.lbl.gov:rwaDxtTnNcCy /als/BL-831/data/TEST Failed setxattr operation: Invalid argument
[root@als-enable ~]# nfs4_setfacl -a A:: classen@ALS-ENABLE.BL1231.ALS.LBL.GOV:rwaDxtTnNcCy /als/BL-831/data/TEST Failed setxattr operation: Invalid argument
I think nfsid mapping is working.
[root@als-enable ~]# nfsidmap -l 4 .id_resolver keys found: gid:root@als-enable.bl1231.als.lbl.gov uid:root@als-enable.bl1231.als.lbl.gov gid:staff@als-enable.bl1231.als.lbl.gov uid:classen@als-enable.bl1231.als.lbl.gov
on the filer:
sibyls2::*> vserver nfs show -vserver als-enable-ds1 -fields v4.1-acl,v4-id-domain,v4.0-acl vserver v4.0-acl v4-id-domain v4.1-acl
als-enable-ds1 enabled als-enable.bl1231.als.lbl.gov enabled
sibyls2::*> vserver services name-service ns-switch show -vserver als-enable-ds1
SourceVserver Database Order
als-enable-ds1 hosts files, dns als-enable-ds1 group files, ldap als-enable-ds1 passwd files, ldap als-enable-ds1 netgroup files als-enable-ds1 namemap files, ldap
sibyls2::*> vserver services name-service ldap client show -client-config ae-ldap
Vserver: als-enable-ds1 Client Configuration Name: ae-ldap LDAP Server List: 192.168.40.38 (DEPRECATED)-LDAP Server List: - Active Directory Domain: - Preferred Active Directory Servers: -Bind Using the Vserver's CIFS Credentials: false Schema Template: RFC-2307 LDAP Server Port: 389 Query Timeout (sec): 3 Minimum Bind Authentication Level: anonymous Bind DN (User): cn=ldapadmin,dc=als-enable,dc=als,dc=lbl,dc=gov Base DN: dc=als-enable,dc=als,dc=lbl,dc=gov Base Search Scope: subtree User DN: - User Search Scope: subtree Group DN: - Group Search Scope: subtree Netgroup DN: - Netgroup Search Scope: subtree Vserver Owns Configuration: true Use start-tls Over LDAP Connections: true Enable Netgroup-By-Host Lookup: false Netgroup-By-Host DN: - Netgroup-By-Host Scope: subtree Client Session Security: none LDAP Referral Chasing: false Group Membership Filter:
Scott Classen, Ph.D. ALS-ENABLE TomAlberTron Beamline 8.3.1 SIBYLS Beamline 12.3.1 Advanced Light Source Lawrence Berkeley National Laboratory 1 Cyclotron Rd MS6R2100 Berkeley, CA 94720 mobile 510.206.4418 desk 510.495.2697 beamline 510.495.2134
Toasters mailing list Toasters@www.teaparty.net https://www.teaparty.net/mailman/listinfo/toasters
Yes, both
sibyls2::*> nfs show -vserver als-enable-ds1 -fields v4.0-acl,v4.1-acl vserver v4.0-acl v4.1-acl -------------- -------- -------- als-enable-ds1 enabled enabled
Turns out that I had added an ACL while messing around with NFSv4.0 and it was preventing v4.1 ACLs from working:
sibyls2::*> file-directory show -vserver als-enable-ds1 -path /BL831/ISPYB/ (vserver security file-directory show)
Vserver: als-enable-ds1 File Path: /BL831/ISPYB/ File Inode Number: 64 Security Style: unix Effective Style: unix DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - UNIX User Id: 0 UNIX Group Id: 0 UNIX Mode Bits: 755 UNIX Mode Bits in Text: rwxr-xr-x ACLs: NFSV4 Security Descriptor Control:0x8014 DACL - ACEs ALLOW-S-1-8-1000-0x1601ff-DI ALLOW-OWNER@-0x1601ff ALLOW-GROUP@-0x1200a9-IG ALLOW-EVERYONE@-0x1200a9
Vserver: als-enable-ds1 (internal ID: 4)
Error: Lookup CIFS/NFSV4 account SID and translate to corresponding unix name procedure failed [ 0 ms] Unix User ID found in Name Service Negative Cache **[ 0] FAILURE: Unable to retrieve UNIX username for UID 1000 [ 0] Could not translate NFSv4 SID 'S-1-8-1000' [ 0] Could not find Windows SID 'S-1-8-1000' [ 0] SID lookup failed
I wasn’t sure how to clear this ACL from the filer command line so I just deleted the volume, created a new vol, and now nfs4_getfacl and setfacl are working as expected.
