[Beowulf] Linux cluster authenticating against multiple Active Directory domains

[Huw Lynes]

On Thu, 2008-07-31 at 14:34 +1000, Chris Samuel wrote:
> Here's a curly one..
> 
> We are helping a Uni set up a Linux cluster (CentOS 5
> based) and we've found out that they have two separate
> Active Directory instances, one for staff and one for
> students.
> 
> They want the cluster to be able to authenticate against
> both, as users might be on either service.
> 
> They have assured us that we can just their ADSs as
> if they are LDAP servers, which is OK, but it looks
> like Linux doesn't really want to know about using
> multiple LDAP servers except in a failover/round-robin
> situation.
> 

Funnily enough we used to do something similar here. Falling through
from the main campus LDAP (on an e-directory cluster) to the LDAP in
Computer Science.

It required some patches to nss_ldap to make it work properly and the
pam config was a little bit tricky, but it did work. 

I still have that config up and running on some of my older machines so
I can hunt down the config and patches if it would be useful.

Thanks,
Huw

-- 
Huw Lynes                       | Advanced Research Computing
HEC Sysadmin                    | Cardiff University
                                | Redwood Building, 
Tel: +44 (0) 29208 70626        | King Edward VII Avenue, CF10 3NB