[prev in list] [next in list] [prev in thread] [next in thread]
List: npaci-rocks-discussion
Subject: [Rocks-Discuss] Re: authenticate 389-ds to Rocks 6.2
From: Mike Hallock <mhallock () illinois ! edu>
Date: 2017-07-24 17:06:06
Message-ID: 597628FE.40904 () illinois ! edu
[Download RAW message or body]
Hello,
I'm not using 389, but I do have clusters that authenticate against an
openldap service.
In extend-compute.xml, include a package tag for nss-pam-ldapd. It
should pull in nscd. Openldap-clients are optional but helpful to debug.
In the post section, you can call authconfig to set up ldap
authentication for you. I have the following:
authconfig --disablecache --enableldap --enableldapauth \
--ldapserver <ldap server fqdn> \
--ldapbasedn <base DN> \
--update
I then follow it up with a handful of sed calls to rewrite parts of
/etc/pam_ldap.conf and /etc/nslcd.conf because authconfig only gets me
part of the way there, authconfig in EL6 seems to assume you'll do
STARTTLS, and I am using port 636 only, and I didn't find a way to get
it to write in a bind dn/password either.
It is hazy now, but I remember when I moved from EL5 to EL6 that I
stopped using nscd, hence the --disablecache in authconfig. I think at
the time it wasn't playing well with nslcd for me, so I chose to skip
it. This was some number of years ago so perhaps it will work now for you.
-mike
On 7/21/17 10:06 AM, Tim Nguyen-Pham wrote:
> Hello,
>
>
>
> I am working on the fresh installation of Rocks 6.2. Is there a way to
> install these services and running by the default in compute nodes?
>
>
>
> nscd, nssd, pam_ldap, nss-pam-ldapd, and openldap-clients
>
>
>
> Even front end does not come with the default installation. I can't use 411
> to authenticate my 389-ds to compute nodes.
>
>
>
> Thank you,
>
>
>
> -Tim
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20170721/3c912622/attachment.html
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic