Date: Sun, 7 Oct 2001 00:20:37 +0200 From: Alson van der Meulen <alm@flutnet.org> To: freebsd-stable@freebsd.org Subject: Re: FreeBSD and Active Directory Message-ID: <20011007002037.A11707@md2.mediadesign.nl> In-Reply-To: <200110062149.f96LnFj26783@csa.bu.edu> References: <200110062149.f96LnFj26783@csa.bu.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Oct 06, 2001 at 05:49:15PM -0400, Evan Sarmiento wrote: > Hello, > > My high school recently hired a new technology coordinator. Instead > of using open source software, the coordinator redesigned the network > to support Windows 2000 and Active Directory. For those of you who > do not know what Active Directory is: Active Directory is an LDAP > server which delineates what privledges each host on the network > has, etc. > > I asked him his policy on laptops. After a long conversation, he > said: "I do not allow any laptops running *NIX to be placed > on the network, as I believe it will interfere with > Active Directory." > > I tried to explain to him how false his assumption was, but, > he would not recant his infamy. I can understand, in a way -- > He wants to make sure that the network is running for > students to use. > > How would I go about convincing this enthusiast that FreeBSD > will not somehow interfere with Active Directory? This is what > I have tried so far. > > Fact: FreeBSD does not have any capability which would allow it to interact > with Active Directory > Response: I don't want to risk it > > Fact: Active Directory does not try to auto-configure clients, unless > the client has the Active Driectory server name specified. > Response: I don't want to risk it > > Can anyone help? How about creating a seperate ethernet segment and IP subnet for `untrusted hosts'. On the win2k servers, you can simply drop all traffic from that subnet. This way it's quite impossible to interfere with the Active Directory even if you'd want to. As long as the *NIX box is not added as a member of the domain, it should not be able to interfere with the Active Directory, since the server should deny access to hosts not a member of the domain. If he doesn't trust this security meganism, he probably doesn't trust the Active Directory itself, and shouldn't use it at all. Maybe you could give hime some microsoft documents promoting the security of the AD, stating that it's not possible to change it without having administrator permissions on the domain. Alson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011007002037.A11707>