'[Rocks-Discuss] Re: authenticate 389-ds to Rocks 6.2'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       npaci-rocks-discussion
Subject:    [Rocks-Discuss] Re: authenticate 389-ds to Rocks 6.2
From:       Mike Hallock <mhallock () illinois ! edu>
Date:       2017-07-24 17:06:06
Message-ID: 597628FE.40904 () illinois ! edu
[Download RAW message or body]

Hello,

I'm not using 389, but I do have clusters that authenticate against an 
openldap service.

In extend-compute.xml, include a package tag for nss-pam-ldapd.  It 
should pull in nscd.  Openldap-clients are optional but helpful to debug.

In the post section, you can call authconfig to set up ldap 
authentication for you.  I have the following:

         authconfig --disablecache  --enableldap --enableldapauth \
                 --ldapserver <ldap server fqdn> \
                 --ldapbasedn <base DN> \
                 --update

I then follow it up with a handful of sed calls to rewrite parts of 
/etc/pam_ldap.conf and /etc/nslcd.conf because authconfig only gets me 
part of the way there, authconfig in EL6 seems to assume you'll do 
STARTTLS, and I am using port 636 only, and I didn't find a way to get 
it to write in a bind dn/password either.

It is hazy now, but I remember when I moved from EL5 to EL6 that I 
stopped using nscd, hence the --disablecache in authconfig.  I think at 
the time it wasn't playing well with nslcd for me, so I chose to skip 
it.  This was some number of years ago so perhaps it will work now for you.

-mike

On 7/21/17 10:06 AM, Tim Nguyen-Pham wrote:
> Hello,
> 
> 
> 
> I am working on the fresh installation of  Rocks 6.2. Is there a way to
> install these services and running by the default in compute nodes?
> 
> 
> 
> nscd, nssd, pam_ldap, nss-pam-ldapd, and openldap-clients
> 
> 
> 
> Even front end does not come with the default installation. I can't use 411
> to authenticate my 389-ds to compute nodes.
> 
> 
> 
> Thank you,
> 
> 
> 
> -Tim
> 
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: http://lists.sdsc.edu/pipermail/npaci-rocks-discussion/attachments/20170721/3c912622/attachment.html
> 


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic