[opensuse] Re: [Bulk] Re: [slightly OT:] DHCP and Windows (yuck...)
Anton Aylward wrote:
Joachim Schrod said the following on 12/13/2010 02:12 PM:
Anton Aylward wrote:
What is it that they require from the Windows DHCP server that can't be supplied by the Linux DHCP server?
Most probably, integration with AD.
DNS is a prerequisite for Active Directory.Active Directory cannot be installed or configured without DNS. It really doesn't matter WHERE the DNS comes from.
??????? DNS != DHCP Nevertheless, it is also possible to run an AD infrastructure with a foreign DHCP server. It will just be *much* more work without any gain for the Windows side. That's why I wrote their reason is *integration* with AD, not AD itself.
Back when I worked alongside a Windows group they had a lot of the back end AD services implemented on *NIX machines for various reasons.
I take then, it that you have yourself never designed, realized, implemented, tested or run an AD infrastructure yourself? I have -- and AD is a highly interesting piece of infrastructure software where I haven't yet found its equal in the open source Linux world. (Group policies, integration of various directory related services, and ease of delegation are killer features, alone.) Yes, it's _possible_ to do as you wrote, but with a very high probability it's not _sensible_. Joachim -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Joachim Schrod Email: jschrod@acm.org Roedermark, Germany -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 2010-12-14 at 11:36 +0100, Joachim Schrod wrote:
Anton Aylward wrote:
Joachim Schrod said the following on 12/13/2010 02:12 PM:
Anton Aylward wrote:
What is it that they require from the Windows DHCP server that can't be supplied by the Linux DHCP server? Most probably, integration with AD. DNS is a prerequisite for Active Directory.Active Directory cannot be installed or configured without DNS. It really doesn't matter WHERE the DNS comes from. ??????? DNS != DHCP Nevertheless, it is also possible to run an AD infrastructure with a foreign DHCP server. It will just be *much* more work without any gain for the Windows side. That's why I wrote their reason is *integration* with AD, not AD itself. Back when I worked alongside a Windows group they had a lot of the back end AD services implemented on *NIX machines for various reasons.
I have implemented AD, and don't see DHCP as a critical component; AD seemed pretty happy with any DHCP [provided of course that was correctly configured].
I take then, it that you have yourself never designed, realized, implemented, tested or run an AD infrastructure yourself? I have -- and AD is a highly interesting piece of infrastructure software where I haven't yet found its equal in the open source Linux world. (Group policies, integration of various directory related services, and ease of delegation are killer features, alone.) Yes, it's _possible_ to do as you wrote, but with a very high probability it's not _sensible_.
Aside from Samba4 [which implements the AD protocols] I believe it is
*not* possible. AD is a very integrated stack. Even with Samba4 you
need appropriate versions of Bind (DNS) [>9.7.2] and NTP [>4.2.5
w/--enable-ntp-signd] that will integrate well. It is nearly impossible
to run such a stack on current versions of CentOS.
Once configured Samba4 works surprisingly well - including GPOs, etc...
managed from Windows MMC.
--
Adam Tauno Williams
Joachim Schrod said the following on 12/14/2010 05:36 AM:
Anton Aylward wrote:
Joachim Schrod said the following on 12/13/2010 02:12 PM:
Anton Aylward wrote:
What is it that they require from the Windows DHCP server that can't be supplied by the Linux DHCP server?
Most probably, integration with AD.
DNS is a prerequisite for Active Directory.Active Directory cannot be installed or configured without DNS. It really doesn't matter WHERE the DNS comes from.
??????? DNS != DHCP
Read the whole article. It offers many 'scenarios' with varying components implemented between Linux and Windows.
Nevertheless, it is also possible to run an AD infrastructure with a foreign DHCP server. It will just be *much* more work without any gain for the Windows side. That's why I wrote their reason is *integration* with AD, not AD itself.
AD doesn't seem to care *where* the LDAP server is implemented. My other posts & references addressed that.
Back when I worked alongside a Windows group they had a lot of the back end AD services implemented on *NIX machines for various reasons.
I take then, it that you have yourself never designed, realized, implemented, tested or run an AD infrastructure yourself?
Only for less than a dozen seats. The site/employer I referenced had in excess of 5,000 seats. I had to carry out a variety of security tests that centred around the authentication systems. All AD, all authentication, all the DNS and DHCP and files services and access control was handled by HP/UX machines not by Windows servers. Gateways to services that were or that looked like databases on AIX, SUN. Windows accounts were still managed via the Microsoft GUIs, but as I said, they didn't care WHERE the LDAP was implemented. This was a VERY heterogeneous environment, not just Windows and BigIron UNIX, but just about every database vendor and a lot of legacy mainframes from a variety of vendors and a lot of specialized device control hardware. -- "I mean, if 10 years from now, when you are doing something quick and dirty, you suddenly visualize that I am looking over your shoulders and say to yourself, 'Dijkstra would not have liked this,' well that would be enough immortality for me." -- E.W. Dijkstra -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Adam Tauno Williams
-
Anton Aylward
-
Joachim Schrod