[Samba] id mapping
Patrick Goetz
pgoetz at math.utexas.edu
Fri Sep 24 16:11:46 UTC 2021
On 9/24/21 01:50, Rowland Penny via samba wrote:
>
>
> Never used Warewulf, can it work with AD ?
>
Warewulf is a framework / collection of tools for managing a compute
cluster and lives on top of the OS, so yes; it doesn't care how
authentication/authorization happen on the SMS (master node), but by
default it updates the compute nodes' user credentials from the SMS text
files in /etc (/etc/passwd and friends), so one would just need to not
use those utilities and write a custom script for this instead; e.g.
most basic use case:
restrict access to the AD-bound SMS via an AD security group(s),and
then periodically (say twice a day) run a script which retrieves all
userNames from the security group, assemble a fake /etc/passed file on
the fly using the userName, UID, and boilerplate (/etc/shadow doesn't
matter; any old thing will do), and then push these files out to the
nodes. Should work perfectly. And of course groups could be handled the
same way.
This issue came up on the OpenHPC list, as particularly for those admins
who manage clusters accessed by students, not being able to use a
directory for authentication is a huge hassle. It's thanks to your help
with this that I figured out how to actually implement this, so thanks!
Will share with the OpenHPC admins who were wondering how to do this.
More information about the samba
mailing list