We recently rebuilt a local cluster using Rocks and required ldap authentication to be enabled. The following is a basic outline on how to accomplish that.
On the frontend node enable LDAP authentication. If you have a specific home directory setting in your user accounts make sure that directory is linked backed to the nfs folder. In our case we use /UBC-O as the home folder. Simply replace /UBC-O with your ldap user home directory path
# ln -s /export/home /UBC-O
# authconfig --enableldap --enableldapauth --enablemkhomedir --enablelocauthorize --ldapserver=ldap.mydomain.com --ldapbasedn=o=mydomain.com --updateall
Next you may need to modify /etc/ldap.conf with additional settings such as nss_base_group or pam_filter. Edit the /etc/ldap.conf file to have the settings you desire and then reboot the frontend to test (we have not configured the compute nodes yet, this is just to test the frontend authentication).
If the test is successful we will now want to configure the compute nodes with the same settings.
# cd /export/rocks/install/site-profiles/5.3/nodes
# cp skeleton.xml extend-compute.xml
Add the following between the
ln -s /home /UBC-O
authconfig --enableldap --enableldapauth --enablelocauthorize --ldapserver=ldap.mydomain.com --ldapbasedn=o=mydomain.com --updateall
Add the following lines to /var/411/Files.mk
FILES += /etc/ldap.conf
FILES += /etc/openldap/ldap.conf
Enable NFS Automounting of the home directory in the compute nodes by adding the following line to /etc/auto.home
Rebuild the distro image and reinstall the compute nodes by running the following
# make -C /var/411 force
# cd /export/rocks/install
# rocks create distro
# ssh-agent $SHELL
# rocks run host compute '/boot/kickstart/cluster-kickstart-pxe'
- SARAHS Cluster Rebuild
- Document Management via Teaming