[Beowulf] Windows client authentication (was: Re: Active directory with Linux)
d.love at liverpool.ac.uk
Mon Oct 27 12:10:31 EDT 2008
"Jon Aquilina" <eagles051387 at gmail.com> writes:
> my question though is what is the best way in the linux world to get windows
> machines to join a linux domain which is being hosted by bind
I don't understand the question, but it sounds off-topic unless you have
a heterogeneous cluster.
As I understand it, `joining a domain' is basically sharing an
authentication token -- a Kerberos key in the case of AD. (It probably
also involves ceding control of the client system to the `domain
controller', à la what Centrify & al will do if you're not careful.)
The `domain' in the AD case is basically a Kerberos realm. Realms
aren't intrinsically related to DNS, though typically a site's realm is
named after its domain; it's just that AD unfortunately conflates them,
amongst other things.
If you have the misfortune to have nodes running MS Windows and want
them to authenticate to a normal Kerberos realm, see e.g.
#Configuring-Windows-2000-to-use-a-Heimdal-KDC>, though I've not done
that in a cluster. For ultimate control on clients, you can use the
PAM-like system (in MS Windows XP, at least) called GINA.
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
More information about the Beowulf