IN THIS ARTICLE
- Outlines the required values for AD RFC2307 for Multi-Mode permissions management.
- Cluster running Qumulo Core
- Using Microsoft Active Directory
In order to best manage permissions settings between Active Directory bound SMB and NFS clients writing to the same Qumulo hosted file shares, the following RFC2307 values need to present at each involved User Account and User Group that is managed via Microsoft Active Directory:
gidNumber: determines the User's primary GID)
loginShell: /bin/bash for example
unixHomeDirectory: path in Linux (/home/username for example)
Any Group that have User Accounts as Members who are expected to write to NFS accessible directories (Even if over SMB) should also have the following attribute set:
If you do not have Microsoft Identity Management for Unix and the NIS Server Role enabled (IDMU/NIS) in your Domain, you can reach the required attributes via each User and Group's Attribute Editor control panel in Active Directory's Users and Computer control panel (ADUC):
Should you require to change or populate the attributes of a large number of User Accounts, Microsoft provides a number of Powershell methods to accomplish this. Please refer to the Microsoft article under Additional Resources as a starting point.
You should now be able to successfully configure the required AD RFC2307 values for multi-mode permissions.
Like what you see? Share this article with your network!