AnsweredAssumed Answered

Volume ACEs for SSSD authenticated user seems to not work

Question asked by reedv on Mar 12, 2018
Latest reply on Mar 13, 2018 by deborah

I have SSSD installed on all nodes in cluster to interface with an Active Directory (AD) server for authentication, yet when setting volume ACEs via the MCS to allow a group that (does not exists in the local /etc/passwd files of the nodes, but does) exist in the AD server that SSSD interfaces with, members of that groups are getting permission denied errors when trying to then access that volume.


I can confirm that SSSD is working by switching to an AD account via

$ su <AD user>


$ id

uid=10000(testmapr) gid=10000(testmapr) groups=10000(testmapr)

Yet when doing something like 

$ ls /path/to/volume/with/set/ACEs/

ls: cannot open directory /path/to/volume/with/set/ACEs/: Permission denied

I get permission errors even though the ACEs in the MCS look like:

Read Permission    g:mapr | g:testmapr
Write Permission    g:mapr | g:testmapr
I feel there is a step that I am missing here. Does anyone know what is going on with this? Thanks.