The following sections cover NSS AD coexistence.
Do not install the following service on the same server as NSS AD:
DSfW
Introducing NSS AD into your OES service mix will not cause any conflicts with existing OES services on your network.
The following services and components, which were modified to support NSS AD, are compatible with pre-OES 2015 servers, with important exceptions noted.
Access Control Lists
Backup (SMS)
CIFS
Distributed File Services (DFS)
Dynamic Storage Technology (DST)
OES Cluster Services (NCS)
IMPORTANT:Pre-OES 2015 nodes cannot mount NSS-AD enabled pools and volumes. For more information, see Section 3.6.1, Clustered Node Issue.
NSS (OES Storage Services)
Salvage
To provide NSS AD support in an environment that contains Dynamic Storage Technology (DST), you must do the following:
Ensure that the OES server or the cluster node where the primary and shadow volumes exist, has joined the Active Directory domain as part of the normal NSS AD deployment process.
Ensure that both the primary and the secondary (shadow) volumes are AD-enabled.
The primary and secondary volumes can be of the same type (NSS32 or NSS64) or mixed (NSS32 and NSS64).
The Linux utilities POSIX setxattr and POSIX setattr are enhanced to support DST. Any operation performed on a directory in the Primary volume is replicated on the shadow volumes for these utilities.
For more information on DST, see OES 23.4: Dynamic Storage Technology Administration Guide.
The DFS source and target server are configured with OES 2015 or later with NSS AD support. For AD users to access a DFS junction using the CIFS client, the following is required:
The DFS source and the target server must have joined the AD domain.
The pools and volumes present in DFS source and target server should be media-upgraded and AD-enabled respectively.
AD users must have trustee rights on the files and folders they need to access.
During the NSS AD deployment process, there is, of course, a period of time during which some servers are running NSS AD and some are not.
If the DFS source is NSS AD configured and the target is a pre-OES 2015 server, then for seamless access of data on the pre-OES 2015 server, ensure that both the Active Directory and eDirectory credentials have same usernames and passwords.
When the AD user accesses the pre-OES 2015 server, the CIFS client authenticates with the AD credentials and fails. CIFS then falls back to use eDirectory credentials and the user is able to access the data.