Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
ad_migration [2018/07/24 20:18]
ktm5j
ad_migration [2018/08/16 13:53] (current)
ktm5j
Line 3: Line 3:
 We are making changes to our authentication scheme in an effort to further simplify our computing environment. ​ This will make things easier for users on our systems, and easier to maintain both now and in the future. We are making changes to our authentication scheme in an effort to further simplify our computing environment. ​ This will make things easier for users on our systems, and easier to maintain both now and in the future.
  
-Up until now our Linux and Windows domains have been separate. ​ Despite the fact that your accounts share file storage, these identities don't share any real information. ​ This means that if you change your password in Windows, your Linux password has not changed. ​ Similarly, if you are added to a Unix/Linux group, there is no corresponding Windows group. ​ This makes file permissions difficult to manage.+Up until now our Linux and Windows domains have been separate. ​ Despite the fact that your accounts share file storage, these identities don't share any real information. ​ This means that if you change your password in Windows, your Linux password has not changed. ​ Similarly, if you are added to a Unix/Linux group, there is no corresponding Windows group. ​ This can make file permissions difficult to manage
 + 
 +If you are exclusively a Windows/​MacOS user then this should not affect you.
  
 ===== What is our plan? ===== ===== What is our plan? =====
  
 We have been working on converting our Linux systems to authenticate against our Active Directory servers. ​ Active Directory (AD) is a widely used Microsoft product for identity management. ​ Thanks to software from open source projects like [[https://​www.samba.org/​|Samba]] and [[https://​www.freeipa.org|FreeIPA]],​ as well as [[https://​www.redhat.com/​|Red Hat]], Linux now has reliable, enterprise-ready support for Active Directory. We have been working on converting our Linux systems to authenticate against our Active Directory servers. ​ Active Directory (AD) is a widely used Microsoft product for identity management. ​ Thanks to software from open source projects like [[https://​www.samba.org/​|Samba]] and [[https://​www.freeipa.org|FreeIPA]],​ as well as [[https://​www.redhat.com/​|Red Hat]], Linux now has reliable, enterprise-ready support for Active Directory.
 +
 +We have determined what is needed to accomplish this goal and already have a number of Linux systems configured under this new model. ​ We are working on testing these systems to be sure that the new system does everything we need without causing issues elsewhere. ​ After testing is complete, we will begin to roll out the migration in stages, working through groups of servers and desktops one step at a time.
  
 ===== How does this affect me? ===== ===== How does this affect me? =====
Line 16: Line 20:
  
 If you have not changed both Windows and Linux passwords at the same time then they are out of sync, which means you may not know your Windows password. ​ This means you will not be able to log in after we have moved to AD on our Linux systems. If you have not changed both Windows and Linux passwords at the same time then they are out of sync, which means you may not know your Windows password. ​ This means you will not be able to log in after we have moved to AD on our Linux systems.
 +
 +This will not affect your file storage/​home directories. ​ After the change you will still have the same numerical user id (uid) and group id (gid) in Linux. ​ This is important so that you still "​own"​ your files after the migration.
  
 ===== How do I check my password? ===== ===== How do I check my password? =====
Line 21: Line 27:
 We have already changed ''​%%power4.cs.virginia.edu%%''​ to authenticate against AD.  This means you can try logging in (via ssh) to ''​%%power4%%''​ and test your password. ​ If you are unable to log in, you will need to submit a ticket to <​cshelpdesk@virginia.edu>​ asking to have your password reset. ​ We will then give you a temporary password, the first time you log in with this password you will be asked to set a new password. We have already changed ''​%%power4.cs.virginia.edu%%''​ to authenticate against AD.  This means you can try logging in (via ssh) to ''​%%power4%%''​ and test your password. ​ If you are unable to log in, you will need to submit a ticket to <​cshelpdesk@virginia.edu>​ asking to have your password reset. ​ We will then give you a temporary password, the first time you log in with this password you will be asked to set a new password.
  
-After you are logged in to ''​%%power4%%'',​ feel free to run programs, submit jobs to [[compute_slurm|SLURM]],​ edit files in your home directory, etc..  You can help us test by trying out tasks that you would typically perform on a day to day basis. ​ If you encounter any issues, please let us know so we can fix any bugs before moving forward.  The one thing to note is we are not finished re-creating Linux groups in AD.  This means that you may not have permissions to edit/view files owned by a group that you are a member of.  However this is only temporary and will be fixed soon.+After you are logged in to ''​%%power4%%'',​ feel free to run programs, submit jobs to [[compute_slurm|SLURM]],​ edit files in your home directory, etc..  You can help us test by trying out tasks that you would typically perform on a day to day basis. ​ If you encounter any issues, please let us know so we can fix any bugs before moving forward.
  
  • ad_migration.1532463517.txt.gz
  • Last modified: 2018/07/24 20:18
  • by ktm5j