[Rocks] [Rocks-Discuss] username and passwords from a windows domain server
1 view
Skip to first unread message
Steve Swanekamp (L3-Titan Contractor)
May 21, 2010, 5:09:08 PM5/21/10
to npaci-rocks...@sdsc.edu
My cluster is accessed by many people from windows boxes and I have modified contents of the /etc/pam.d directory so that the main node gets it username and passwords from the windows domain server. This also allows for a relatively smooth samba configuration. However, when I do this, the compute nodes in my cluster are not able to resolve the passwords because they are on a private network. The result is that when I try to ssh to the compute nodes it asks for a password which it can not find because they do not exist in the normal linux place. Can anyone suggest a workaround?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20100521/dcf8e819/attachment.html
--
You received this message because you are subscribed to the Google Groups "Rocks Clusters" group.
To post to this group, send email to rocks-c...@googlegroups.com.
To unsubscribe from this group, send email to rocks-cluster...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rocks-clusters?hl=en.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20100521/dcf8e819/attachment.html
--
You received this message because you are subscribed to the Google Groups "Rocks Clusters" group.
To post to this group, send email to rocks-c...@googlegroups.com.
To unsubscribe from this group, send email to rocks-cluster...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rocks-clusters?hl=en.
Alain Péan
May 22, 2010, 4:31:55 PM5/22/10
to Discussion of Rocks Clusters
Hi Steve,
Steve Swanekamp (L3-Titan Contractor) a écrit :
to authenticate users on my Rocks cluster (I use local accounts copied
from NIS), but I did configure AD authentication with kerberos and LDAP
on some other CentOS workstations. I hope I can give some hints.
First, you should see this Wiki entry, that uses winbind (I don't use
this method) :
https://wiki.rocksclusters.org/wiki/index.php/Configuring_Windows_AD_Authentication
You should know that authentication files (passwd, shadow etc...) are
distributed by 411 service on the nodes (something more or less similar
to NIS). Second, frontend acts as a NAT gateway, so the nodes see the
external network, and for example your AD servers, so they should be
able to authenticate against AD servers (once they are in the windows
domain ...).
One other simple thing I would try in this case would be :
# getent passwd | grep my_user >> /etc/passwd
# passwd my_user (if you know the AD passwd)
- Create the user home directory in /export/home
- add user to /etc/auto.home :
my_user my_cluster.local:/export/home/my_user
- Synchronize with 411 :
# rocks sync users
Good luck !
Alain
Steve Swanekamp (L3-Titan Contractor) a écrit :
> My cluster is accessed by many people from windows boxes and I have modified contents of the /etc/pam.d directory so that the main node gets it username and passwords from the windows domain server. This also allows for a relatively smooth samba configuration. However, when I do this, the compute nodes in my cluster are not able to resolve the passwords because they are on a private network. The result is that when I try to ssh to the compute nodes it asks for a password which it can not find because they do not exist in the normal linux place. Can anyone suggest a workaround?
>
I see that nobody still answered your question. I do not myself use AD
>
to authenticate users on my Rocks cluster (I use local accounts copied
from NIS), but I did configure AD authentication with kerberos and LDAP
on some other CentOS workstations. I hope I can give some hints.
First, you should see this Wiki entry, that uses winbind (I don't use
this method) :
https://wiki.rocksclusters.org/wiki/index.php/Configuring_Windows_AD_Authentication
You should know that authentication files (passwd, shadow etc...) are
distributed by 411 service on the nodes (something more or less similar
to NIS). Second, frontend acts as a NAT gateway, so the nodes see the
external network, and for example your AD servers, so they should be
able to authenticate against AD servers (once they are in the windows
domain ...).
One other simple thing I would try in this case would be :
# getent passwd | grep my_user >> /etc/passwd
# passwd my_user (if you know the AD passwd)
- Create the user home directory in /export/home
- add user to /etc/auto.home :
my_user my_cluster.local:/export/home/my_user
- Synchronize with 411 :
# rocks sync users
Good luck !
Alain
Reply all
Reply to author
Forward
0 new messages