Overview : Community : Archive : Tools : Showcase

Archives


- Beowulf
- Beowulf Announce
- Scyld-users
- Beowulf on Debian

[Beowulf] Re: Active directory with Linux

Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.

Search

Dave Love d.love at liverpool.ac.uk
Tue Nov 11 06:26:51 PST 2008 

Chris Samuel <csamuel at vpac.org> writes:

> Well we were told that AD doesn't permit anonymous access.

<URL:http://www.novell.com/coolsolutions/appnote/15120.html>, for
example, has instructions for 2000 and 2003 servers.

> Bear in mind we're Linux geeks here, not Windows geeks.. ;-)

I hope you don't think I'm a Windows geek!  Just passing on what I know
from having had to tangle with AD admin previously and having to get
things working here eventually post-eDirectory; I guess plenty of us are
in similar boats with this.

>> or the `machine' account.  The latter is what you get from
>> `joining the domain' (e.g. with Samba)
>
> Whilst I couldn't be certain I suspect their security
> policy would have classed that as just being an implementation
> of the former, and it too would have been locked out after
> N failed attempts and hence locked out all users.

It would be the same on Windows boxes, surely, allowing a DoS attack.

> We got the impression that AD didn't permit them to
> make an exception to this policy either.. :-(

I think you can control the lockout policy with fairly fine granularity,
and I think it's actually off by default, but don't have a system to
check.  I guess it's documented OTW somewhere.

-- 
IBM^WMicrosoft is not a necessary evil; IBM^WMicrosoft is not
necessary.  -- Ted Nelson updated

More information about the Beowulf mailing list

Home | Overview | Community | Archive | Tools | Showcase

Copyright © 2004 Beowulf.org. All Rights Reserved.