Securing LDAP calls in HPC2012R2_Update3_Full

All replies

• 

  

  0

  Sign in to vote

  Hi Sattigadu,

    Do you know which process is calling LDAP server using 389? By simply searching the source code, I could find place that make call to this.

    And HPC Pack won't have dependency on DHCP only if you enabled private network. If you don't need the headnode to serve DHCP, you shall disable that service.

  ---

  Qiufang Shi

  Friday, March 15, 2019 3:26 AM
• 

  

  0

  Sign in to vote

  Thanks for the response. We run in enterprise mode. I think we can disable DHCP mode as we dont use it. After more tracing we realized its only happening in our compute nodes. By default all windows uses LDAP 389 for its operations (AD Domain Services (authentication, GPO, replication, trust).)and it directly talks to the domain controller. We are noticing calls going to the Load balancer of the AD team from the compute nodes which makes it tricky.

  Do you know where HPC picks the LDAP details?

  Thanks,

  Sahitya

  Sunday, March 17, 2019 9:10 PM
• 

  

  0

  Sign in to vote

  What kind of details you're requesting?

  Below are the places related to AD for compute node:

  1. HPC Pack services will do AD authentication (Logon as job's runas user, and create/start user process with the logon token).

  2. HPC pack services on compute node will securely communicate to the head node service through kerberos authentication

  ---

  Qiufang Shi

  Monday, March 18, 2019 2:18 AM