Account provisioning with SAR

Several of us met individually with Richard over the last couple of days to talk about using SAR (aka Sun One identify manager) for account provisioning.

SAR is used as a replacement for an earlier home made applicaiton called ASAP, and is used to provision and deprovision access to things.  There are currently 36 systems in SAR, some of which don't actually do the provisioning, but handle the process flow by presenting forms for approval and sending e-mail to each party in the workflow to encourage them to fill out said forms.

ACSAD reverse lookup zones


So, in order to move forward on the DNS in, I think we need to do the following

Windows license servers in Nagios

The work isn't complete, but I've got a start of the Windows plugins for Nagios packaged in the WolfTech domain.

CMS container created in WolfTech

Debbie talked to me and asked me to create a container for Campus Messaging Services in WolfTech.  I've made some OUs, but I'm not convinced it's going to work properly with the Wolftech magic.

I think that Billy/Dan/Derek have to add the containters that get auto-populated with applications, allowed rights to link gpos, and so forth. 

I've made a skeleton of ou=CMS,ou=CT,ou=OIT and assigned all rights to the group "CMS-OU Admins" right now Debbie is the only member of that group, as she's co-ordinating the DESAD migration and can add others as she needs.



Neal from SnC asked me to take a look at some software he's thinking about using for intrusion detection.

It's called "OSSec" and you'll find more about it at

He's also talking about setting up a syslog server that we can use to collect authentication traps and possibly other information.

ACSAD vs QIP remaining differences


Here's a summary of where I think we stand with differences between the ACSAD domain controllers serving DNS and the QIP "NCSU-Legacy" DNS

Matched 926 of 1013 records (2 SOA, 5 NS records and 10 others can never match).
830 of 901 total matched 'A' records.
89 of 360 total matched 'SRV' records.

When I tried to do reverse (IP to name) lookups against ns60, ir looka like our PTR records were a complete mess, but I haven't dived in to gather specifics.

ACSAD DNS vs QIP: a tale of a dynamic struggle


Kevin and I figured this out last week, but I hadn't found the time to post it until now.

We've found another wrinkle in the ACSAD DNS migration to QIP.  The existing ACSAD DNS is configured for "dynamic" registration for both DHCP and DNS services.  When a new host comes up, it's name (as set in the Windows control panel) is automatically registered in DNS.  QIP uses "static" registration, in that you must key in DNS info to get the name server to acknoledge you.

File System team decisions

We had the next to the last "File System Team" meeting this morning.  I wasn't taking good notes, so the particulars I record here may not be correct.  Eric is doing our "official" write-up, so anything differenet between that write up and this one means that this one is in error.

ACSAD "DNS issues" were actually firewall

Eric and I have just confirmed that the issues previously thought to be DNS problems using ns60 were in fact a firewall problem.

Eric is going to identify a bunch of test vms and provisioning servers, and I'm going to look for admin vms and servers at Monday's WAL meeting to set to use ns60 using a GPO.  The idea is that we eat our own dogfood while the CAB deliberates on pushing ns60 out wholesale to all ACSAD workstations.

HP ilo extensions to be added to WolfTest domain


Once there is a WolfTech Remedy queue created, I'll put in a formal request for the ilo extensions, and confirm a date when we can install in WolfTest.

Rather then try to paraphrase, here's a hacked up e-mail response to give some background:



Syndicate content