From owner-freebsd-questions@FreeBSD.ORG Sat Oct 23 08:45:12 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0DA8016A4CE for ; Sat, 23 Oct 2004 08:45:12 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id AE36843D66 for ; Sat, 23 Oct 2004 08:45:11 +0000 (GMT) (envelope-from geniusfreak@gmail.com) Received: by rproxy.gmail.com with SMTP id 79so219717rnk for ; Sat, 23 Oct 2004 01:45:11 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=Z7Rh+wPZ5SAQzX/D5iFLOwxmvXOXRzvnVDk2qeydFrBP99Gl4HT3h4gAZ984bA/6i20T+2lIpKkVFgvB7H+pp07xv4O/cNQA5fLtB0JfZTRM/yehV7GJDCjX8JxPJzknjE9Vgr7gO6ZtHxJcdVf1yTDmipq1rqJL1yC+XeCYez0= Received: by 10.38.66.24 with SMTP id o24mr154230rna; Sat, 23 Oct 2004 01:45:11 -0700 (PDT) Received: by 10.38.82.70 with HTTP; Sat, 23 Oct 2004 01:45:11 -0700 (PDT) Message-ID: <97f8dd041023014563a3c9f0@mail.gmail.com> Date: Sat, 23 Oct 2004 01:45:11 -0700 From: Genius Freak To: dwinner-lists@att.net In-Reply-To: <4179D945.8070202@att.net> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <41792116.5000304@att.net> <20041022190411.GA920@procyon.nekulturny.org> <4179D945.8070202@att.net> cc: Danny MacMillan cc: freebsd-questions@freebsd.org Subject: Re: freebsd and MS Active Directory X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Genius Freak List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Oct 2004 08:45:12 -0000 On Sat, 23 Oct 2004 00:08:37 -0400, Duane Winner wrote: > > > Danny MacMillan wrote: > > On Fri, Oct 22, 2004 at 09:02:46AM -0600, Duane Winner wrote: > > > >>... > >> > >>During a meeting with their IT people a couple of days ago, most issues > >>were agreed upon, however, the director of IT informed me that I will > >>need to make both of these boxes conform to their Active Directory network. > > > > > > The phrase "conform to their Active Directory network" is pretty ambiguous. > > I would be asking for more detail if I were you to find out what they > > really mean. > Well, you pretty much hit the nail on the head here. It was a brief > meeting to flesh out an basic specs and an introduction, rather than > specifics on the implementation. I didn't want to ask too many questions > at that point because I didn't want to sound like an idiot. > > But one thing that is crystalizing for me is that from what I understand > so far from talking to others here and doing research is that as far as > host name resolution and IP address management, not that much has > changed, and there is no reason that they couldn't create static entries > for the two BSD hosts. > > I am beginning to think that they were under the assumption that the web > apps we are giving them would participate in their single sign-on, but > that is not the case, because our web app will be doing it's own user > management and authentication whether they like it or not. :) > > If that is why they brought up AD in the first place, then I think it > will be a moot point, unless there is something else I don't know yet. > Is it possible they are using DHCP for all hosts -- even servers, but > doing static mapping to MAC address? If so, are there instances where AD > hosts must configured as AD leaf objects? (I'm just scraping the back of > my brain memories from my Novell NDS days...cripes -- what's happened > to me? LOL.... > > At any rate, I have two voice mail messages in to the IT guys I met with > to get more specifics. I really don't have time to screw around with a > Windows 2000 lab right now, and rather I wouldn't if I don't have to. > > > > > > > > > >>I think what he was referring to is DNS and IP assignments, and that I > >>can't just hard code the hostname and IP address as I normally would and > >>expect it to work on their network, since they don't run bind or static > >>DNS services. > > > > > > Microsoft DNS is no thoroughbred, but can be configured to do what just > > about any other DNS server will do. Ditto for DHCP. The only impact > > Active Directory has on DNS, that I know of, is that Active Directory > > stores SRV records in DNS so that clients can bind to it (I don't > > completely understand this, I just see a lot of weird _firstsitename > > stuff in a zone dump from our MS DNS server). As far as I know this > > has no impact on the FreeBSD side. Since they presumably already have > > their DNS server running (otherwise Active Directory wouldn't work) > > you shouldn't have to do anything special on the FreeBSD side. > > > > It seems unlikely to me that that's what they meant. I really would > > ask for more information. Maybe they want their FreeBSD administrators > > to authenticate against AD accounts? > > > > If you do set up a testbed Active Directory, I would advise you to set > > up MS DNS first, as I've had what can most charitably be called > > "problems" when letting Active Directory set up DNS automagically. > > > > > >>... > >> > > > > Hello i have administrated windows 2000 and 2003 active directory networks and have used freebsd in them before. It requires nothing special. Just a static dns record for the server(as any server should have) in the domain dns records and personally I always made sure the ip was in a reserved range in dhcp (just in case). On the dns box I just set the ip address, subnet, dns server, and gateway and (important one here) made sure the server name was in the domain ex: bsdbox01.domain.local where bsdbox01 is the name of the server and domain.local is the active directory domain name. Doing that I have never had a problem accessing a freebsd box in the network either by name or by ip. If I forgot something there forgive me but that should at least give you the general idea. Kevin