Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

CentOS diskless clients authenticate to windows AD

Posted on 2009-04-22
8
Medium Priority
?
572 Views
Last Modified: 2013-12-06
I am working on using diskless clients with CentOS. I have the diskless clients working fine. My next step is to have the clients boot up and authenticate with their host name which is aready in AD.

I have sucessfully built non-diskless client machines using CentOS and joined them to my domain. I used one of these machines to build the diskless image.

My thoughts are that I need to put the correct files/directories into a files.custom file in the snapshot folder.

I'm looking for any thoughts/help on this project.

Randy
0
Comment
Question by:RandyReichert
  • 4
  • 3
7 Comments
 
LVL 81

Expert Comment

by:arnold
ID: 24243956
I think you addressed the complexity in your question.
Does each diskless  client have an NFS mount point where it can store its configuration? i.e. /etc?
Presumably you do not want to configure each diskless client.
0
 
LVL 3

Author Comment

by:RandyReichert
ID: 24244725
Arnold,

Thanks for your reply. I have gotten past the last stumbling block. I just needed to get the right combination of files into the files.custom folder.

To answer your question, yes, each will have it's own mount point. I do understand that there will be some individual customization of files for each client that I want to add.

My next task is to configure the netboot so that hosts are not IP specific.
0
 
LVL 81

Expert Comment

by:arnold
ID: 24245837
netboot uses the MAC address and not the IP.
The issue is with assigning/setting the hostname.  The network can be set by DHCP as long as the hostname is loaded which might be the stumbling block you are addressing.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 3

Author Comment

by:RandyReichert
ID: 24250413
Your sort of correct....

When you create the host using netboot, you have to enter in an IP or IP subnet. A file is created in the /tftpboot/linux-install/pxelinux.cfg folder that is given the name of the IP or subnet you enter in hex. When you boot up the client, the first request it makes to find that file is with the MAC address and then it looks for the full IP in hex and keeps going, reducing each request by a subnet, until it gets a match.

I can rename the file to the MAC address, so as to eliminate the IP requirement. Then the entry dissappears in the netboot software....not really a big deal.

I will now create a snapshot folder for each host and set the name inside of there.

Your right, I could do it by DHCP, however our DHCP is being done by the Cisco router, and I don't want to put any requirements on it to handle that.

Make any sense? Lol!
0
 
LVL 81

Accepted Solution

by:
arnold earned 2000 total points
ID: 24250565
Do you have a reserved block on the segment that the DHCP server does not allocate?
The cisco is configured to relay the bootp requests to the netboot server, right?
Not sure whether it is an option, but you could through netboot assigned the IP to be used on the diskless client.

Or add a process that maintains the rarp map MAC to IP.
using symbolic links.
I.e. periodically run through the directory where the files are stored. get the IP based file list. ping the destination and check the ARP table associated with the IP.
Then create the link to the mac addressed based file and the IP.
0
 
LVL 3

Author Comment

by:RandyReichert
ID: 24250685
I'm not able to do it through netboot as the IP has already been assigned by DHCP by the time the pxe process starts.

Basically my requirement was to have the diskless clients boot up and maintain a separate host name that is already in active directory, without the use of a static IP. This would then allow the user to log in using their AD username and password.

The stumbling block after that was to figure out a way to do this without using a pre assigned IP by netboot. I have accomplished this by renaming the file to the MAC address, thus always retaining the same snapshot and in conjunction, the same hostname. Obviously, the downfall is that if a system is replaced, the file must be updated with the correct MAC address.

Your last suggestion using the rarp map MAC to IP I do believe would work.

I am going to close this out and award points as you have been helpful and given me some new areas to explore with this project.

Thanks for your help Arnold.
0
 
LVL 3

Author Closing Comment

by:RandyReichert
ID: 31573371
Thanks again.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month12 days, 14 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question