Re: freebsd and MS Active Directory
On Sat, 23 Oct 2004 00:08:37 -0400, Duane Winner <[EMAIL PROTECTED]> wrote: > > > Danny MacMillan wrote: > > On Fri, Oct 22, 2004 at 09:02:46AM -0600, Duane Winner wrote: > > > >>... > >> > >>During a meeting with their IT people a couple of days ago, most issues > >>were agreed upon, however, the director of IT informed me that I will > >>need to make both of these boxes conform to their Active Directory network. > > > > > > The phrase "conform to their Active Directory network" is pretty ambiguous. > > I would be asking for more detail if I were you to find out what they > > really mean. > Well, you pretty much hit the nail on the head here. It was a brief > meeting to flesh out an basic specs and an introduction, rather than > specifics on the implementation. I didn't want to ask too many questions > at that point because I didn't want to sound like an idiot. > > But one thing that is crystalizing for me is that from what I understand > so far from talking to others here and doing research is that as far as > host name resolution and IP address management, not that much has > changed, and there is no reason that they couldn't create static entries > for the two BSD hosts. > > I am beginning to think that they were under the assumption that the web > apps we are giving them would participate in their single sign-on, but > that is not the case, because our web app will be doing it's own user > management and authentication whether they like it or not. :) > > If that is why they brought up AD in the first place, then I think it > will be a moot point, unless there is something else I don't know yet. > Is it possible they are using DHCP for all hosts -- even servers, but > doing static mapping to MAC address? If so, are there instances where AD > hosts must configured as AD leaf objects? (I'm just scraping the back of > my brain memories from my Novell NDS days...cripes -- what's happened > to me? LOL > > At any rate, I have two voice mail messages in to the IT guys I met with > to get more specifics. I really don't have time to screw around with a > Windows 2000 lab right now, and rather I wouldn't if I don't have to. > > > > > > > > > >>I think what he was referring to is DNS and IP assignments, and that I > >>can't just hard code the hostname and IP address as I normally would and > >>expect it to work on their network, since they don't run bind or static > >>DNS services. > > > > > > Microsoft DNS is no thoroughbred, but can be configured to do what just > > about any other DNS server will do. Ditto for DHCP. The only impact > > Active Directory has on DNS, that I know of, is that Active Directory > > stores SRV records in DNS so that clients can bind to it (I don't > > completely understand this, I just see a lot of weird _firstsitename > > stuff in a zone dump from our MS DNS server). As far as I know this > > has no impact on the FreeBSD side. Since they presumably already have > > their DNS server running (otherwise Active Directory wouldn't work) > > you shouldn't have to do anything special on the FreeBSD side. > > > > It seems unlikely to me that that's what they meant. I really would > > ask for more information. Maybe they want their FreeBSD administrators > > to authenticate against AD accounts? > > > > If you do set up a testbed Active Directory, I would advise you to set > > up MS DNS first, as I've had what can most charitably be called > > "problems" when letting Active Directory set up DNS automagically. > > > > > >>... > >> > > > > Hello i have administrated windows 2000 and 2003 active directory networks and have used freebsd in them before. It requires nothing special. Just a static dns record for the server(as any server should have) in the domain dns records and personally I always made sure the ip was in a reserved range in dhcp (just in case). On the dns box I just set the ip address, subnet, dns server, and gateway and (important one here) made sure the server name was in the domain ex: bsdbox01.domain.local where bsdbox01 is the name of the server and domain.local is the active directory domain name. Doing that I have never had a problem accessing a freebsd box in the network either by name or by ip. If I forgot something there forgive me but that should at least give you the general idea. Kevin ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: freebsd and MS Active Directory
On Fri, Oct 22, 2004 at 10:08:37PM -0600, Duane Winner wrote: > > ... > > Is it possible they are using DHCP for all hosts -- even servers, but > doing static mapping to MAC address? If so, are there instances where AD > hosts must configured as AD leaf objects? (I'm just scraping the back of I should point out that I'm no Active Directory guru. We use AD to hold login accounts, groups, computers, &c. Vanilla stuff. If there's some kind of voodoo chocolate or strawberry Active Directory stuff, we don't do it. But from my understanding, the answer to your above question is 'no'. Our FreeBSD server is in exactly the position you describe. It obtains its address via DHCP; it always gets the same reserved address. Our Active Directory is completely ignorant of the existence of the FreeBSD machine. IP addresses are provided by DHCP, not AD, and names are provided by DNS, not AD. AD registers names in DNS but it doesn't control DNS (i.e. it won't destroy what you put there yourself). Note that our DNS is not backed by LDAP, as I've heard is possible. In that case AD might take a more pivotal role. I'd be interested to know, once this is all over, if that's what they have going on. > > ... > -- Danny ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: freebsd and MS Active Directory
