[Samba] id mapping

Patrick Goetz pgoetz at math.utexas.edu
Fri Sep 24 16:11:46 UTC 2021

On 9/24/21 01:50, Rowland Penny via samba wrote:
> Never used Warewulf, can it work with AD ?

Warewulf is a framework / collection of tools for managing a compute 
cluster and lives on top of the OS, so yes; it doesn't care how 
authentication/authorization happen on the SMS (master node), but by 
default it updates the compute nodes' user credentials from the SMS text 
files in /etc (/etc/passwd and friends), so one would just need to not 
use those utilities and write a custom script for this instead; e.g. 
most basic use case:
  restrict access to the AD-bound SMS via an AD security group(s),and 
then periodically (say twice a day) run a script which retrieves all 
userNames from the security group, assemble a fake /etc/passed file on 
the fly using the userName, UID, and boilerplate (/etc/shadow doesn't 
matter; any old thing will do), and then push these files out to the 
nodes. Should work perfectly. And of course groups could be handled the 
same way.

This issue came up on the OpenHPC list, as particularly for those admins 
who manage clusters accessed by students, not being able to use a 
directory for authentication is a huge hassle. It's thanks to your help 
with this that I figured out how to actually implement this, so thanks!

Will share with the OpenHPC admins who were wondering how to do this.

More information about the samba mailing list