Re: Question about Manila CIFS share (DHSS=True): Is Security Service mandatory?

JohnPark

Hi Team,

I’d like to confirm a requirement related to OpenStack Manila CIFS shares.

When using DHSS=True, is the creation of a Security Service (e.g., Active Directory/LDAP/Kerberos) mandatory for CIFS share provisioning? If it is required, is this mandate defined by OpenStack Manila generally, or is it specific to the NetApp Manila driver?

Any clarification or documentation references would be greatly appreciated. 😊

Thank you!

chamfer

Hi @JohnPark ,

NetApp documentation reads "When creating a CIFS share, the user will need to create a Security Service with any of the 3 options (LDAP, Active Directory or Kerberos) and then add this Security Service to the already created Share Network."

OpenStack documentation reads "For authentication and authorization of clients, the Shared File Systems Storage service can optionally be configured with different network authentication protocols. Supported authentication protocols are LDAP, Kerberos, and Microsoft Active directory authentication service."

My thoughts are that the NetApp Manilla driver requires LDAP, Active Directory or Kerberos. I guess the use case for local users and groups on NetApp is an edge case.

References:

OpenStack Docs: Key Concepts

Security services — Security Guide documentation

JohnPark

Hi Chamfer,

Thank you for the response.

What I would like to know is whether the security service configuration required for creating a CIFS share server is defined by OpenStack Manila or by the NetApp driver.

chamfer

Hi @JohnPark ,

Reading the documentation the NetApp driver is driving the requirement for the security service configuration.

Question about Manila CIFS share (DHSS=True): Is Security Service mandatory?

Introducing GenAI Search on NSS