[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[school-discuss] Thanks!= Linux and Active Directory/Windows networking

I entered the external DNS numbers and already had the isa proxy stuff and . .
.Yay!!! . . . I am sending this from Edubuntu!!!!

Now if I could only access my network folder . . . I'm close . . . it is
displayed on the desktop . . . asked for my user name and password . . . but it
won't let me view the contents.

Thanks to you all!


Quoting Damiano Verzulli <damiano@xxxxxxxxxxx>:

> marilyn@xxxxxxxxxxxxxxxxx wrote:
> > 
> > [...]
> > This district uses Active Directory.  
> > [...] 
> > None of the tech people know anything about Linux.  They have
> > been friendly and very helpful - they use a proxy server and gave me all
> of
> > that info - but it still doesn't work. 
> > [...]
> First of all, you should be sure about "how" local windows clients gets 
> internet access. Two options:
> 1 - They are "NAT"ted => this basically mean that clients have mostly 
> full internet access and that the AD server basically plays no role 
> about their internet connection;
> 2 - They are "Proxy"ed => this basically mean that for _every_ request 
> that clients makes to the internet, such request is directed to the AD 
> server (that tipically requires some form of authentications). The the 
> AD server makes the connection to the internet and as soon as it gets 
> back the result from the internet server, the AD server sends the 
> results to the local clients;
> In "option 1", basically, you can bet that within the LAN there's a 
> "gateway" configured to do NAT and, from the gateway point of view, a 
> standard client and the AD server are "similar";
> In "option 2" _only_ the AD server has internet access and he manages 
> all the internet access policy.
> In "option 1" (the easy one) you have to ask your sys/netadmin about:
> - the IP address of the "gateway";
> - the IP address of a DNS;
> - the IP address and subnet mask you should use on your local client;
> - or if, otherwise, there's some DHCP server that provides you with 
> proper infos
> In "option 2" (the difficult one) you have to ask your sys/netadmin:
> - which is, exactly, the software used to do "Proxying" on the AD 
> Server? Is it some kind of M$ ISA Server? Or something else?
> - if the proxy requires some forms of authentication and, in such case, 
> which kind of authentication (basically, you have to know if it's 
> something m$ related or not);
> - if the proxy requires the user to be "defined" on the AD server. In 
> this case, obviously, you need to have an "account" on the AD server;
> With above three information, we can be mostly able to configure at 
> least a browser so that it can interact with the Proxy (...if the 
> authentication-protocol is supported by Linux).
> Strictly speaking about AD, keep in mind that AD has more or less 
> _nothing_ to do about "networking" (strictly speaking in terms of IP and 
> WEB access). It deals _only_ about SSO (Single Sign On). This basically 
> means that:
> - if on the LAN there are a bunch of file and/or print server and...
> - if you're going to access such file/print server... than...
> - you need to properly configure your client so that the AD server "see" 
> a windows client...
> Samba, obviously, has lot of things that let your machine to act as a 
> "windows" client, both in the old M$-Domain world and the quite younger 
> M$-AD-world.
> In any case, keep in mind that if you're going to deeply interact with 
> AD from Linux, you're going to have a difficult way to walk.
> HTH.
> Bye,
> Damiano
> -- 
> Damiano Verzulli
> e-mail: damiano@xxxxxxxxxxx
> ---
> possible?ok:while(!possible){open_mindedness++}
> ---
> "...Science, after all, is ultimately an Open Source enterprise..."
> 'Open Sources: Voices from the Open Source Revolution' - Introduction
> [http://www.oreilly.com/catalog/opensources/book/intro.html]