Cern Week 34

So I have been slacking my blog. I haven't posted anything decent in the last few weeks, mainly due to the fact that I have not been doing much interesting stuff. This week was spent trying to get Linux to authenticate against active directory. There were loads of problems. The biggest was a problem with the certificates. The AD server was load balanced through a round robin dns switch. So the host was dc.cern.ch but the actual dns resolve lead to dc3.cern.ch so the certificate didn't match. This took quite a while till I had made all the changes to have a second host line in the certificates. Further I had some problems with getting the cern ca certificate on all my machines. After some work I found out that the rpm was broken. Brilliant. Then I found out that AD can only return 1024 entries at max what caused another error as getpwent failed. This is due to getpwent requesting all users at once (26000 in AD) returned only 1024. So lots of problems with Linux windows communication, but now it seams to work.

No comments: