• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 320
  • Last Modified:

Adding Linux DMZ Linux systems on the Windows 2008 Active Directory Domain

Hello Experts,

I have couple of linux system under the DMZ network and i have a AD domain with Server 2008 Functional level. what i want to achieve is to add linux systems to AD domain to authenticate with AD (Without removing the linux systems from DMZ),

Please help.
0
Vikas Shah
Asked:
Vikas Shah
3 Solutions
 
Barry MolenwijkTechnical Support Specialist IICommented:
Seems to me like you can solve this by opening the right ports on your firewall(s) and configuring a route (on your network) from your DMZ to your Domain Controller(s) for traffic on those ports.

Here's the list of ports used to communicate with Domain Controllers:
http://support.microsoft.com/kb/179442

Unfortunately I'm not a Linux guru, nor do I know which type and version of distro you use so I can't give you any instructions how to specifically add those to your domain.
0
 
MazdajaiCommented:
Can you clarify exactly what you need help with and what distro are you using? Take a look of this reference and it get you started.
0
 
Phil DavidsonCommented:
You can leave the Linux server in the DMZ.  You need to configure windbind and pam.  This document may help you:

https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto

You may also need to configure nss, kinit, and kerberos.  If you leave it in the DMZ and it is supporting a website, you should have an IDS installed.  You may want to harden the Linux server too (implement IP tables, disable services you don't need, have strict password policies, review logs in /var/log/, turn on SELinux ideally disable any GUI desktop etc.).
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now