[Beowulf] Linux cluster authenticating against multiple Active Directory domains

[Chris Samuel]

Here's a curly one..

We are helping a Uni set up a Linux cluster (CentOS 5
based) and we've found out that they have two separate
Active Directory instances, one for staff and one for
students.

They want the cluster to be able to authenticate against
both, as users might be on either service.

They have assured us that we can just their ADSs as
if they are LDAP servers, which is OK, but it looks
like Linux doesn't really want to know about using
multiple LDAP servers except in a failover/round-robin
situation.

Our current best guess is to get an LDIF dump of
the users who are to be given access (signified
by an LDAP attribute) and then load those into a
local OpenLDAP or FDS server.

We do have various other wacky ideas about using
Samba 4, but I don't know if that can belong to
multiple AD instances..

Unfortunately our contact at the institute who
knows about their ADS config is tied up for the
moment so we can't pick his brains and I was
wondering if anyone else had run into this sort
of issue and knows if it does have a solution ?

cheers,
Chris
-- 
Christopher Samuel - (03) 9925 4751 - Systems Manager
 The Victorian Partnership for Advanced Computing
 P.O. Box 201, Carlton South, VIC 3053, Australia
VPAC is a not-for-profit Registered Research Agency