Thanks to Scott Gelb for the insight to use the "file-directory" show command.
Scott
On Jun 5, 2020, at 2:06 PM, tmac tmacmd@gmail.com wrote:
Did you enable nfs-v4.1-acls? https://docs.netapp.com/ontap-9/topic/com.netapp.doc.cdot-famg-nfs/GUID-ECC9... https://docs.netapp.com/ontap-9/topic/com.netapp.doc.cdot-famg-nfs/GUID-ECC9CC2F-9D07-4FAB-8E7B-E8A9B0C456BE.html
--tmac
Tim McCarthy, Principal Consultant Proud Member of the #NetAppATeam https://twitter.com/NetAppATeam
On Fri, Jun 5, 2020 at 4:18 PM Scott Classen <sclassen@lbl.gov mailto:sclassen@lbl.gov> wrote: Hello fellow toasters,
I’m deep into the NFSv4 wormhole and flailing miserably. Any help or advice would be greatly appreciated.
I am exporting an NFSv4.1 volume from our filer (9.6P6). I can mount the volume on a CentOS7 client. I can make directories as root and chown them to a user in our LDAP directory. I can see the ACL with nfs4_getfacl, but I cannot set/edit the ACLs with nfs4_setfacl.
I’ve read both of Justin Parisi’s TRs (TR-4835 - How to Configure LDAP in ONTAP, TR-4067 NFS Best Practice and Implementation Guide) so I think I’ve done everything correctly.
I’ve configured both the NetApp and the client to talk to the same OpenLDAP server. Here are some relevant diagnostics:
# on the client:
[root@als-enable ~]# nfsstat -m /als/BL-831/data from ae10g-1:/BL831/ISPYB Flags: rw,relatime,vers=4.1,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.40.38,local_lock=none,addr=192.168.40.100
[root@als-enable ~]# nfs4_getfacl /als/BL-831/data/TEST/ # file: /als/BL-831/data/TEST/ A:d:nobody:rwaDxtTnNcCy A::OWNER@:rwaDxtTnNcCy A:g:GROUP@:rxtncy A::EVERYONE@:rxtncy
[root@als-enable ~]# nfs4_setfacl -a A::classen@als-enable.bl1231.als.lbl.gov mailto:classen@als-enable.bl1231.als.lbl.gov:rwaDxtTnNcCy /als/BL-831/data/TEST Failed setxattr operation: Invalid argument
[root@als-enable ~]# nfs4_setfacl -a A::classen@ALS-ENABLE.BL1231.ALS.LBL.GOV mailto:classen@ALS-ENABLE.BL1231.ALS.LBL.GOV:rwaDxtTnNcCy /als/BL-831/data/TEST Failed setxattr operation: Invalid argument
I think nfsid mapping is working.
