Authenticating users against AD *without* joining the domain?
Rudolph, Frank
rudolph at beaconpower.com
Wed Feb 13 12:02:55 EST 2013
Sorry, you are correct. Not being a Windows expert, I tend to oversimplify.
I keep referring to our Windows Server as an Exchange server. I realize that is incorrect.
We are an engineering house with negligible IT support and I touch Windows only when I have to.
Let me clarify... We have a Windows Server 2008 or 2010, not sure which)
On that server, we have all our umbrella of security running for the entire domain, firewalls included.
On that server we have an Exchange server running to support email.
We also have Active Directory running there and the entire enterprise uses that as our in-house support.
Our IT manage is quite knowledgeable about Windows ONLY and knows nothing about Linux.
I on the other hand try to stay entirely in the Linux world and use Windows only as a way to edit documents send email, etc.
What I discovered is that, since we have limited support for the interface between Windows and Linux and no time at all to figure out why, I learned from another Linux user back in 2005 that if I just used the stripped down smb.conf file, all the issues I was having with Windows constantly barfing every time I tried to do anything that involved talking to Linux, my problems would go away. So I did that and the problem immediately ceased to be a problem.
We have a software staff of 1, an IT staff of 1 and we use a few contractors to help out. For us this has been a completely sufficient, cheap, easy, long-term solution for an undermanned staff and I just passed it on.
But thanks for your corrections.
- Frank
-----Original Message-----
From: gnhlug-discuss-bounces at mail.gnhlug.org [mailto:gnhlug-discuss-bounces at mail.gnhlug.org] On Behalf Of Ben Scott
Sent: Wednesday, February 13, 2013 11:53 AM
To: Greater NH Linux User Group
Subject: Re: Authenticating users against AD *without* joining the domain?
On Wed, Feb 13, 2013 at 11:03 AM, Rudolph, Frank <rudolph at beaconpower.com> wrote:
> We have all our Linux boxes (we have about 50 of them connected
> together under the umbrella of a MS Exchange Server)
Uh... just FYI, Exchange has nothing to do with SMB/CIFS/NetBIOS/etc. That might be your problem right there. :-)
> We rely on the firewall of the Exchange Server ...
Nor is Exchange a firewall. Exchange is a mail server. :-)
> Here was the most important piece: We DO NOT REFER TO THE LINUX
> SERVERS BY THEIR NETWORK NAMES.
You have no name resolution configured in the provided Samba config file; I suspect that's part of your problem. The defaults use broadcasts, which are unreliable at best, and often don't work at all.
If you're in a good-sized Microsoft shop, and there is a need or desire to support NetBIOS (very common), the Windows admins very likely using WINS (NBNS), and you're going to need to configure that.
The Windows people may also have disabled broadcast name resolution entirely.
Alternatively, the Windows admins may have gone entirely to using DNS names, and you're going to need to configure Samba to know that.
-- Ben
_______________________________________________
gnhlug-discuss mailing list
gnhlug-discuss at mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
More information about the gnhlug-discuss
mailing list