Friday, January 13, 2012

likewise & netapp lessons learned

just so that i remember, here're some unsanitized notes.

the environment:
a mess of linux boxes, a group of windows systems and a netapp.  active directory is the backend authentication mechanism.

the end goal:
authenticate linux/macos users to active directory and access home directories on the netapp.

install likewise however you'd like. then...
/opt/likewise/bin/lwconfig --detail AssumeDefaultDomain 
/opt/likewise/bin/lwconfig AssumeDefaultDomain true 
/opt/likewise/bin/lwconfig --show AssumeDefaultDomain 
/opt/likewise/bin/lwconfig LoginShellTemplate /bin/bash

/opt/likewise/bin/lwconfig --show HomeDirTemplate 
/opt/likewise/bin/lwconfig HomeDirPrefix /home 
/opt/likewise/bin/lwconfig HomeDirTemplate %H/%U 
/opt/likewise/bin/lwconfig CreateHomeDir false

in /etc/group:

in /etc/sudoers:
DOMAIN\\domain^admins ALL=(ALL) ALL

netapp must have following:
qtree security /vol/silly_home unix

options cifs.signing.enable off
options cifs.nfs_root_ignore_acl on

passwd must have the uid of the windows user per likewise; e.g.

* check using wcc -a & wcc -u
if not set, then user will be mapped to pcuser and unable to use nfs share.
UNIX uid = 65534

in usermap.cfg have a domain admin mapped as unix root:
DOMAIN\me <= root

nfs export must be long, not truncated; e.g.:
/vol/silly_home  -sec=sys,rw

client machine must mount long nfs export:
netapp:/vol/silly_home /home      nfs         defaults        0 0

problems with cifs?  turn on logging; shows up on the console.
options cifs.trace_login on
OSX 10.7.2 addendum
Since /Users is probably in use by local accounts, it would be best to mount 
the export to the place specified above (in our case /home).
OSX 10.7.2 does not have fstab.  Here's what you do:

Become root.
~ sudo su - root
As root...
# touch /etc/fstab
# vi /etc/fstab
Add the following:
netapp:/vol/silly_home /home      nfs         auto        0 0
# mount -a
Post a Comment