Date: Sat, 23 Oct 2004 01:45:11 -0700 From: Genius Freak <geniusfreak@gmail.com> To: dwinner-lists@att.net Cc: freebsd-questions@freebsd.org Subject: Re: freebsd and MS Active Directory Message-ID: <97f8dd041023014563a3c9f0@mail.gmail.com> In-Reply-To: <4179D945.8070202@att.net> References: <41792116.5000304@att.net> <20041022190411.GA920@procyon.nekulturny.org> <4179D945.8070202@att.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 23 Oct 2004 00:08:37 -0400, Duane Winner <dwinner-lists@att.net> wrote: > > > Danny MacMillan wrote: > > On Fri, Oct 22, 2004 at 09:02:46AM -0600, Duane Winner wrote: > > > >>... > >> > >>During a meeting with their IT people a couple of days ago, most issues > >>were agreed upon, however, the director of IT informed me that I will > >>need to make both of these boxes conform to their Active Directory network. > > > > > > The phrase "conform to their Active Directory network" is pretty ambiguous. > > I would be asking for more detail if I were you to find out what they > > really mean. > Well, you pretty much hit the nail on the head here. It was a brief > meeting to flesh out an basic specs and an introduction, rather than > specifics on the implementation. I didn't want to ask too many questions > at that point because I didn't want to sound like an idiot. > > But one thing that is crystalizing for me is that from what I understand > so far from talking to others here and doing research is that as far as > host name resolution and IP address management, not that much has > changed, and there is no reason that they couldn't create static entries > for the two BSD hosts. > > I am beginning to think that they were under the assumption that the web > apps we are giving them would participate in their single sign-on, but > that is not the case, because our web app will be doing it's own user > management and authentication whether they like it or not. :) > > If that is why they brought up AD in the first place, then I think it > will be a moot point, unless there is something else I don't know yet. > Is it possible they are using DHCP for all hosts -- even servers, but > doing static mapping to MAC address? If so, are there instances where AD > hosts must configured as AD leaf objects? (I'm just scraping the back of > my brain memories from my Novell NDS days...cripes -- what's happened > to me? LOL.... > > At any rate, I have two voice mail messages in to the IT guys I met with > to get more specifics. I really don't have time to screw around with a > Windows 2000 lab right now, and rather I wouldn't if I don't have to. > > > > > > > > > >>I think what he was referring to is DNS and IP assignments, and that I > >>can't just hard code the hostname and IP address as I normally would and > >>expect it to work on their network, since they don't run bind or static > >>DNS services. > > > > > > Microsoft DNS is no thoroughbred, but can be configured to do what just > > about any other DNS server will do. Ditto for DHCP. The only impact > > Active Directory has on DNS, that I know of, is that Active Directory > > stores SRV records in DNS so that clients can bind to it (I don't > > completely understand this, I just see a lot of weird _firstsitename > > stuff in a zone dump from our MS DNS server). As far as I know this > > has no impact on the FreeBSD side. Since they presumably already have > > their DNS server running (otherwise Active Directory wouldn't work) > > you shouldn't have to do anything special on the FreeBSD side. > > > > It seems unlikely to me that that's what they meant. I really would > > ask for more information. Maybe they want their FreeBSD administrators > > to authenticate against AD accounts? > > > > If you do set up a testbed Active Directory, I would advise you to set > > up MS DNS first, as I've had what can most charitably be called > > "problems" when letting Active Directory set up DNS automagically. > > > > > >>... > >> > > > > Hello i have administrated windows 2000 and 2003 active directory networks and have used freebsd in them before. It requires nothing special. Just a static dns record for the server(as any server should have) in the domain dns records and personally I always made sure the ip was in a reserved range in dhcp (just in case). On the dns box I just set the ip address, subnet, dns server, and gateway and (important one here) made sure the server name was in the domain ex: bsdbox01.domain.local where bsdbox01 is the name of the server and domain.local is the active directory domain name. Doing that I have never had a problem accessing a freebsd box in the network either by name or by ip. If I forgot something there forgive me but that should at least give you the general idea. Kevin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?97f8dd041023014563a3c9f0>