freebsd and MS Active Directory

Genius Freak geniusfreak at gmail.com
Sat Oct 23 01:45:12 PDT 2004 

On Sat, 23 Oct 2004 00:08:37 -0400, Duane Winner <dwinner-lists at att.net> wrote:
> 
> 
> Danny MacMillan wrote:
> > On Fri, Oct 22, 2004 at 09:02:46AM -0600, Duane Winner wrote:
> >
> >>...
> >>
> >>During a meeting with their IT people a couple of days ago, most issues
> >>were agreed upon, however, the director of IT informed me that I will
> >>need to make both of these boxes conform to their Active Directory network.
> >
> >
> > The phrase "conform to their Active Directory network" is pretty ambiguous.
> > I would be asking for more detail if I were you to find out what they
> > really mean.
> Well, you pretty much hit the nail on the head here. It was a brief
> meeting to flesh out an basic specs and an introduction, rather than
> specifics on the implementation. I didn't want to ask too many questions
>   at that point because I didn't want to sound like an idiot.
> 
> But one thing that is crystalizing for me is that from what I understand
> so far from talking to others here and doing research is that as far as
> host name resolution and IP address management, not that much has
> changed, and there is no reason that they couldn't create static entries
> for the two BSD hosts.
> 
> I am beginning to think that they were under the assumption that the web
> apps we are giving them would participate in their single sign-on, but
> that is not the case, because our web app will be doing it's own user
> management and authentication whether they like it or not. :)
> 
> If that is why they brought up AD in the first place, then I think it
> will be a moot point, unless there is something else I don't know yet.
> Is it possible they are using DHCP for all hosts -- even servers, but
> doing static mapping to MAC address? If so, are there instances where AD
> hosts must configured as AD leaf objects? (I'm just scraping the back of
>   my brain memories from my Novell NDS days...cripes -- what's happened
> to me? LOL....
> 
> At any rate, I have two voice mail messages in to the IT guys I met with
> to get more specifics. I really don't have time to screw around with a
> Windows 2000 lab right now, and rather I wouldn't if I don't have to.
> 
> 
> 
> 
> >
> >
> >>I think what he was referring to is DNS and IP assignments, and that I
> >>can't just hard code the hostname and IP address as I normally would and
> >>expect it to work on their network, since they don't run bind or static
> >>DNS services.
> >
> >
> > Microsoft DNS is no thoroughbred, but can be configured to do what just
> > about any other DNS server will do.  Ditto for DHCP.  The only impact
> > Active Directory has on DNS, that I know of, is that Active Directory
> > stores SRV records in DNS so that clients can bind to it (I don't
> > completely understand this, I just see a lot of weird _firstsitename
> > stuff in a zone dump from our MS DNS server).  As far as I know this
> > has no impact on the FreeBSD side.  Since they presumably already have
> > their DNS server running (otherwise Active Directory wouldn't work)
> > you shouldn't have to do anything special on the FreeBSD side.
> >
> > It seems unlikely to me that that's what they meant.  I really would
> > ask for more information.  Maybe they want their FreeBSD administrators
> > to authenticate against AD accounts?
> >
> > If you do set up a testbed Active Directory, I would advise you to set
> > up MS DNS first, as I've had what can most charitably be called
> > "problems" when letting Active Directory set up DNS automagically.
> >
> >
> >>...
> >>
> >
> >
Hello i have administrated windows 2000 and 2003 active directory
networks and have used freebsd in them before.

It requires nothing special. 

Just a static dns record for the server(as any server should have) in
the domain dns records and personally I always made sure the ip was in
a reserved range in dhcp (just in case).

On the dns box I just set the ip address, subnet, dns server, and
gateway and (important one here) made sure the server name was in the
domain ex: bsdbox01.domain.local where bsdbox01 is the name of the
server and domain.local is the active directory domain name.

Doing that I have never had a problem accessing a freebsd box in the
network either by name or by ip.

If I forgot something there forgive me but that should at least give
you the general idea.

Kevin

More information about the freebsd-questions mailing list