Linux Windows Integration Can’t we all just get along?

Slides:



Advertisements
Similar presentations
© 2004 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Installation & management of SUSE.
Advertisements

Windows 2000 Security --Kerberos COSC513 Project Sihua Xu June 13, 2014.
Active Directory and NT Kerberos Rooster JD Glaser.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
Identity and Security Management Kevin Unthank Senior Product Manager Red Hat Security Management Products Cloud Business Unit.
Chapter 9 Deploying IIS and Active Directory Certificate Services
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.
Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
Windows Server WHAT IS ACTIVE DIRECTORY? FUNDAMENTALS OF THE ACTIVE DIRECTORY – Benefits of Using the Active Directory in an Enterprise Environment.
Chapter 16 AAA. AAA Components  AAA server –Authenticates users accessing a device or network –Authorizes user to perform specific activities –Performs.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Windows 2000 Remote Access. Remote Access Overview With Windows 2000 remote access, remote access clients connect to remote access servers and are transparently.
Linux Security.
Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Microsoft Exchange Exchange is more than just Electronic Mail The server that embraces Internet standards and extends rich messaging and collaboration.
1 CSIT 320. Just as the combination of a database and a database management system collects and organizes information about an institution/company/… as.
Securing Access in a Heterogeneous Network Environment Providing Interoperability between Microsoft Windows 2000 and Heterogeneous Networks Securing Authentication.
Understanding Active Directory
Installing Samba Vicki Insixiengmay Jonathan Krieger.
© 2005 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice Advanced Samba Administration Part.
Linux System Administration LINUX SYSTEM ADMINISTRATION.
Authentication June 24/2003. Overview Terminology Local Passwords Early Password Services Kerberos Basics Tickets Ticket Acquisition Kerberos Authentication.
(ITI310) SESSIONS : Active Directory By Eng. BASSEM ALSAID.
Square Pegs in Round Holes: Linux in a Windows World Eric G. Wolfe © 2008 Senior Linux Administrator Marshall University Slides, and code available at.
Configuring CIFS Upon completion of this module, you should be able to: Configure the Data Mover for a Windows environment Create and Join a CIFS Server.
BASIC NETWORK CONCEPTS (PART 6). Network Operating Systems NNow that you have a general idea of the network topologies, cable types, and network architectures,
Network LANscape Servers & Equipment Found In a Typical Local Area Network (LAN) By George Squillace New Horizons of MichiganGeorge Squillace MCT, MCSE,
User Management in LHCb Gary Moine, CERN 29/08/
Chapter 4 Windows NT/2000 Overview. NT Concepts  Domains –A group of one or more NT machines that share an authentication database (SAM) –Single sign-on.
Windows interoperability with Unix/Linux. Introduction to Active Directory Integration for Unix and Linux Systems Unix/Linux interoperability components.
Windows This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added material. Dr. Stephen.
Lecture – Single Login NIS and Winbind. NIS Network Information Service (NIS) is the traditional directory service on UNIX platforms Still widely used.
Name Resolution Domain Name System.
ID Management in University ID Management in University Kenzi Watanabe Saga University, Japan
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Authenticating Users Chapter 6. Learning Objectives Understand why authentication is a critical aspect of network security Describe why firewalls authenticate.
SATAN Presented By Rick Rossano 4/10/00. OUTLINE What is SATAN? Why build it? How it works Capabilities Why use it? Dangers of SATAN Legalities Future.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Unix System Administration Chapter 6 Adding New Users.
Single Sign-on with Kerberos 1 Chris Eberle Ryan Thomas RC Johnson Kim-Lan Tran CS-591 Fall 2008.
Configuring Linux Radius Server Objectives –This chapter will show you how to install and use Radius Contents –An Overview Of How Radius Works –Configruation.
NIS overview Centralized user/password pool Before LDAP. NIS: ypcat passwd reveals shadow password to “John the dictionary cracker”. NIS OK in a trusted.
1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.
1 Windows 2008 Configuring Server Roles and Services.
NETWORK OPERATING SYSTEM INTEROPERABILITY Jason Looney EKU, Department of Technology, CEN.
Lecture 5: User Accounts & Directory Service Instructor: Dr. Najla Al-Nabhan
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Chapter 10: Rights, User, and Group Administration.
Samba – Good Just Keeps Getting Better The new and not so new features available in Samba, and how they benefit your organization. Copyright 2002 © Dustin.
2.1 © 2004 Pearson Education, Inc. Exam Designing a Microsoft ® Windows ® Server 2003 Active Directory and Network Infrastructure Lesson 2: Examining.
Permissions Lesson 13. Skills Matrix Security Modes Maintaining data integrity involves creating users, controlling their access and limiting their ability.
Larry Mead TSP - Platform Modernization Microsoft Corporation SESSION CODE: WSV318 John Kelbley Sr. Technical Product Mgr. Microsoft Corporation.
Linux Operations and Administration
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter One Introduction to Exchange Server 2003.
Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
LINUX Presented By Parvathy Subramanian. April 23, 2008LINUX, By Parvathy Subramanian2 Agenda ► Introduction ► Standard design for security systems ►
Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.
Windows interoperability with Unix/Linux
Secure Connected Infrastructure
Demonstrations of Interoperability with Windows 2000
Introduction to Operating Systems
Network Administration Module 09
Unit OSC: Interoperability
Module 8: Securing Network Traffic by Using IPSec and Certificates
SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH
Module 8: Securing Network Traffic by Using IPSec and Certificates
Presentation transcript:

