[ale] Ximian Connector and Active Directory

Jonathan Rickman jdr at xcorps.net
Thu Oct 28 10:59:59 EDT 2004


 

> -----Original Message-----
> From: ale-bounces at ale.org [mailto:ale-bounces at ale.org] On 
> Behalf Of John Wells
> Sent: Thursday, October 28, 2004 9:10 AM
> To: Atlanta Linux Enthusiasts
> Cc: 'Atlanta Linux Enthusiasts'
> Subject: RE: [ale] Ximian Connector and Active Directory
> 
> > fine. Sorry I couldn't be more help.
> 
> Jonathan,
> 
> Thanks for sticking with this.  My windows admin is 
> definitely willing to help...he's just unsure what setting to 
> check to see if Mac and OSX clients can authenticate.
> 
> Do you recall specifically what settings you have to tweak?


Out of the box, assuming a default domain AND Exchange setup, there is one
setting that can toss a wrench into the works.

Under domain controller security policy there is an option to force digital
sigs on all communications. It is not enabled specifically, but 2003 has
this on by default. The option "Microsoft Network Server: Digitally sign
communications(always)" should be disabled, and the option "Microsoft
Network Server: Digitally sign communications(if client agrees)" should be
enabled. This will enable signing from Windows XP and 2000 clients while
permitting the Macs and other *nix clients to bypass the requirement and
join the domain. This in turn should enable your client to query AD just
like a windows client, assuming you set up the Samba/Winbind/LDAP/PAM stuff
properly(which is a topic for another thread). Your sysadmin should be aware
that this constitutes a minor security risk. But if you have complete
control over the LAN and there's little chance of unauthorized clients
connecting physically to the network then it's not really that big of a
deal. If that doesn't work, then there are deeper issues that will be tough
to resolve via email.

--
Jonathan



More information about the Ale mailing list