Adding Linux DMZ Linux systems on the Windows 2008 Active Directory Domain

Vikas Shah
Vikas Shah used Ask the Experts™
on
Hello Experts,

I have couple of linux system under the DMZ network and i have a AD domain with Server 2008 Functional level. what i want to achieve is to add linux systems to AD domain to authenticate with AD (Without removing the linux systems from DMZ),

Please help.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Barry MolenwijkTechnical Support Specialist II
Commented:
Seems to me like you can solve this by opening the right ports on your firewall(s) and configuring a route (on your network) from your DMZ to your Domain Controller(s) for traffic on those ports.

Here's the list of ports used to communicate with Domain Controllers:
http://support.microsoft.com/kb/179442

Unfortunately I'm not a Linux guru, nor do I know which type and version of distro you use so I can't give you any instructions how to specifically add those to your domain.
Can you clarify exactly what you need help with and what distro are you using? Take a look of this reference and it get you started.
You can leave the Linux server in the DMZ.  You need to configure windbind and pam.  This document may help you:

https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto

You may also need to configure nss, kinit, and kerberos.  If you leave it in the DMZ and it is supporting a website, you should have an IDS installed.  You may want to harden the Linux server too (implement IP tables, disable services you don't need, have strict password policies, review logs in /var/log/, turn on SELinux ideally disable any GUI desktop etc.).

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial