This question will undoubtedly anger many if not all, but after 5 years I am at my wit's end.
Can I install and setup a new domain using linux as a domain controller behind a router in such a way that it won't interfere with or be seen by the current win 2k3 domain controller?
You can configure Samba in *nix to be either a primary or backup domain controller. If you choose backup though, as far as I am aware, it can only be a backup to a Samba primary.
That being the case you could potentially look to replace your DCs with a *nix solution but I am not certain how, if at all, they can be integrated.
I would advise a LOT more reading on the subject.
Yes, I want to make the *nix box into a primary dc. Here is my problem and the reason I thought some might get angry.
I am not the IT person in my organization. I work in an educational environment and the IT staff are responsible for @10,000 machines spread over a large geographic area with upwards of 200 buildings. They are understaffed, underpaid and dealing with many isues. Before the current IT head was hired 5 years ago, I was running my own network of 12 machines using Win Server 2003. IT left me alone; they knew what I was doing and I ran things and didn't ask them for support. They were happy 'cuz they had WAY too much to do and I wasn't a drain on their resources. Then they upgraded to Server 2003 and pulled out my network with promises of support and trouble free computing. Five years later, I have no network and the faculty computers have Deep Freeze. If I want to add so much as a bookmark I have to call IT and make an appointment for them to come and put it in. They insist we use Firefox 3.0.6.... I could go on. Bottom line: They are making it harder for me to do my job. I have been patient. I have tried to be helpful. But I have finally given up. I want to rebuild my nework without them knowing about it.
What I need to know is if it is possible to setup a *nix server as a primary dc without them knowing about it? I'm not trying to mess them up; I just need to be able to do my job without them being in my way.
I have done a fair bit of reading, but there really doesn't seem to be a precedent for this anywhere, which makes absolute sense. My current situation doesn't make sense, however and needs to be resolved.
So, you want to create a new domain for your faculty computers. Are those computers members of the Windows domain ? Do you want them to continue being part of that domain and additionally join your new domain ?
What's the purpose of the new domain ? what kind of features are you looking for ?
A samba domain could certainly be an option, but there are some features that you would have with a Windows domain, that a samba domain might not offer.
I don't want the new domain to have anything at all to do with the old domain. I am trying to set up three user groups with different security levels and drive access; basically faculty, T.A.'s and students. Four of the computers are dedicated for faculty and T.A's, the other 8 get used by all and sundry. All of the computers are running XP. I don't have access to a legal copy o Server 2003 anymore (IT took my legal copy when they dismantled my old network) so I did some reading and thought I might be able to meet my needs with a samba domain.
Sheetsofsound,
From your long explanation, it looks like the school's IT people have taken over the duties that they had previously left to you. They may no longer be as overworked and understaffed as they used to be. They are now in control, and from your description, though I am thinking it may be a little overblown, finding that someone trying to short circuit that control may well go badly for that individual.
The basic task you wish to do is to simply put the three groups you list into different security groups with access depending on the group. This is a relatively trivial thing to do through Windows Active Directory. All you need to do is to open a ticket with your IT people, break down the groups, break down the rights that you wish to grant them, and list who will have access to what shares on the server. Let IT do their thing, and you need not worry.
Stevesz,
I appreciate what you are saying. I have not undertaken this lightly. I have already done what you suggested. Numerous times. I have even been to meetings for discussion of IT policy, I have met personally with the head of IT to try and resolve the issues. I have not been unprofessional or rude in trying to solve this. I have been patient for fIve years. FIVE years. The situation is so bad that most staff across the system don't use the computers at work; instead they bring their laptops and unplug the supplied machines. They can then access the internet but not the servers. The situation is rediculous and I just want to get on with my work.
It depends on a fair few factors:
1. Do your users map their drives by IP? THey would need to for this to work.
2. Do you use the DNS/WINS services in Windows? Without a Windows server you might have trouble finding machines on the network unless you have DNS zones replicated between your servers.
3. DO you have any groups in your directory?
4. Do you have Samba running?
5. DO you have a way to replicate the files and all permissions between the servers?
6. Do you have a way to replicate the user details between 2 disparate (one proprietary) LDAP directories?
Remembering here that once you lose your domain controller your client machines won't be in a domain anymore. Everyone will need their profiles recreated in this instance.
I'm really just throwing this out here to show you it's not simple. Even if you cross your T's and dot your I's there is a high chance that something unforseen would happen. You'd be highly recommended to run a full disaster recovery test to ensure that everything works correctly.
Is there any reason you can't go for 2xW2K3 machines or 2xLinux machines?
Rechil et al,
I guess I was just trying to find a way to hide my network from IT without paying for internet access. They told me the reason I tripped up their network when they upgraded to W2K3 five years ago was because I was using their server for DNS. I have tried setting up a router using OpenDNS and had hoped I could hide my network behind the router, but I don't know enough about Active Directory to know if a samba server would be detected and/or conflict with their network. I have homework to do. Unless anyone has a simple solution, I don't want to waste any more of everyone's time on this bizarre situation of mine and my now glaringly apparent lack of knowledge.
I may try to solve my problems by paying for a line drop and just removing myself from IT's system altogether. That way I don't have to worry about getting into a conflct with their network and I can set up and do my own thing, this time using samba. We're just strapped for funds is all.
Anyone suggest some good resources I can study about Active Directory?
I'm not sure isolating your departmental network will do any good for accessing the university servers - and from your postings I assume it is a necessity.
Free Guide: Managing storage for virtual environments
Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!
Discuss This Question: 12  Replies