[Beowulf] Windows client authentication (was: Re: Active directory with Linux)

Dave Love d.love at liverpool.ac.uk
Mon Oct 27 12:10:31 EDT 2008


"Jon Aquilina" <eagles051387 at gmail.com> writes:

> my question though is what is the best way in the linux world to get windows
> machines to join a linux domain which is being hosted by bind

I don't understand the question, but it sounds off-topic unless you have
a heterogeneous cluster.

As I understand it, `joining a domain' is basically sharing an
authentication token -- a Kerberos key in the case of AD.  (It probably
also involves ceding control of the client system to the `domain
controller', à la what Centrify & al will do if you're not careful.)
The `domain' in the AD case is basically a Kerberos realm.  Realms
aren't intrinsically related to DNS, though typically a site's realm is
named after its domain; it's just that AD unfortunately conflates them,
amongst other things.

If you have the misfortune to have nodes running MS Windows and want
them to authenticate to a normal Kerberos realm, see e.g.
<URL:http://www.h5l.org/manual/heimdal-1-1-branch/info/heimdal.html
#Configuring-Windows-2000-to-use-a-Heimdal-KDC>, though I've not done
that in a cluster.  For ultimate control on clients, you can use the
PAM-like system (in MS Windows XP, at least) called GINA.

_______________________________________________
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf



More information about the Beowulf mailing list