Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 8 Oct 2001 08:53:28 -0400 (EDT)
From:      Evan Sarmiento <evms@cs.bu.edu>
To:        Chris Dillon <cdillon@wolves.k12.mo.us>, freebsd-chat@freebsd.org
Subject:   Re: FreeBSD and Active Directory
Message-ID:  <15297.41416.171067.316227@csa.bu.edu>
In-Reply-To: <Pine.BSF.4.32.0110072217590.19496-100000@mail.wolves.k12.mo.us>
References:  <200110062149.f96LnFj26783@csa.bu.edu> <Pine.BSF.4.32.0110072217590.19496-100000@mail.wolves.k12.mo.us>

next in thread | previous in thread | raw e-mail | index | archive | help
Hello,

Our situation is a little different. I go to a private school. The coordinator
has to take care of fourteen PCs in the lab and the ten or so iMACS the faculty has. He's
not oppossed to us configuring our own machines. He told me that
he would allow anyone to connect Windows 9x boxen to the network,
he's _only_ opposed to UNIX boxen.

Our school, (you might already have head this), is intertwined with Boston
University. You could assume that the Boston University IT officials
are his superiors. In any case, the University allows any sort of laptop
or computer to be used on the network, but, they only allow support
for certain operating systems. There are about thirty to forty people
who take care of numerous clusters and atleast 20,000 boxen.

It seems that one person would be able to handle 24 computers, which
work perfectly most of the time.

Secondly, I've contacted a BU Systems Analyist at the IT department.
He told me that this action was unacceptable -- and he would
have a meeting with the tech coordinator on Wednesday to [persuade|force]
him to allow *NIX laptops and computers on the network.


Thanks,
Evan

Chris Dillon writes:
 > Moved to -chat... This is not appropriate for -stable.
 > 
 > On Sat, 6 Oct 2001, Evan Sarmiento wrote:
 > 
 > > My high school recently hired a new technology coordinator.
 > > Instead of using open source software, the coordinator redesigned
 > > the network to support Windows 2000 and Active Directory. For
 > > those of you who do not know what Active Directory is: Active
 > > Directory is an LDAP server which delineates what privledges each
 > > host on the network has, etc.
 > 
 > I've read every message in this thread so far and all I have to say is
 > that, as the network administrator of a large K-12 institution, I can
 > sympathise with some of his learyness of allowing any kind of
 > "foreign" machine on the network.
 > 
 > Due to our non-unique situation in the under-staffed world of public
 > education, I have essentially become a network-Nazi and would readily
 > flip the switch disallowing any machine that I did not personally
 > configure (or, actually, design the custom installation system for in
 > our case) on the network if it wouldn't suddenly cut off quite a few
 > machines that we have not had time to get to since we took over
 > several years (!) ago.
 > 
 > There is just me and one other person in our tech department dealing
 > with about 3000 users and nearly 1000 workstations on a shoestring
 > budget, and this is a pretty common situation for public schools.  In
 > four years we had a ten-fold increase in the number of machines on the
 > network with no additional staff or increase of our budget (though
 > that is changing, I hope).  Even if your technology coordinator has
 > half as many workstations and users and three times the budget and
 > staff that we do, I still sympathize with his learyness of foreign
 > machines introduced into the relatively fragile entity we call a
 > "network".  It has become a conditioned reaction to just say NO to any
 > request that doesn't immediately seem like a technically sound idea
 > when you're in a situation like that, and the only thing that will
 > change that is an infinite budget and an infinite abundance of
 > well-trained network monkeys jumping around to handle every little
 > problem that would pop up if everybody were allowed to do whatever
 > they wanted.
 > 
 > > I asked him his policy on laptops. After a long conversation, he
 > > said: "I do not allow any laptops running *NIX to be placed on the
 > > network, as I believe it will interfere with Active Directory."
 > 
 > The AD fear is unfounded, but see above why I don't like the idea of
 > foreign machines on "my" network.  This might be his way of saying the
 > same thing.
 > 
 > > I tried to explain to him how false his assumption was, but, he
 > > would not recant his infamy. I can understand, in a way -- He
 > > wants to make sure that the network is running for students to
 > > use.
 > 
 > That is generally the number one priority.
 > 
 > > How would I go about convincing this enthusiast that FreeBSD will
 > > not somehow interfere with Active Directory? This is what I have
 > > tried so far.
 > 
 > The answer would be to convince him that you can configure a machine
 > properly so that it won't ever interfere with anything on the network
 > and gain his trust.  Going above his head to the boss (as you
 > mentioned in another message) is not one way to do that.
 > 
 > As an aside, I DO allow "untrusted" machines on our network in a
 > couple of locations, both of which are on their own segmented and
 > firewalled networks.  They happen to be computer tech classes in our
 > vocational school which obviously require an environment more open to
 > "experimentation".  I also keep an eye on every one of our networks
 > via an intrusion detection system as well as network protocol
 > analyzers.  I immediately know when anything goes out of whack and the
 > owner of any machine causing anything to go even slightly out of whack
 > is likely to get one him/her-self in some form or another.  If I can
 > do that given our staff situation and budget, so can your technology
 > coordinator.  It only requires a clue and a good implementation of it.
 > 
 > 
 > --
 >  Chris Dillon - cdillon@wolves.k12.mo.us - cdillon@inter-linc.net
 >  FreeBSD: The fastest and most stable server OS on the planet
 >  - Available for IA32 (Intel x86) and Alpha architectures
 >  - IA64, PowerPC, UltraSPARC, and ARM architectures under development
 >  - http://www.freebsd.org
 > 
 > 
 > 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15297.41416.171067.316227>