Skylar, I admit my ignorance. What is a program map? Where I work now extensively uses automounter maps for bind mounts. I may well learn something useful here.
On 28 December 2017 at 15:28, Skylar Thompson <skylar.thomp...@gmail.com> wrote: > We are an AD shop, with users, groups, and automounter maps (for a short > while longer at least[1]) in the directory. I think once you get to > around schema level 2003R2 you'll be using RFC2307bis (biggest > difference from RFC2307 is that it supports nested groups) which is > basically what modern Linux distributions will be expecting. I can't > think of any serious problems we've had it with it, though I work on the > UNIX side so for me it really does just look like a LDAP/Krb5 server. > > I'm not a fan of Microsoft in general, but AD is one of the few products > that they've actually gotten right. In particular, the replication just > works --- in the 11 years we've been running AD, I can't think of a > single time our domain servers got out of sync. > > [1] For automounter maps, we're in the process of moving from LDAP to > program maps. Due to some internal complexities, we need to support > multiple definitions for a single mount point, which is easiest to > accomplish with a client-side program map. > > Skylar > > On 12/27/2017 08:41 PM, Robert Taylor wrote: > > Hi cluster gurus. I want to pick the your collective brains. > > Right now, where I work, we have and isilon, and netapp, which we use > > for our small 250core compute cluster. > > > > We have NIS for authentication and automount maps on the cluster side, > > and AD for authentication on the windows side, and LDAP for yet for > > other things to authenticate against. > > The storage is connected to both nis and AD, and does it's best to match > > the two sides up. > > We have had some odd issues with authentication as of late with sources > > getting out of sync, which has brought up the discussion for > > consolidating down to a single source of truth, which would be AD. > > RFC2307 talks about stuffing NIS data into LDAP/AD, and there are > > commercial products such as centrify that can do it. > > > > Does anyone run an entirely AD authentication environment with their > > compute cluster > > authenticating against it and using it for automount maps and such? > > Can you tell me what were your reasons for going that way, and any snags > > that you hit on the way? > > > > We've just started looking at it, so I'm on the beginning of this road. > > > > Any responses is appreciated. > > > > Thanks. > > > > rgt > > > > > > _______________________________________________ > > Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing > > To change your subscription (digest mode or unsubscribe) visit > http://www.beowulf.org/mailman/listinfo/beowulf > > > > _______________________________________________ > Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing > To change your subscription (digest mode or unsubscribe) visit > http://www.beowulf.org/mailman/listinfo/beowulf >
_______________________________________________ Beowulf mailing list, Beowulf@beowulf.org sponsored by Penguin Computing To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