Danny MacMillan wrote: On Fri, Oct 22, 2004 at 09:02:46AM -0600, Duane Winner wrote: ... During a meeting with their IT people a couple of days ago, most issues were agreed upon, however, the director of IT informed me that I will need to make both of these boxes conform to their Active Directory network. The phrase "conform to their Active Directory network" is pretty ambiguous. I would be asking for more detail if I were you to find out what they really mean. Well, you pretty much hit the nail on the head here. It was a brief meeting to flesh out an basic specs and an introduction, rather than specifics on the implementation. I didn't want to ask too many questions at that point because I didn't want to sound like an idiot. But one thing that is crystalizing for me is that from what I understand so far from talking to others here and doing research is that as far as host name resolution and IP address management, not that much has changed, and there is no reason that they couldn't create static entries for the two BSD hosts. I am beginning to think that they were under the assumption that the web apps we are giving them would participate in their single sign-on, but that is not the case, because our web app will be doing it's own user management and authentication whether they like it or not. :) If that is why they brought up AD in the first place, then I think it will be a moot point, unless there is something else I don't know yet. Is it possible they are using DHCP for all hosts -- even servers, but doing static mapping to MAC address? If so, are there instances where AD hosts must configured as AD leaf objects? (I'm just scraping the back of my brain memories from my Novell NDS days...cripes -- what's happened to me? LOL At any rate, I have two voice mail messages in to the IT guys I met with to get more specifics. I really don't have time to screw around with a Windows 2000 lab right now, and rather I wouldn't if I don't have to. I think what he was referring to is DNS and IP assignments, and that I can't just hard code the hostname and IP address as I normally would and expect it to work on their network, since they don't run bind or static DNS services. Microsoft DNS is no thoroughbred, but can be configured to do what just about any other DNS server will do. Ditto for DHCP. The only impact Active Directory has on DNS, that I know of, is that Active Directory stores SRV records in DNS so that clients can bind to it (I don't completely understand this, I just see a lot of weird _firstsitename stuff in a zone dump from our MS DNS server). As far as I know this has no impact on the FreeBSD side. Since they presumably already have their DNS server running (otherwise Active Directory wouldn't work) you shouldn't have to do anything special on the FreeBSD side. It seems unlikely to me that that's what they meant. I really would ask for more information. Maybe they want their FreeBSD administrators to authenticate against AD accounts? If you do set up a testbed Active Directory, I would advise you to set up MS DNS first, as I've had what can most charitably be called "problems" when letting Active Directory set up DNS automagically. ... ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: freebsd and MS Active Directory
On Fri, Oct 22, 2004 at 03:40:44PM -0400, Danny wrote: > AD is a massive beast. Where do you want to go with it? Just set it up > for fun, or? For fun? I don't think so. Heh. > What type of integration? Authentication? DNS? Need specifics... 2 things. One is Exim AD ldap lookups to the Exchange server to verify recipient for my FreeBSD email gateway. Having no luck getting that to work. I can do an ldapsearch and extract the emails from that. The second thing I will need to do by the end of the year is have employees login to the Intranet on my FreeBSD box using the AD credentials. So I will have to use auth_ldap on my Apache server so Apache can do an AD lookup. That will be tough. Andy ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: freebsd and MS Active Directory
On Fri, 22 Oct 2004 11:31:33 -0800, Andy Firman <[EMAIL PROTECTED]> wrote: > I am in a similar situation and I have very little experience with AD. > Just yesterday I setup a test bed Win2K/Exchange2K with AD. Start here... http://www.microsoft.com/technet/community/events/ad/tnt1-98.mspx (Note: You will need to view this from a Microsoft Windows PC with Windows Media (one of the newer versions - 9.x) player installed http://www.2000trainers.com/section.aspx?sectionID=8 ...D ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: freebsd and MS Active Directory
On Fri, 22 Oct 2004 11:31:33 -0800, Andy Firman <[EMAIL PROTECTED]> wrote: > On Fri, Oct 22, 2004 at 01:04:11PM -0600, Danny MacMillan wrote: > > > > It seems unlikely to me that that's what they meant. I really would > > ask for more information. Maybe they want their FreeBSD administrators > > to authenticate against AD accounts? > > > > If you do set up a testbed Active Directory, I would advise you to set > > up MS DNS first, as I've had what can most charitably be called > > "problems" when letting Active Directory set up DNS automagically. > > I am in a similar situation and I have very little experience with AD. AD is a massive beast. Where do you want to go with it? Just set it up for fun, or? > Just yesterday I setup a test bed Win2K/Exchange2K with AD. > It is so hard to get around in Windows as I am used to command line. Ugh. You can do more with the Windows 2000 (and newer) command line and VBscript, then you can throughout the GUI. > Are there any good howto's out there for us FreeBSD folk that need > to integrate into Windows AD? What type of integration? Authentication? DNS? Need specifics... ...D ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: freebsd and MS Active Directory
