[Beowulf] Re: Active directory with Linux
Dave Love
d.love at liverpool.ac.uk
Tue Nov 11 06:26:51 PST 2008
Chris Samuel <csamuel at vpac.org> writes:
> Well we were told that AD doesn't permit anonymous access.
<URL:http://www.novell.com/coolsolutions/appnote/15120.html>, for
example, has instructions for 2000 and 2003 servers.
> Bear in mind we're Linux geeks here, not Windows geeks.. ;-)
I hope you don't think I'm a Windows geek! Just passing on what I know
from having had to tangle with AD admin previously and having to get
things working here eventually post-eDirectory; I guess plenty of us are
in similar boats with this.
>> or the `machine' account. The latter is what you get from
>> `joining the domain' (e.g. with Samba)
>
> Whilst I couldn't be certain I suspect their security
> policy would have classed that as just being an implementation
> of the former, and it too would have been locked out after
> N failed attempts and hence locked out all users.
It would be the same on Windows boxes, surely, allowing a DoS attack.
> We got the impression that AD didn't permit them to
> make an exception to this policy either.. :-(
I think you can control the lockout policy with fairly fine granularity,
and I think it's actually off by default, but don't have a system to
check. I guess it's documented OTW somewhere.
--
IBM^WMicrosoft is not a necessary evil; IBM^WMicrosoft is not
necessary. -- Ted Nelson updated
More information about the Beowulf
mailing list