From: Fred N. van Kempen (Fred.van.Kempen@microwalt.nl)
Date: Mon Jul 12 2004 - 16:17:07 EDT
Hi all !
After some serious trying, I am close to giving up on Tru64 *ever*
working right in the sense that I:
- have it run as a general UNIX host with shell access
- have it use SSO for authenticating users (other than "root") with
my W2K domain
- have it use ASU for sharing two of its drives (volumes) for use by
the other systems on the network, most of which are W2K Pro
workstations.
What is working:
- the system runs fine as a general UNIX host
In general, no complaints here. It is nice and fast, on my dual-CPU Alphaserver 1200.
However, since this system (and its smaller brother) live in a W2K ActiveDirectory network, I'd like to have its users be authenticated
by that W2K domain, so installed SSO on it. I *did* change the
w2ksetup script to change the machine name (and machine account info
in /etc/ldapcd.conf) to be "wks-unixhost" rather than "unixhost",
because "unixhost" will be used by the ASU software, and these dont
want to use the same machine account.) This *seems* to work... the
procedure actually created the correct machine account in the W2K
domain, and user logins work.
But... *do* they? Some do, some don't. Of the, say, 100 accounts
defined in the W2K domain, I can "see" only a few. There seems to be
no relation to whether an account is a member of the Administrators
or Domain Admins groups or not.. some are useable from the T64 host,
some are not.
---> is there a simple tool which I can use to determine what the T64
box is "asking" the domain server, and what the replies are? I
would like to find out why "john" works, but "peter" does not..
And then there is ASU. This system handles most of the development
work here, and I would like all the projects to be hosted on that
system, rather than have two copies live on the network (one on the
UNIX system, one on the W2K file servers) and major copying going
on.
So, I set up ASU, added the registry value UseActiveDirectory set to
REG_DWORD=1, and restarted. Set up the shares.
This works: I can browse the system as if it were a regular W2K file
server, and I can see the files I need to see.
BUT: this seems to only work for the domain's Administrator user.. if
I try to do this as a regular user (a developer), then I see nothing.
Incidentally... this is the case for both users that *do* work under
SSO, and for those that do not.
It seems to me that ASU cannot or will not check credentials with the
W2K domain, even though I told it to. This is possible, but why??
Any insights from fellow admins who have similar setups?
Thanks,
Fred
--
InterNetworking, Network Security and Communications Consultants
MicroWalt Corporation (Netherlands), Postbus 8, 1400 AA BUSSUM
Phone +31 (35) 7503090 FAX +31 (35) 7503091 http://WWW.MicroWalt.NL/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:50:03 EDT