LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 01-13-2010, 01:21 PM   #1
folkrm
LQ Newbie
 
Registered: Mar 2009
Posts: 3

Rep: Reputation: 0
Multiple RHEL 5 Servers running Bind - joining Windows AD and DNS


All;
I am a realitive newcommer to Linux Networking, and I hope I am posting in the proper forum here.

I have 6 RHEL 5 Servers, 1 5.2 32-bit Master Login Server, which services the other 5 RHEL 5.3 64-bit App Servers, for Login and Authentication. I am wanting to intigrate these with my Windows AD. I use Windows Server 2003 R2 Standard.

Background:
I currently have the RHEL servers setup to have the 32-bit (5.2) server as the NIS Master, serving NIS out to the remaining 64-bit(5.3) servers.

I also have a Windows Server 2003 R2 Domain Controller serviceing my Windows AD. I would like to be able to inigrate them to be able to use Password Sync and Single Sign-on. I am not real worried about having Kerberos or LDAP running, because the systems are NOT physically connected to any external source. (The network is completely self-contained) I am just wanting to be able to use Password-Sync and DNS between the different networks.

My questions are as follows:

1) Would it be better/easier to make the Windows Server the NIS Master or the RHEL 5.2 Server?
2) If I make the Windows Server the NIS Master, how would that effect the remaing servers who get their NIS info from the Redhat Master?
3) If I keep the RHEL Master as NIS Master, how would I intigrate that with AD and have both shared Passwords and DNS?

Thanks in advance.
 
Old 01-13-2010, 04:02 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966Reputation: 1966
Unrelated to networking, moved to Linux - Server.

1) What Windows NIS server would that be?? NIS on windows? No thanks.
2) ... 3) ...

Get rid of NIS, that's the way to go. Whether you have security motivations or not, you're kidding yourself if you think persisting with NIS is a good thing.

You can NOT do single sign on with archaic systems like NIS. Single Sign On = Kerberos. That's becuase Kerberos issues a ticket guarenteeing your identity and that ticket can basically be securely used to log you in to subsequent servers, forwarding the ticket as you go. There is no concept anything like this with NIS, which just individually provides passwords for local verification from a central server. Additionally SSO between Windows and Linux doesn't generally happen at all.

Knowing as little as I do about your envionment IF you want the same accounts to work on AD and Linux, go and install the MS Services For Unix AD schema extensions and that will provide a semi-posix compliant LDAP server for your Linux boxes to authenticate. No need to sync anything if this is only for 6 servers.

Last edited by acid_kewpie; 01-13-2010 at 04:10 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
BIND DNS name servers 5pike Linux - Networking 1 06-29-2009 04:46 PM
DNS Questions Multiple DNS Servers with single domain linuxcrazyguy Linux - Networking 1 01-27-2009 12:21 PM
configuring dns server(bind-9) on RHEL 5 sarojkumar Linux - Enterprise 1 01-10-2008 09:21 PM
BIND doesn't resolve hostnames information for which is stored on other DNS servers GD_19 Linux - Networking 5 01-03-2006 08:31 PM
Running multiple x servers in RHEL 4.0 exitsfunnel Linux - General 2 05-12-2005 11:56 AM


All times are GMT -5. The time now is 11:48 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration