[Beowulf] Linux cluster authenticating against multiple Active Directory domains

[Joe Landman]

If you don't mind using commercial tools, have a look at Centrify.  Also 
Centeris might work for this.

Chris Samuel wrote:
> Here's a curly one..
> 
> We are helping a Uni set up a Linux cluster (CentOS 5
> based) and we've found out that they have two separate
> Active Directory instances, one for staff and one for
> students.
> 
> They want the cluster to be able to authenticate against
> both, as users might be on either service.
> 
> They have assured us that we can just their ADSs as
> if they are LDAP servers, which is OK, but it looks
> like Linux doesn't really want to know about using
> multiple LDAP servers except in a failover/round-robin
> situation.
> 
> Our current best guess is to get an LDIF dump of
> the users who are to be given access (signified
> by an LDAP attribute) and then load those into a
> local OpenLDAP or FDS server.
> 
> We do have various other wacky ideas about using
> Samba 4, but I don't know if that can belong to
> multiple AD instances..
> 
> Unfortunately our contact at the institute who
> knows about their ADS config is tied up for the
> moment so we can't pick his brains and I was
> wondering if anyone else had run into this sort
> of issue and knows if it does have a solution ?
> 
> cheers,
> Chris

-- 
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics LLC,
email: landman at scalableinformatics.com
web  : http://www.scalableinformatics.com
phone: +1 734 786 8423
fax  : +1 734 786 8452
cell : +1 734 612 4615