Solved

Adding Linux DMZ Linux systems on the Windows 2008 Active Directory Domain

Posted on 2014-11-20
3
274 Views
Last Modified: 2015-01-14
Hello Experts,

I have couple of linux system under the DMZ network and i have a AD domain with Server 2008 Functional level. what i want to achieve is to add linux systems to AD domain to authenticate with AD (Without removing the linux systems from DMZ),

Please help.
0
Comment
Question by:Vikas Shah
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 3

Assisted Solution

by:Barry Molenwijk
Barry Molenwijk earned 166 total points
ID: 40454501
Seems to me like you can solve this by opening the right ports on your firewall(s) and configuring a route (on your network) from your DMZ to your Domain Controller(s) for traffic on those ports.

Here's the list of ports used to communicate with Domain Controllers:
http://support.microsoft.com/kb/179442

Unfortunately I'm not a Linux guru, nor do I know which type and version of distro you use so I can't give you any instructions how to specifically add those to your domain.
0
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 167 total points
ID: 40454854
Can you clarify exactly what you need help with and what distro are you using? Take a look of this reference and it get you started.
0
 
LVL 7

Accepted Solution

by:
Phil Davidson earned 167 total points
ID: 40459024
You can leave the Linux server in the DMZ.  You need to configure windbind and pam.  This document may help you:

https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto

You may also need to configure nss, kinit, and kerberos.  If you leave it in the DMZ and it is supporting a website, you should have an IDS installed.  You may want to harden the Linux server too (implement IP tables, disable services you don't need, have strict password policies, review logs in /var/log/, turn on SELinux ideally disable any GUI desktop etc.).
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In-place Upgrading Dirsync to Azure AD Connect
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question