[Beowulf] Active directory with Linux
Chris Samuel
csamuel at vpac.org
Thu Oct 23 16:38:38 PDT 2008
----- "Tim Cutts" <tjrc at sanger.ac.uk> wrote:
> If you just want to authenticate against AD, you don't need anything
> commercial at all. You can just configure PAM on your Linux boxes to
> authenticate against AD, and configure your nsswitch.conf to obtain
> its information from AD's LDAP service.
We were trying to do that for one of our members, but
were told by the AD admins that we could only use the
users credentials to bind to the AD server for queries
as they were using lockouts on failed password attempts
and so would not provide a "system" style account for
queries as locking that out would stop all users from
accessing the cluster. It was implied that they couldn't
disable lockouts for this particular user.
One of our folks tried to get this config to work and
failed, so we're now going to a fallback strategy of
having our own pukka LDAP server and a web frontend that
will authenticate a user correctly against their AD and
then let them create a POSIX LDAP account in ours.
Suboptimal of course, but we've wasted enough time
already banging our heads on this. :-(
cheers,
Chris
--
Christopher Samuel - (03) 9925 4751 - Systems Manager
The Victorian Partnership for Advanced Computing
P.O. Box 201, Carlton South, VIC 3053, Australia
VPAC is a not-for-profit Registered Research Agency
More information about the Beowulf
mailing list