[CLUE-Tech] My transition
David L. Willson
DLWillson at TheGeek.NU
Tue Feb 26 20:15:37 MST 2002
My recommendation(s) for your situation. Pick one you like:
1) Use LDAP/IMAP from Active Directory as your authenticator. You will
still have local accounts, but they will be password-less, and you won't
have to create them. Sorta like how it works on an NT dorkstation.
2) Install "Services for UNIX" to your nearest Domain Controller, and use
YP/NIS as your authenticator. Same as above.
3) Read up on the 'password synchronization' portions of "Services for UNIX"
or Samba. You will end up with password-synchronized accounts on every box,
but at least it will be automated.
-----Original Message-----
From: clue-tech-admin at clue.denver.co.us
[mailto:clue-tech-admin at clue.denver.co.us]On Behalf Of Mike Staver
Sent: Tuesday, 26 February, 2002 15:05
To: clue-tech at clue.denver.co.us
Subject: Re: [CLUE-Tech] My transition
Yeah, I'm currently mounting my windows partitions like this:
mount -t smbfs -ousername=administrator,uid=nobody -opasswd=""
//gtn/exports /home/exports
Seems to work well, but my problem is setting up user accounts on each
linux box, when I wish I could just be using the active directory user
accounts with root privs for some stuff, rather than creating accounts
on every box. Or, I guess I could have the windoze server running
active directory, and have a seperate linux box running something. So,
in the end, I would only need to add accounts 2 places, rather than 15
or so.
"David L. Willson" wrote:
>
> I am a Windows NT/2000 MCSE, and I'd like to enhance this point.
>
> Native mode does not affect the client, only the Domain Controllers. A
> Windows 2000 domain in "mixed" mode can have Windows NT BDC's, a Windows
> 2000 domain in native mode cannot. Window 2000 Security Templates _can_
> affect the client negatively, but the default template does not do so.
>
> Your Linux box has some chance of using the Active Directory as an
> authenticator using IMAP (which W2K supports natively), YP/NIS (which W2K
> can emulate, after installing "Services for UNIX"), or simply as a
> pass-through authenticator for those servers you access. The third option
I
> have used many times, and it goes something like this: Set your workgroup
> to the NetBIOS name of your domain. Use 'smbmount' with appropriate
options
> to mount any/all network resources you use frequently. 'smbmount' will
pass
> your workgroup, username, and password to the server, which will relay
them
> to a DC for validation. Once you have the mounting statements worked out,
> consider writing yourself a shell-script (batch file) to do the
mounting(s).
> If you have trouble with this, I can help.
>
> -----Original Message-----
> From: clue-tech-admin at clue.denver.co.us
> [mailto:clue-tech-admin at clue.denver.co.us]On Behalf Of Matt Gushee
> Sent: Tuesday, 26 February, 2002 11:22
> To: clue-tech at clue.denver.co.us
> Subject: Re: [CLUE-Tech] My transition
>
> On Tue, Feb 26, 2002 at 12:08:53PM -0600, Michael J. Hammel wrote:
>
> > > 4) Some great howto on getting my new linux box to authenticate
against
> > > a windows active directory box.
> >
> > The problem is that you're tied to some pretty proprietary stuff there.
> It's
> > hard to tell if anyone has made client sides to any of them for Linux.
>
> This reminds me of one important detail: Active Directory has 2 modes --
> I think they're called "native mode" and "mixed mode". Mixed mode is
> designed to work with legacy Windows clients, while native mode is for
> all-Win2k (or Win2k + XP?) networks -- and once you enable it, you can't
> revert to mixed mode without completely reinstalling Active Directory.
> If your network is running in mixed mode, there's a good chance you can
> integrate Linux into it. If not ... grab those rosary beads, or pour your-
> self a stiff drink, whichever you prefer.
> --
> Matt Gushee
> Englewood, Colorado, USA
> mgushee at havenrock.com
> http://www.havenrock.com/
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
--
-Mike Staver
staver at fimble.com
mstaver at globaltaxnetwork.com
http://www.fimble.com/staver
_______________________________________________
CLUE-Tech mailing list
CLUE-Tech at clue.denver.co.us
http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list