Hi folks, Figured I'd ask here before trying the beowulf list ... I'm working with an organization that will be deploying a midsized life science oriented cluster in the next few months. This group is in the business of making new products, selling products and discovering/developing new products -- the message from the top down is that IT is a tool that they need to be able to use effectively but they don't want to be in the position of designing, managing and deploying lots of custom/complex or one-off IT solutions. This means that their IT systems tend to be well designed, extremely well documented and focused on ease-of-maintenance. In many cases the solutions are designed with an eye towards handing off the day to day operation/management to a 3rd party infrastructure/operations provider or contractor. The organization already has a robust and well-managed directory services infrastructure based on MS Windows and Active Directory. There is *strong* interest in extending this directory service into the realm of the biocluster so that they don't have to roll out and manage a totally separate access scheme for cluster users. I've done enough work in the lab with AD, LDAP and Kerberos to know that Linux+Kerberos can usually play nicely and authenticate against Active Directory servers but I have not personally done this further than simple experimentation on test systems. Getting a single Linux box to authenticate against the domain is one thing; integrating 80+ linux boxes is something different. Have people on this list done Active Directory integration with full clusters? I'm interested in all pointers, war stories, product/vendor recommendations etc. that people would be willing to share. Of particular concern to me is how to bring the directory/authentication info into the private cluster network so the compute nodes can make use of it -- some methods involve password synchronization and others seem to involve bringing an AD server directly onto the cluster network. Only a few of the commercial Linux/Active Directory integration offerings seem to promise "minimal or zero" configuration changes on the actual domain server (a key point as I doubt we'll be allowed to mess with the domain servers much themselves). I'll summarize any responses and can tell y'all how the project went sometime next year! Regards, Chris