Re: freebsd and MS Active Directory

From: Duane Winner (dwinner-lists_at_att.net)
Date: 10/23/04

  • Next message: Gert Cuykens: "kernel configuration file" 
    Date: Sat, 23 Oct 2004 00:08:37 -0400
To: Danny MacMillan <flowers@users.sourceforge.net>

    Danny MacMillan wrote:
    > On Fri, Oct 22, 2004 at 09:02:46AM -0600, Duane Winner wrote:
    >
    >>...
    >>
    >>During a meeting with their IT people a couple of days ago, most issues
    >>were agreed upon, however, the director of IT informed me that I will
    >>need to make both of these boxes conform to their Active Directory network.
    >
    >
    > The phrase "conform to their Active Directory network" is pretty ambiguous.
    > I would be asking for more detail if I were you to find out what they
    > really mean.
    Well, you pretty much hit the nail on the head here. It was a brief
    meeting to flesh out an basic specs and an introduction, rather than
    specifics on the implementation. I didn't want to ask too many questions
      at that point because I didn't want to sound like an idiot.

    But one thing that is crystalizing for me is that from what I understand
    so far from talking to others here and doing research is that as far as
    host name resolution and IP address management, not that much has
    changed, and there is no reason that they couldn't create static entries
    for the two BSD hosts.

    I am beginning to think that they were under the assumption that the web
    apps we are giving them would participate in their single sign-on, but
    that is not the case, because our web app will be doing it's own user
    management and authentication whether they like it or not. :)

    If that is why they brought up AD in the first place, then I think it
    will be a moot point, unless there is something else I don't know yet.
    Is it possible they are using DHCP for all hosts -- even servers, but
    doing static mapping to MAC address? If so, are there instances where AD
    hosts must configured as AD leaf objects? (I'm just scraping the back of
      my brain memories from my Novell NDS days...cripes -- what's happened
    to me? LOL....

    At any rate, I have two voice mail messages in to the IT guys I met with
    to get more specifics. I really don't have time to screw around with a
    Windows 2000 lab right now, and rather I wouldn't if I don't have to.

    >
    >
    >>I think what he was referring to is DNS and IP assignments, and that I
    >>can't just hard code the hostname and IP address as I normally would and
    >>expect it to work on their network, since they don't run bind or static
    >>DNS services.
    >
    >
    > Microsoft DNS is no thoroughbred, but can be configured to do what just
    > about any other DNS server will do. Ditto for DHCP. The only impact
    > Active Directory has on DNS, that I know of, is that Active Directory
    > stores SRV records in DNS so that clients can bind to it (I don't
    > completely understand this, I just see a lot of weird _firstsitename
    > stuff in a zone dump from our MS DNS server). As far as I know this
    > has no impact on the FreeBSD side. Since they presumably already have
    > their DNS server running (otherwise Active Directory wouldn't work)
    > you shouldn't have to do anything special on the FreeBSD side.
    >
    > It seems unlikely to me that that's what they meant. I really would
    > ask for more information. Maybe they want their FreeBSD administrators
    > to authenticate against AD accounts?
    >
    > If you do set up a testbed Active Directory, I would advise you to set
    > up MS DNS first, as I've had what can most charitably be called
    > "problems" when letting Active Directory set up DNS automagically.
    >
    >
    >>...
    >>
    >
    >
    _______________________________________________
    freebsd-questions@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-questions
    To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"

  • Next message: Gert Cuykens: "kernel configuration file"

    Relevant Pages

    • Re: DHCP Clients getting DNS lookup failures
      ... It sounds to me like you had a DNS issue but you fixed it, ... The DNS server has encountered a critical error from the Active ... Check that the Active Directory is functioning properly. ... Active Directory for this zone and is unable to load the zone without ...
      (microsoft.public.windows.server.sbs)
    • Re: event 4015 and 4004 on W2K2 DC
      ... How is DNS setup, Active directory integrated zones? ... Check that you have configured the forwarders tab on all DNS server properties in the DNS management console, pointing to your ISP's DNS server and of course all clients have to know the second DNS servers ip. ... Directory for this zone and is unable to load the zone without it. ...
      (microsoft.public.windows.server.active_directory)
    • Re: Split-Brain DNS
      ... > What do I need to do to setup split-brain DNS for the company? ... > external DNS server I have setup on our DMZ, ... Deploying and Designing Active Directory [DNS Design, Migration, Cert Auth, ... Download details Windows Server 2003 Active Directory Branch Office Guide: ...
      (microsoft.public.windows.server.dns)
    • Re: DNS Error 4011 on Active Directory-Integrated DNS
      ... Integrated DNS, and I've recently been getting the following error ... Active Directory is functioning properly and add or update this ... DOMAIN\Administrators -- Full Control ... The DNS server seems to function properly, but I'd like to fix this ...
      (microsoft.public.windows.server.dns)
    • [LONG - PLS HELP] Issues on DNS
      ... Active Directory successfully replicated using the NetBIOS ... or fully qualified computer name of the source domain controller. ... DNS Server: ... The DNS server was unable to open zone mydomain.local in the Active ...
      (microsoft.public.windows.server.dns)
    Loading