----- "Tim Cutts" <[EMAIL PROTECTED]> wrote: > If you just want to authenticate against AD, you don't need anything > commercial at all. You can just configure PAM on your Linux boxes to > authenticate against AD, and configure your nsswitch.conf to obtain > its information from AD's LDAP service.
We were trying to do that for one of our members, but were told by the AD admins that we could only use the users credentials to bind to the AD server for queries as they were using lockouts on failed password attempts and so would not provide a "system" style account for queries as locking that out would stop all users from accessing the cluster. It was implied that they couldn't disable lockouts for this particular user. One of our folks tried to get this config to work and failed, so we're now going to a fallback strategy of having our own pukka LDAP server and a web frontend that will authenticate a user correctly against their AD and then let them create a POSIX LDAP account in ours. Suboptimal of course, but we've wasted enough time already banging our heads on this. :-( cheers, Chris -- Christopher Samuel - (03) 9925 4751 - Systems Manager The Victorian Partnership for Advanced Computing P.O. Box 201, Carlton South, VIC 3053, Australia VPAC is a not-for-profit Registered Research Agency _______________________________________________ Beowulf mailing list, [email protected] To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
