Skip to main content
NetApp Solutions SAP

SAP HANA installation preparations for NFSv4

Contributors

NFS version 4 and higher requires user authentication. This authentication can be accomplished by using a central user management tool such as a Lightweight Directory Access Protocol (LDAP) server or with local user accounts. The following sections describe how to configure local user accounts.

The administration user <sidadm> and the sapsys group must be created manually on the SAP HANA hosts and the storage controllers before the installation of the SAP HANA software begins.

SAP HANA hosts

If it doesn’t exist, the sapsys group must be created on the SAP HANA host. A unique group ID must be chosen that does not conflict with the existing group IDs on the storage controllers.

The user <sidadm> is created on the SAP HANA host. A unique ID must be chosen that does not conflict with existing user IDs on the storage controllers.

For a multiple-host SAP HANA system, the user and group ID must be the same on all SAP HANA hosts. The group and user are created on the other SAP HANA hosts by copying the affected lines in /etc/group and /etc/passwd from the source system to all other SAP HANA hosts.

Note The NFSv4 domain must be set to the same value on all Linux servers (/etc/idmapd.conf) and SVMs. Set the domain parameter “Domain = <domain-name>” in the file /etc/idmapd.conf for the Linux hosts.

Enable and start the NFS IDMAPD service.

systemctl enable nfs-idmapd.service
systemctl start nfs-idmapd.service
Note The latest Linux kernels do not require this step. Warning messages can be safely ignored.

Storage controllers

The user ID and group ID must be the same on the SAP HANA hosts and the storage controllers. The group and user are created by entering the following commands on the storage cluster:

vserver services unix-group create -vserver <vserver> -name <group name> -id <group id>
vserver services unix-user create -vserver <vserver> -user <user name> -id <user-id> -primary-gid <group id>

Additionally, set the group ID of the UNIX user root of the SVM to 0.

vserver services unix-user modify -vserver <vserver> -user root -primary-gid 0