Windows Active Directory
 

Here is my layout. I have a HQ at one site call it site A. I have a remote branch office call it site B. Site A and Site B are connected over a FW to FW VPN.

Site A:
Windows 2000 Active Directory network. All windows clients

Site B:
Linux file server using Samba and FC4. All windows clients.
Users log into their machines (all machines are in a workgroup and not members of the domain) and only need a server for file sharing so I didn't see any reason to pay for Windows server there. They rarely needed to get into the HQ.

I know there is a way to connect Linux servers with Windows AD servers, but is there a way to then authenticate the client PCs in Site B so that they will be able to pass their user credentials to the AD network to authenticate properly with things like Exchange and other network resources?

Use the search, Luke...


http://www.linuxquestions.org/questions/t363721.html
Also came up as the top-hit in
http://www.google.co.nz/linux?hl=en&...G=Search&meta=

The second down also looked very promising:
http://www.windowsnetworking.com/art...Directory.html



Cheers,
Tink

Tink,

Thanks for the reply. I posted this question in the noob section because I am not sure I know what it is I am trying to do.... Those links are great places to start.

I guess my question is once I get my fedora core 4 server authenticated and joined to AD does winbind pass the login requests from the clients upstream to the DC?

I don't think that it would - but if there's a VPN why
don't you just authenticate against the real thing in
the first place? FC as such doesn't have means to run
AD out of the box.

Read this one for more info:
http://www.pcquest.com/content/linux/2005/105010303.asp


Cheers,
Tink

For some odd reason setting up Exchange on the Outlook 2003 clients doesnt "see" the domain controller thru the VPN. I have ANY to SERVER on ALL ports using a 3DES VPN... so you would think that going thru the Outlook config and plugging in the IP of the exchange server since the clients have no way of resolving mydomain.local would work and authenticate the user (aside from setting up a local hosts file - which I have done in some cases). But it doesn't. I was hoping that creating some kind of global catalog server in the local workgroup would fix this problem. I am going crazy and am grasping at straws now. And since LINUX is my savior in some other cases I figured its magic may help me out here. :confused:

FYI I get IMAP configured find on the clients in the office. I guess I need to start to think of something else.

Windows DNS makes use of resource records that the clients use to locate things like domain controllers. why not just enter your windows DNS server IP into the config of the workstations ? then when they need to find a machine, service, authenticate , they can do a DNS lookup to find out where they need to go.

If you are running a Windows 2000 or 2003 server with Active directory you have DNS running on the domin controller it is required.

I think I acutally fixed the problem I had... and it was the last place I looked of course. I rearranged my FW rules to place the VPN rule at the top and things are working much better.

The reason I don't point my client pcs at the AD DNS Server is because they are laptops that require DHCP. I just put in a custom HOSTS file.

DHCP can hand out the Address of the DNS server... Let it do the work for you.