[root@als-enable ~]# nfsidmap -l 4 .id_resolver keys found: gid:root@als-enable.bl1231.als.lbl.gov mailto:root@als-enable.bl1231.als.lbl.gov uid:root@als-enable.bl1231.als.lbl.gov mailto:root@als-enable.bl1231.als.lbl.gov gid:staff@als-enable.bl1231.als.lbl.gov mailto:staff@als-enable.bl1231.als.lbl.gov uid:classen@als-enable.bl1231.als.lbl.gov mailto:classen@als-enable.bl1231.als.lbl.gov
on the filer:
sibyls2::*> vserver nfs show -vserver als-enable-ds1 -fields v4.1-acl,v4-id-domain,v4.0-acl vserver v4.0-acl v4-id-domain v4.1-acl
als-enable-ds1 enabled als-enable.bl1231.als.lbl.gov http://als-enable.bl1231.als.lbl.gov/ enabled
sibyls2::*> vserver services name-service ns-switch show -vserver als-enable-ds1 Source Vserver Database Order
als-enable-ds1 hosts files, dns als-enable-ds1 group files, ldap als-enable-ds1 passwd files, ldap als-enable-ds1 netgroup files als-enable-ds1 namemap files, ldap
sibyls2::*> vserver services name-service ldap client show -client-config ae-ldap
Vserver: als-enable-ds1 Client Configuration Name: ae-ldap LDAP Server List: 192.168.40.38 (DEPRECATED)-LDAP Server List: - Active Directory Domain: - Preferred Active Directory Servers: -Bind Using the Vserver's CIFS Credentials: false Schema Template: RFC-2307 LDAP Server Port: 389 Query Timeout (sec): 3 Minimum Bind Authentication Level: anonymous Bind DN (User): cn=ldapadmin,dc=als-enable,dc=als,dc=lbl,dc=gov Base DN: dc=als-enable,dc=als,dc=lbl,dc=gov Base Search Scope: subtree User DN: - User Search Scope: subtree Group DN: - Group Search Scope: subtree Netgroup DN: - Netgroup Search Scope: subtree Vserver Owns Configuration: true Use start-tls Over LDAP Connections: true Enable Netgroup-By-Host Lookup: false Netgroup-By-Host DN: - Netgroup-By-Host Scope: subtree Client Session Security: none LDAP Referral Chasing: false Group Membership Filter:
Scott Classen, Ph.D. ALS-ENABLE TomAlberTron Beamline 8.3.1 SIBYLS Beamline 12.3.1 Advanced Light Source Lawrence Berkeley National Laboratory 1 Cyclotron Rd MS6R2100 Berkeley, CA 94720 mobile 510.206.4418 desk 510.495.2697 beamline 510.495.2134
Toasters mailing list Toasters@www.teaparty.net mailto:Toasters@www.teaparty.net https://www.teaparty.net/mailman/listinfo/toasters https://www.teaparty.net/mailman/listinfo/toasters
What you likely saw was this:
* Extended GIDs was enabled (auth-sys-extended-groups) * V4-numeric-ids enabled * UID 1000 doesn’t exist in name services (local files or LDAP)
When you have auth-sys-extended-groups enabled with ID numerics, ONTAP will attempt to map the numeric ID to a name to resolve groups. If that numeric doesn’t exist, you get the error you saw.
I wrote up a section in the new TR-4067 update that is currently being reviewed.
See below:
Considerations for Numeric ID Authentication (NFSv3 and NFSv4.x)
NFSv3 using AUTH_SYS sends numeric ID information for users and groups to perform user authentication to NFS mounts for permission resolution.
NFSv4.x with ONTAP has a feature that allows NFSv4.x mounts to leverage numeric ID strings instead of name strings, which allows NFSv4.x operations without needing centralized name services, matching names/numeric IDs on client/server, matching ID domains, etc. (-v4-numeric-ids)
Enabling the -auth-sys-extended-groups option will cause numeric ID authentication to fail if the UNIX user numeric ID can’t be translated into a valid UNIX user name in name services. This will counteract the -v4-numeric-ids option, as ONTAP will need to query the incoming numeric user ID to search for any auxiliary groups for authentication. If the incoming numeric ID cannot be resolved to a valid UNIX user or the client’s UNIX numeric UID is different than the numeric UID ONTAP knows about, then the lookup will fail with secd.authsys.lookup.failed in the event log and ONTAP will respond to the client with the AUTH_ERROR “client must begin a new session,” which will appear as “Permission denied.”
To use both options, use the following guidance:
· If you require users and groups that either can not be queried from both NFS client and server or have mismatched numeric IDs, you can leverage NFS Kerberos and NFSv4.x ACLs to provide proper authentication with NFSv4.x, as clients will send name strings instead of numeric IDs.
· If you are using -auth-sys-extended-groups with AUTH_SYS and without NFSv4.x ACLs, any user that requires access via NFS will require a valid UNIX user in the name service database specified in ns-switch (can also be a local user).
From: Toasters toasters-bounces@www.teaparty.net On Behalf Of Scott Classen Sent: Friday, June 5, 2020 5:30 PM To: tmac tmacmd@gmail.com Cc: Toasters toasters@teaparty.net Subject: Re: nfs4_setfacl - Failed setxattr operation: Invalid argument
NetApp Security WARNING: This is an external email. Do not click links or open attachments unless you recognize the sender and know the content is safe.
Yes, both
sibyls2::*> nfs show -vserver als-enable-ds1 -fields v4.0-acl,v4.1-acl vserver v4.0-acl v4.1-acl -------------- -------- -------- als-enable-ds1 enabled enabled
Turns out that I had added an ACL while messing around with NFSv4.0 and it was preventing v4.1 ACLs from working:
sibyls2::*> file-directory show -vserver als-enable-ds1 -path /BL831/ISPYB/ (vserver security file-directory show)
Vserver: als-enable-ds1 File Path: /BL831/ISPYB/ File Inode Number: 64 Security Style: unix Effective Style: unix DOS Attributes: 10 DOS Attributes in Text: ----D--- Expanded Dos Attributes: - UNIX User Id: 0 UNIX Group Id: 0 UNIX Mode Bits: 755 UNIX Mode Bits in Text: rwxr-xr-x ACLs: NFSV4 Security Descriptor Control:0x8014 DACL - ACEs ALLOW-S-1-8-1000-0x1601ff-DI ALLOW-OWNER@-0x1601ff ALLOW-GROUP@-0x1200a9-IG ALLOW-EVERYONE@-0x1200a9
Vserver: als-enable-ds1 (internal ID: 4)
Error: Lookup CIFS/NFSV4 account SID and translate to corresponding unix name procedure failed [ 0 ms] Unix User ID found in Name Service Negative Cache **[ 0] FAILURE: Unable to retrieve UNIX username for UID 1000 [ 0] Could not translate NFSv4 SID 'S-1-8-1000' [ 0] Could not find Windows SID 'S-1-8-1000' [ 0] SID lookup failed
I wasn’t sure how to clear this ACL from the filer command line so I just deleted the volume, created a new vol, and now nfs4_getfacl and setfacl are working as expected.
Thanks to Scott Gelb for the insight to use the "file-directory" show command.
Scott
On Jun 5, 2020, at 2:06 PM, tmac <tmacmd@gmail.commailto:tmacmd@gmail.com> wrote:
Did you enable nfs-v4.1-acls? https://docs.netapp.com/ontap-9/topic/com.netapp.doc.cdot-famg-nfs/GUID-ECC9...
--tmac
Tim McCarthy, Principal Consultant Proud Member of the #NetAppATeamhttps://twitter.com/NetAppATeam
On Fri, Jun 5, 2020 at 4:18 PM Scott Classen <sclassen@lbl.govmailto:sclassen@lbl.gov> wrote: Hello fellow toasters,
I’m deep into the NFSv4 wormhole and flailing miserably. Any help or advice would be greatly appreciated.
I am exporting an NFSv4.1 volume from our filer (9.6P6). I can mount the volume on a CentOS7 client. I can make directories as root and chown them to a user in our LDAP directory. I can see the ACL with nfs4_getfacl, but I cannot set/edit the ACLs with nfs4_setfacl.
I’ve read both of Justin Parisi’s TRs (TR-4835 - How to Configure LDAP in ONTAP, TR-4067 NFS Best Practice and Implementation Guide) so I think I’ve done everything correctly.
