Ctrl+K

Integrating_Dell_EMC_Unity

Integrating_Dell_EMC_Unity#

HowTo Integrate FreeIPA with NFS share hosted on Dell EMC Unity#

This guide provides the steps that were taken to integrate our FreeIPA instance with our Dell EMC Unity storage appliance. After following this guide your FreeIPA clients will be able to authenticate with Kerberos and seamlessly connect to a NFS share provided by the Dell EMC Unity system.

Assumption#

FreeIPA installation already configured (4.x) CentOS/Fedora/Ubuntu FreeIPA client already configured

FreeIPA Configuration#

This section will describe the parts you will need to perform on your FreeIPA server for the integration.

  1. Add Dell EMC Unity host (you can also do this step through the FreeIPA GUI)

    ipa host-add emc-nas-server.example.com --ip-address 10.75.37.2

  2. Add Dell EMC Unit host as a service principal (you can also do this step through the FreeIPA GUI)

    ipa service-add NFS/emc-nas-server.example.com@EXAMPLE.COM

  3. Create a keytab from your IPA server for your newly created service

    ipa-getkeytab -s ipaserver.example.com -p nfs/emc-nas-server.example.com -k /tmp/emc-nas-server.keytab

Dell EMC Unit Configuration#

This section will describe the parts you need to modify on your Dell EMC Unity. These settings were performed on a Dell EMC Unity 300 with UnityOS 4.5.1.0.5.001.

  1. Create a new NAS Server (you can use an existing NAS Server but YMMV)

    1. General - Provide Server Name (name for your NAS server) - emc-nas-server.

    2. Select your Pool

    3. Select your Storage Processor

    4. Enter IP address you provided to FreeIPA (10.75.37.2) in our case

    5. Subnet address (255.255.255.0)

    6. Gateway (10.75.37.1)

  2. Select your Sharing Protocols in this case select “Enable NFSv4”

    1. Select “Configure Secure NFS”

    2. Provide your Host Name: emc-nas-server

    3. Enable “Secure NFS (with Kerberos)”

    4. Specify your REALM name, this is your primary domain. Realm: EXAMPLE.COM

    5. Specify your “SPN:”. Upload the keytab file you generate from your FreeIPA server

  3. Configure Kerberos by selecting “Configure KDC Servers for custom Kerberos realm

    1. Your Realm is your primary domain (e.g. EXAMPLE.COM) - it should be automatically filed in if you are going through the main NAS Servers setup in the Dell EMC NAS Servers creation wizard.

    2. Add your KDC Servers.

      ipaserver.example.com - for our example

  4. For your Unix Directory service Select “LDAP”

    1. If you have your environment setup correctly (DNS/Discovery) you can leaveObtain LDAP servers IPs automatically enabled.

    2. Select Kerberos for your “Authentication”

      1. Realm: EXAMPLE.COM

      2. Principal: “nfs/emc-nas-server.example.com” (exactly as this, the form will take this format)

      3. Password: password you gave from above

      4. Base DN: dc=example,dc=.com -

  5. Enter your domain and your DNS Servers

    1. example.com

    2. add - 10.75.35.66

    3. add - 10.75.35.77

  6. Finish

  7. Go back into the NAS Server configuration and select “Naming services” –> LDAP/NIS

    1. THIS IS KEY TO THIS ENTIRE PROCESS. If you have not changed your Schema click “Retrieve Current Schema” and save and edit it.

      It will look like

      :

nss_base_passwd ou=people,dc=example,dc=com nss_base_group ou=group,dc=example,dc=com nss_base_hosts ou=hosts,dc=example,dc=com nss_base_netgroup ou=netgroup,dc=example,dc=com

##:Change to:

##:

nss_base_passwd cn=users,cn=accounts,dc=example,dc=com
nss_base_group cn=groups,cn=accounts,dc=example,dc=com
nss_base_hosts cn=computers,cn=accounts,dc=example,dc=com
nss_base_netgroup cn=ng,cn=alt,dc=example,dc=com

  1. Select File Systems from Storage –> File –> File Systems

  2. Add new Protocol Linux/Unix Share (NFS)

  3. Provide Name, FLR, Storage Tier etc.

  4. Select NFS Share (Linux Unix) and provide it a name

  5. Apply any other settings (Snapshots replications, etc.) you need for your environment.

  6. Select NFS Shares from Storage –> File menu.

  7. Select your Share you just created and Edit.

  8. Make note of your Export Paths on the General Tab

  9. Select “Host Access” tab

    1. Select your “Minimum security” you want to allow and default access

    2. Add the hosts that you want to allow to access the NFS Share if you do not provide any Default Access

  10. Apply settings and you are done on the Dell EMC Unity system

CentOS/Ubuntu Configuration#

This section describes what you need to do on your client side to access the NFS share.

Ubuntu#

  1. Run and install

    sudo apt-get install -y nfs-common nfs-kernel-server

  2. Mount the NFS file share

    mount -o sec=krb5 emc-nas-server.example.com:/datastore /mnt

CentOS#

  1. Run and install

    sudo apt-get install -y nfs-utils

  2. Mount the NFS file share

    mount -o sec=krb5 emc-nas-server.example.com:/datastore /mnt

Contents