[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Condor-users] Architechture suggestions for large Condor pool
- Date: Thu, 10 Feb 2005 09:25:05 +1100
- From: paul.chubb@xxxxxxxxxx
- Subject: RE: [Condor-users] Architechture suggestions for large Condor pool
the issue I had was not the linux to AD - although that is
interesting - but windows to AD. In our initial work we tried hard to make
it work and found some issues with the implementation:
1) user based authentication didn't support wild cards fully
2) user based authentication didn't support spaces
3) condor service account had to be an administrator but also a part of the
In the end we stepped back to using host based authentication and are
eagerly waiting support for kerberos in windows that has been RSN for a
Why should one ask everyone to reach one's own exalted heights and esoteric
grounds instead of bending down to the poor prune's level and showing him
the right way up in a reasonable way? He has but to travel up slowly. And
not all may reach all the way up. --Quasi
<Craig.Miskell@agrese To: "Condor-Users Mail List" <condor-users@xxxxxxxxxxx>
arch.co.nz> cc: (bcc: Paul Chubb/Staff/ABS)
Sent by: Subject: RE: [Condor-users] Architechture suggestions for large Condor pool
10/02/2005 06:21 AM
Please respond to
> On Wed, 9 Feb 2005 09:05:59 +1100, paul.chubb@xxxxxxxxxx
> <paul.chubb@xxxxxxxxxx> wrote:
> > Dan,
> > that is big. Have you seen the ppt from condor uk week:
> > http://www.nesc.ac.uk/talks/438/12th/deploying_large_pools.ppt
> Interestingly I saw that this was on the agenda for that week but
> couldn't find the associated presentation - clearly I wasn't looking
> hard enough. And we are aware that it is a big deployment! I think
> this is half the fun ;)
> > It has some interesting info that may identify hotspots.
> > BTW how are you doing the authentication against AD for the windows
> > machines and linux machines?
> This is what we are investigating at the moment.
I've seen several comments on the list asking about this, so I'll just
chime in here: It's easy ;-). If all you want is authentication (i.e.
you don't care about common UIDs, NFS shares etc), then two magic words:
PAM and Kerberos.
Configure PAM to use Kerberos, and configure Kerberos to use your Domain
Controllers as the KDC(s). Use authconfig on Fedora/RedHat to do this
the "easy" way.
The create an account on linux (useradd -m <username>, where username is
the same as in AD), and you're away.
Like I say, you'll have to manage UIDs manually (if it's important to
you), and you'll have to add the account to every single linux box. The
alternative is Samba with winbindd and other magic. I've never used
that so I can't comment. ;-)
Attention: The information contained in this message and/or attachments
from AgResearch Limited is intended only for the persons or entities
to which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipients is prohibited by AgResearch
Limited. If you have received this message in error, please notify the
Condor-users mailing list
ABS Web Site: www.abs.gov.au