User Management in LHCb Gary Moine, CERN 29/08/2015 1.

Slides:

Advertisements

Similar presentations

automated single login access to Novell storage resources

Advertisements

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Setting up of condor scheduler on computing cluster Raman Sehgal NPD-BARC.

What to expect.  Linux  Windows Server (2008 or 2012)

UNIX & W2K A single sign-on solution for a Kerberos V based AFS cell Enrico M.V. Fasanelli & Fulvio Ricciardi I.N.F.N. – Sezione di Lecce.

Network-Attached Storage

Other File Systems: AFS, Napster. 2 Recap NFS: –Server exposes one or more directories Client accesses them by mounting the directories –Stateless server.

Lesson 17 – UNDERSTANDING OTHER NETWARE SERVICES.

Department of Epidemiology & Biostatistics K12 Scholar Presentation: Terminal Server.

Report Distribution Report Distribution in PeopleTools 8.4 Doug Ostler & Eric Knapp 7264.

Chapter 5: Configuring Users and Groups. Windows Vista User Accounts User accounts are the primary means of authentication Built-in Accounts –Administrator:

Copyright © 2014 EMC Corporation. All Rights Reserved. Exporting NFS File Systems to UNIX/ESXi Upon completion of this module, you should be able to: Export.

CT NIKHEF June File server CT system support.

Vincenzo Vagnoni LHCb Real Time Trigger Challenge Meeting CERN, 24 th February 2005.

1 COP 4343 Unix System Administration Unit 16: file server – samba.

© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.

NFS Server Setup NFS SERVER SETUP. Network File Service NFS Server Setup Allows to share Directories between UNIX Systems Daemons: netfs, nfs, nfslock.

Introduction to Active Directory December 10th, pm Daniels 407.

Windows Server MIS 424 Professor Sandvig. Overview Role of servers Performance Requirements Server Hardware Software Windows Server IIS.

Linux Windows Integration Can’t we all just get along?

1 SAMBA. 2 Module - SAMBA ♦ Overview The presence of diverse machines in the network environment is natural. So their interoperability is critical. This.

Working with Workgroups and Domains

1 Chapter Overview Network Operating Systems Network Clients Directory Services.

Windows interoperability with Unix/Linux. Introduction to Active Directory Integration for Unix and Linux Systems Unix/Linux interoperability components.

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Two Deploying Windows Servers.

Lecture – Single Login NIS and Winbind. NIS Network Information Service (NIS) is the traditional directory service on UNIX platforms Still widely used.

CSC 456 Operating Systems Seminar Presentation (11/13/2012) Leon Weingard, Liang Xin The Google File System.

Module 10: Configuring Windows XP Professional to Operate in Microsoft Networks.

Projects. High Performance Computing Projects Design and implement an HPC cluster with one master node and two compute nodes. (Hint: use Rocks HPC Cluster.

27/04/05Sabah Salih Particle Physics Group The School of Physics and Astronomy The University of Manchester

Network Operating Systems versus Operating Systems Computer Networks.

October, Scientific Linux INFN/Trieste B.Gobbo – Compass R.Gomezel - T.Macorini - L.Strizzolo INFN - Trieste.

SUSE Linux Enterprise Desktop Administration Chapter 13 Integrate SUSE Linux Enterprise Desktop 10 into Existing Environments.

Samba version What is the Samba? Samba is a suite of programs which work together to allow clients to access to a server's filespace and printers.

Avaya Wireless Installation (hands-on). Hands-on tasks overview  Choice of the following (depending on type of system present). Multiple tasks allowed.

Single Sign-on with Kerberos 1 Chris Eberle Ryan Thomas RC Johnson Kim-Lan Tran CS-591 Fall 2008.

Module 11: Implementing ISA Server 2004 Enterprise Edition.

Identity Management in the Environment of Mendel University in Brno Milan Šorm.

Database Architectures Database System Architectures Considerations – Data storage: Where do the data and DBMS reside? – Processing: Where.

1 SUSE LINUX School Server, Peter Varkoly SUSE LINUX School Server Peter Varkoly, Developer

1 Chapter Overview Performing Configuration Tasks Setting Up Additional Features Performing Maintenance Tasks.

Manchester HEP Desktop/ Laptop 30 Desktop running RH Laptop Windows XP & RH OS X Home server AFS using openafs 3 DB servers Kerberos 4 we will move.

GPO - WINDOWS SERVER AGENDA: Introduction Group Policy Overview Types of Group Policies/Objects Associated Technologies How to implement.

Virtualization for the LHCb Online system CHEP Taipei Dedicato a Zio Renato Enrico Bonaccorsi, (CERN)

Using RADIUS as a AAA backbone for Windows networks Kostas Kalevras NTUA Network Operations Centre.

Working with Workgroups and Domains Lesson 9. Objectives Understand users and groups Create and manage local users and groups Understand the difference.

1 Linux Networking and Security Chapter 5. 2 Configuring File Sharing Services Configure an FTP server for anonymous or regular users Set up NFS file.

