Solved

Adding Linux DMZ Linux systems on the Windows 2008 Active Directory Domain

Posted on 2014-11-20
3
265 Views
Last Modified: 2015-01-14
Hello Experts,

I have couple of linux system under the DMZ network and i have a AD domain with Server 2008 Functional level. what i want to achieve is to add linux systems to AD domain to authenticate with AD (Without removing the linux systems from DMZ),

Please help.
0
Comment
Question by:Vikas Shah
3 Comments
 
LVL 3

Assisted Solution

by:Barry Molenwijk
Barry Molenwijk earned 166 total points
ID: 40454501
Seems to me like you can solve this by opening the right ports on your firewall(s) and configuring a route (on your network) from your DMZ to your Domain Controller(s) for traffic on those ports.

Here's the list of ports used to communicate with Domain Controllers:
http://support.microsoft.com/kb/179442

Unfortunately I'm not a Linux guru, nor do I know which type and version of distro you use so I can't give you any instructions how to specifically add those to your domain.
0
 
LVL 21

Assisted Solution

by:Mazdajai
Mazdajai earned 167 total points
ID: 40454854
Can you clarify exactly what you need help with and what distro are you using? Take a look of this reference and it get you started.
0
 
LVL 7

Accepted Solution

by:
Phil Davidson earned 167 total points
ID: 40459024
You can leave the Linux server in the DMZ.  You need to configure windbind and pam.  This document may help you:

https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto

You may also need to configure nss, kinit, and kerberos.  If you leave it in the DMZ and it is supporting a website, you should have an IDS installed.  You may want to harden the Linux server too (implement IP tables, disable services you don't need, have strict password policies, review logs in /var/log/, turn on SELinux ideally disable any GUI desktop etc.).
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article explains the steps required to use the default Photos screensaver to display branding/corporate images
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question