I’ve configured both the NetApp and the client to talk to the same OpenLDAP server. Here are some relevant diagnostics:
# on the client:
[root@als-enable ~]# nfsstat -m /als/BL-831/data from ae10g-1:/BL831/ISPYB Flags: rw,relatime,vers=4.1,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,timeo=600,retrans=2,sec=sys,clientaddr=192.168.40.38,local_lock=none,addr=192.168.40.100
[root@als-enable ~]# nfs4_getfacl /als/BL-831/data/TEST/ # file: /als/BL-831/data/TEST/ A:d:nobody:rwaDxtTnNcCy A::OWNER@:rwaDxtTnNcCy A:g:GROUP@:rxtncy A::EVERYONE@:rxtncy
[root@als-enable ~]# nfs4_setfacl -a A::classen@als-enable.bl1231.als.lbl.govmailto:classen@als-enable.bl1231.als.lbl.gov:rwaDxtTnNcCy /als/BL-831/data/TEST Failed setxattr operation: Invalid argument
[root@als-enable ~]# nfs4_setfacl -a A::classen@ALS-ENABLE.BL1231.ALS.LBL.GOVmailto:classen@ALS-ENABLE.BL1231.ALS.LBL.GOV:rwaDxtTnNcCy /als/BL-831/data/TEST Failed setxattr operation: Invalid argument
I think nfsid mapping is working.
[root@als-enable ~]# nfsidmap -l 4 .id_resolver keys found: gid:root@als-enable.bl1231.als.lbl.govmailto:root@als-enable.bl1231.als.lbl.gov uid:root@als-enable.bl1231.als.lbl.govmailto:root@als-enable.bl1231.als.lbl.gov gid:staff@als-enable.bl1231.als.lbl.govmailto:staff@als-enable.bl1231.als.lbl.gov uid:classen@als-enable.bl1231.als.lbl.govmailto:classen@als-enable.bl1231.als.lbl.gov
on the filer:
sibyls2::*> vserver nfs show -vserver als-enable-ds1 -fields v4.1-acl,v4-id-domain,v4.0-acl vserver v4.0-acl v4-id-domain v4.1-acl -------------- -------- ----------------------------- -------- als-enable-ds1 enabled als-enable.bl1231.als.lbl.govhttp://als-enable.bl1231.als.lbl.gov/ enabled
sibyls2::*> vserver services name-service ns-switch show -vserver als-enable-ds1 Source Vserver Database Order --------------- ------------ --------- als-enable-ds1 hosts files, dns als-enable-ds1 group files, ldap als-enable-ds1 passwd files, ldap als-enable-ds1 netgroup files als-enable-ds1 namemap files, ldap
sibyls2::*> vserver services name-service ldap client show -client-config ae-ldap
Vserver: als-enable-ds1 Client Configuration Name: ae-ldap LDAP Server List: 192.168.40.38 (DEPRECATED)-LDAP Server List: - Active Directory Domain: - Preferred Active Directory Servers: - Bind Using the Vserver's CIFS Credentials: false Schema Template: RFC-2307 LDAP Server Port: 389 Query Timeout (sec): 3 Minimum Bind Authentication Level: anonymous Bind DN (User): cn=ldapadmin,dc=als-enable,dc=als,dc=lbl,dc=gov Base DN: dc=als-enable,dc=als,dc=lbl,dc=gov Base Search Scope: subtree User DN: - User Search Scope: subtree Group DN: - Group Search Scope: subtree Netgroup DN: - Netgroup Search Scope: subtree Vserver Owns Configuration: true Use start-tls Over LDAP Connections: true Enable Netgroup-By-Host Lookup: false Netgroup-By-Host DN: - Netgroup-By-Host Scope: subtree Client Session Security: none LDAP Referral Chasing: false Group Membership Filter:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scott Classen, Ph.D. ALS-ENABLE TomAlberTron Beamline 8.3.1 SIBYLS Beamline 12.3.1 Advanced Light Source Lawrence Berkeley National Laboratory 1 Cyclotron Rd MS6R2100 Berkeley, CA 94720 mobile 510.206.4418 desk 510.495.2697 beamline 510.495.2134 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
_______________________________________________ Toasters mailing list Toasters@www.teaparty.netmailto:Toasters@www.teaparty.net https://www.teaparty.net/mailman/listinfo/toasters
-
Parisi, Justin -
Scott Classen -
tmac