Infrastructure for the LHCb RTTC Artur Barczyk CERN/PH RTTC meeting,

W2K Integration in the Kerberos5 based AFS cell le.infn.it Enrico M. V. Fasanelli I.N.F.N. – Sezione di Lecce Catania,

ALICE Use of CMF (CC) for the installation of OS and basic S/W OPC servers and other special S/W installed and configured by hand PVSS project provided.

Redmond Meets Cupertino Mac and PC Integration. Matt Darby Systems Administrator - Kambala Responsible for overall Network At Kambala for 8 years previously.

Migrating to Windows 2000 Graham Titmus Computer Laboratory.

Larry Mead TSP - Platform Modernization Microsoft Corporation SESSION CODE: WSV318 John Kelbley Sr. Technical Product Mgr. Microsoft Corporation.

Linux Operations and Administration

Accounts, groups, common areas in the LHCb Online Cluster Niko Neufeld March 6 th, 2007.

Computer and Network Infrastructure for the LHCb RTTC Artur Barczyk CERN/PH-LBC RTTC meeting,

11 INTRODUCTION TO GROUP POLICY Chapter 7. Chapter 7: INTRODUCTION TO GROUP POLICY2 WHAT CAN YOU DO WITH GROUP POLICY?  Control the user environment.

Small Business Server 2003 Linux Small Business Server versus Linux functionality.

R. Krempaska, October, 2013 Wir schaffen Wissen – heute für morgen Controls Security at PSI Current Status R. Krempaska, A. Bertrand, C. Higgs, R. Kapeller,

1 Diana Scannicchio on behalf of ALICE, ATLAS, CMS, LHCb System Administration Diana Scannicchio on behalf of ALICE, ATLAS, CMS, LHCb System Administration.

Chapter 2 Operating Systems

Windows interoperability with Unix/Linux

File System Implementation

Naomaru Itoi Peter Honeyman CITI

Unit 8 NT1330 Client-Server Networking II Date: 8/2/2016

CCR Advanced Seminar: Running CPLEX Computations on the ISE Cluster

Transarc AFS Client for NT

(Authentication / Authorization)

Setting up home folders and roaming profiles

06 | SQL Server and the Cloud

Presentation transcript:

User Management in LHCb Gary Moine, CERN 29/08/2015 1

Introduction Overview of internal network Description of system administration First problem: a classic: Unix and Windows A requirement : Single Sign On solution for experiment users Adopted solution: pGina and pam module Home directories common to both world: NFS and SAMBA Summary Gary Moine – CERN PH/LBC 2

Experiment Internal Network 2 main Networks completely separate: DAQ & Control. System administration services on Control. Additional private Network for switch/router management All are disconnected from CERN. Access only via Application Gateways. Dedicated link to CERN for storage of Physic data. Central services used: Castor - DNS Gary Moine – CERN PH/LBC 3

Experiment Internal Network 4

Network services used NIS for User information Authentication with Kerberos NFS + Automount Active Directory - RIS Quattor DNS, DHCP,NTP, TFTP, PXE … Gary Moine – CERN PH/LBC 5

One problem: User management Obvious to say: 2 different system = 2 very different ways of doing management We have: all farms node PCs + most of control PCs on Linux [1000/1500], remaining control PCs and most of Desktop for control room on Windows [50/100]. We do not want : Necessity to manage users accounts on both systems: Need to find a Single Sign On solution:  An Open Source project meet our needs: pGina Gary Moine – CERN PH/LBC 6

What is Gina What is GINA ? it stands for: Graphical Identification aNd Authentication. It’s a “kind of” PAM for Windows. GINA is a dynamically linked library that is loaded in the context of the Winlogon process when the machine is started... In other words, it’s something behind this: Gary Moine – CERN PH/LBC 7

What is pGina pGina is an Open source replacement for MS Gina dynamic library pGina is a Pluggable GINA: It provides various modules to allow different other authentication methods on Windows. PAM Plugin is the one used in our setup It consist of 2 parts: pGina with PAM plugin on each Windows client. And 1 Linux PC running a PAM-aware daemon which use the PAM authentication stack: Kerberos in our case. More on pGina: Gary Moine – CERN PH/LBC 8

What the User sees LHCb pGina login prompt: Gary Moine – CERN PH/LBC 9

Overview of pGina pGina provides a Domain Interaction. A user can be added to AD when he/she successfully authenticates. It also include others usefull Windows options like Drive mapping on login or Groups membership, etc.. Gary Moine – CERN PH/LBC 10

Home Directories Home directories stored centrally on a Disk server NFS exported and Samba shared Automount'ed on Linux client Mapped drive on Windows PC Gary Moine – CERN PH/LBC 11

Summary User management done on Linux side Kerberos for authentication pGina with PAM plugin' for integrating Windows user mgmt to this Unix schema. Home stored on Linux side, NFS exported and SAMBA shared. Gary Moine – CERN PH/LBC 12