Linux Windows Integration Can’t we all just get along?

JD Fogg Technology Infrastructure Consulting Security Consulting Network Engineering Project Management & Implementation

What is Interoperability? Application Sharing Shared Data Resources (ODBC, etc.) Network Services (DNS, etc.) Mail Printing File Sharing Internet Access (ISA issues) Login “pass-through” / AD integration

Application Sharing RDesktop & Terminal Services VNC X-Windows Cygwin

Network Services MS-DNS works well MS-DHCP is integrated with DNS NTP is native to AD Split DNS is possible, but complicated

Mail Exchange supports POP3 and IMAP Outlook / Outlook Express support POP3 and IMAP MBOX conversion possible Integrated calendaring is the driver for Exchange adoption Exchange Public Folders are evil POP3 connectors in Exchange

Printing Samba and Printing CUPS

Internet Access ISA relies on AD for AAA Outbound Internet access requires systems and users to be “known” Exceptions can be made for non-AD machines

File Sharing Samba – the well worn path Browsing AD shares with Samba 3.0 Killing CIFS permissions *nix-based NAS issues MS-SUX and NAS tricks

MS-SFU 3.5 (beta) Dramatic new capabilities, in W2003R2 Identity Management for Unix MSNFS (client, server & gateway) Subsystem for Unix Applications (Interix) Full NIS with AD sync Tools (awk, grep, sed, tr, cut, tar, cpio) Permissions translations

Active Directory Integration If you can’t beat them, join them

Understanding Linux Authentication etc/passwd, etc/group etc/shadow PAM

passwd and group james:x:500:500:Mr. James User:/home/james:/bin/bash Fields are colon-delimited uname:pword:userid:groupid:name:homedirectory:shell

Shadow Passwords World has RO rights to etc/passwd Password stored using a simple hash Many processes read etc/passwd Password is replaced in /etc/passwd with a token etc/shadow holds encrypted password data with Draconian rights

PAM Pluggable Authentication Module Native to Linux, available for all other *NIX Allows for a variety of authentication systems to mimic /etc/passwd Any AAA system with a PAM module can be used Active Directory PAM modules are available

Active Directory Hierarchical database of users, resources and rights AD is standards-based (with a little DNS protocol extension) Kerberos (authentication), DNS (naming) and LDAP (directory services) All services accept queries from any host Extensive resources available (bring aspirin and coffee)

Active Directory & DNS DNS answers all queries (promiscuous) DNS zones can be AD-integrated or stand-alone (using a BIND style zone file) AD domain zone contains AD-specific extensions, must be AD-integrated MS-DNS doesn’t support BIND 9 Views MS-DHCP is integrated with DNS Split DNS or Windows DNS, you choose Beware zone transfers and updates

Active Directory and Kerberos MS-Kerberos is standards based Queries must be from “known” hosts Kerberos authenticates users and hosts Kerberos authorizes resource access Used for domain trusts Transitive nature extended to other OS’s

Active Directory and LDAP MS-LDAP is standards compliant Queries must be from “known” hosts Resource of “known” hosts for services Database of systems and resources Integrated with Kerberos AA and rights management LDAP is the “glue” of AD

Winbind Allows Linux users to use Windows domain resources as though they were native Linux resources

Samba & Winbind Winbind extends Samba functionality to integrate AD AAA Samba IT Kerberos5 V OpenLDAP Winbind authenticates users against AD Manages passwords, no local accounts php/ php/

QUESTIONS?

Thank You

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.