[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [school-discuss] Linux and Active Directory/Windows networking

marilyn@xxxxxxxxxxxxxxxxx wrote:

This district uses Active Directory. [...] None of the tech people know anything about Linux. They have
been friendly and very helpful - they use a proxy server and gave me all of
that info - but it still doesn't work. [...]

First of all, you should be sure about "how" local windows clients gets internet access. Two options:

1 - They are "NAT"ted => this basically mean that clients have mostly full internet access and that the AD server basically plays no role about their internet connection;

2 - They are "Proxy"ed => this basically mean that for _every_ request that clients makes to the internet, such request is directed to the AD server (that tipically requires some form of authentications). The the AD server makes the connection to the internet and as soon as it gets back the result from the internet server, the AD server sends the results to the local clients;

In "option 1", basically, you can bet that within the LAN there's a "gateway" configured to do NAT and, from the gateway point of view, a standard client and the AD server are "similar";

In "option 2" _only_ the AD server has internet access and he manages all the internet access policy.

In "option 1" (the easy one) you have to ask your sys/netadmin about:
- the IP address of the "gateway";
- the IP address of a DNS;
- the IP address and subnet mask you should use on your local client;
- or if, otherwise, there's some DHCP server that provides you with proper infos

In "option 2" (the difficult one) you have to ask your sys/netadmin:
- which is, exactly, the software used to do "Proxying" on the AD Server? Is it some kind of M$ ISA Server? Or something else?

- if the proxy requires some forms of authentication and, in such case, which kind of authentication (basically, you have to know if it's something m$ related or not);

- if the proxy requires the user to be "defined" on the AD server. In this case, obviously, you need to have an "account" on the AD server;

With above three information, we can be mostly able to configure at least a browser so that it can interact with the Proxy (...if the authentication-protocol is supported by Linux).

Strictly speaking about AD, keep in mind that AD has more or less _nothing_ to do about "networking" (strictly speaking in terms of IP and WEB access). It deals _only_ about SSO (Single Sign On). This basically means that:
- if on the LAN there are a bunch of file and/or print server and...
- if you're going to access such file/print server... than...
- you need to properly configure your client so that the AD server "see" a windows client...
Samba, obviously, has lot of things that let your machine to act as a "windows" client, both in the old M$-Domain world and the quite younger M$-AD-world.

In any case, keep in mind that if you're going to deeply interact with AD from Linux, you're going to have a difficult way to walk.



Damiano Verzulli
e-mail: damiano@xxxxxxxxxxx
"...Science, after all, is ultimately an Open Source enterprise..."
'Open Sources: Voices from the Open Source Revolution' - Introduction