[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [school-discuss] Linux and Active Directory/Windows networking
This district uses Active Directory.
None of the tech people know anything about Linux. They have
been friendly and very helpful - they use a proxy server and gave me all of
that info - but it still doesn't work.
First of all, you should be sure about "how" local windows clients gets
internet access. Two options:
1 - They are "NAT"ted => this basically mean that clients have mostly
full internet access and that the AD server basically plays no role
about their internet connection;
2 - They are "Proxy"ed => this basically mean that for _every_ request
that clients makes to the internet, such request is directed to the AD
server (that tipically requires some form of authentications). The the
AD server makes the connection to the internet and as soon as it gets
back the result from the internet server, the AD server sends the
results to the local clients;
In "option 1", basically, you can bet that within the LAN there's a
"gateway" configured to do NAT and, from the gateway point of view, a
standard client and the AD server are "similar";
In "option 2" _only_ the AD server has internet access and he manages
all the internet access policy.
In "option 1" (the easy one) you have to ask your sys/netadmin about:
- the IP address of the "gateway";
- the IP address of a DNS;
- the IP address and subnet mask you should use on your local client;
- or if, otherwise, there's some DHCP server that provides you with
In "option 2" (the difficult one) you have to ask your sys/netadmin:
- which is, exactly, the software used to do "Proxying" on the AD
Server? Is it some kind of M$ ISA Server? Or something else?
- if the proxy requires some forms of authentication and, in such case,
which kind of authentication (basically, you have to know if it's
something m$ related or not);
- if the proxy requires the user to be "defined" on the AD server. In
this case, obviously, you need to have an "account" on the AD server;
With above three information, we can be mostly able to configure at
least a browser so that it can interact with the Proxy (...if the
authentication-protocol is supported by Linux).
Strictly speaking about AD, keep in mind that AD has more or less
_nothing_ to do about "networking" (strictly speaking in terms of IP and
WEB access). It deals _only_ about SSO (Single Sign On). This basically
- if on the LAN there are a bunch of file and/or print server and...
- if you're going to access such file/print server... than...
- you need to properly configure your client so that the AD server "see"
a windows client...
Samba, obviously, has lot of things that let your machine to act as a
"windows" client, both in the old M$-Domain world and the quite younger
In any case, keep in mind that if you're going to deeply interact with
AD from Linux, you're going to have a difficult way to walk.
"...Science, after all, is ultimately an Open Source enterprise..."
'Open Sources: Voices from the Open Source Revolution' - Introduction