On Fri, Oct 22, 2004 at 01:04:11PM -0600, Danny MacMillan wrote: > > It seems unlikely to me that that's what they meant. I really would > ask for more information. Maybe they want their FreeBSD administrators > to authenticate against AD accounts? > > If you do set up a testbed Active Directory, I would advise you to set > up MS DNS first, as I've had what can most charitably be called > "problems" when letting Active Directory set up DNS automagically. I am in a similar situation and I have very little experience with AD. Just yesterday I setup a test bed Win2K/Exchange2K with AD. It is so hard to get around in Windows as I am used to command line. Ugh. Are there any good howto's out there for us FreeBSD folk that need to integrate into Windows AD? I have googled and am learning the ldap client tools like ldapsearch and also am going to install auth_ldap on my Apache servers. But I would like a good overview coming from a FreeBSD/Unix perspective?? Thanks, Andy ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: freebsd and MS Active Directory
On Fri, Oct 22, 2004 at 09:02:46AM -0600, Duane Winner wrote: > > ... > > During a meeting with their IT people a couple of days ago, most issues > were agreed upon, however, the director of IT informed me that I will > need to make both of these boxes conform to their Active Directory network. The phrase "conform to their Active Directory network" is pretty ambiguous. I would be asking for more detail if I were you to find out what they really mean. > I think what he was referring to is DNS and IP assignments, and that I > can't just hard code the hostname and IP address as I normally would and > expect it to work on their network, since they don't run bind or static > DNS services. Microsoft DNS is no thoroughbred, but can be configured to do what just about any other DNS server will do. Ditto for DHCP. The only impact Active Directory has on DNS, that I know of, is that Active Directory stores SRV records in DNS so that clients can bind to it (I don't completely understand this, I just see a lot of weird _firstsitename stuff in a zone dump from our MS DNS server). As far as I know this has no impact on the FreeBSD side. Since they presumably already have their DNS server running (otherwise Active Directory wouldn't work) you shouldn't have to do anything special on the FreeBSD side. It seems unlikely to me that that's what they meant. I really would ask for more information. Maybe they want their FreeBSD administrators to authenticate against AD accounts? If you do set up a testbed Active Directory, I would advise you to set up MS DNS first, as I've had what can most charitably be called "problems" when letting Active Directory set up DNS automagically. > > ... > -- Danny ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: freebsd and MS Active Directory
On Fri, 22 Oct 2004 11:02:46 -0400, Duane Winner <[EMAIL PROTECTED]> wrote: > Hello, > > Does anybody out there have experience with FreeBSD in a Microsoft > Active Directory environment? I do, but they remain separate entities except for the fact that I manually created the DNS host/address records for my FreeBSD servers in the Windows 2000/Active Directory DNS server, so that the Windows clients can access the services provided by the FreeBSD box by hostname. > I am going to be delivering two servers to a client, both running > FreeBSD 5.2.1 with Apache as the front-end web server, and postgresql on > the backend database server. So are all Windows boxes suppose to have access to this FreeBSD server? If so, simply setup a static IP for each FreeBSD server. Then have the Active Directory DNS admin manually add the host records for the FreeBSD servers. > During a meeting with their IT people a couple of days ago, most issues > were agreed upon, however, the director of IT informed me that I will > need to make both of these boxes conform to their Active Directory network. Besides serving up HTTP requests, what other traffic do they want coming to or from the FreeBSD servers? ...D ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
freebsd and MS Active Directory
Hello, Does anybody out there have experience with FreeBSD in a Microsoft Active Directory environment? I am going to be delivering two servers to a client, both running FreeBSD 5.2.1 with Apache as the front-end web server, and postgresql on the backend database server. During a meeting with their IT people a couple of days ago, most issues were agreed upon, however, the director of IT informed me that I will need to make both of these boxes conform to their Active Directory network. I think what he was referring to is DNS and IP assignments, and that I can't just hard code the hostname and IP address as I normally would and expect it to work on their network, since they don't run bind or static DNS services. Has anybody had to deal with this and be able to point me in the right direction so that I can test this out before delivery? I do have an MSDN subscription (which I never use), but could try to set up a basic Active Directory I suppose in my lab. I am a lapsed MCSE, but that was during NT 4.0, and stopped really using Microsoft as servers around year 2000, so I'm really behind the 8ball. Thanks for any info. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
