[Beowulf] Windows client authentication (was: Re: Active directory with Linux)

[Dave Love]

"Jon Aquilina" <eagles051387 at gmail.com> writes:

> my question though is what is the best way in the linux world to get windows
> machines to join a linux domain which is being hosted by bind

I don't understand the question, but it sounds off-topic unless you have
a heterogeneous cluster.

As I understand it, `joining a domain' is basically sharing an
authentication token -- a Kerberos key in the case of AD.  (It probably
also involves ceding control of the client system to the `domain
controller', à la what Centrify & al will do if you're not careful.)
The `domain' in the AD case is basically a Kerberos realm.  Realms
aren't intrinsically related to DNS, though typically a site's realm is
named after its domain; it's just that AD unfortunately conflates them,
amongst other things.

If you have the misfortune to have nodes running MS Windows and want
them to authenticate to a normal Kerberos realm, see e.g.
<URL:http://www.h5l.org/manual/heimdal-1-1-branch/info/heimdal.html
#Configuring-Windows-2000-to-use-a-Heimdal-KDC>, though I've not done
that in a cluster.  For ultimate control on clients, you can use the
PAM-like system (in MS Windows XP, at least) called GINA.