[Beowulf] Re: Active directory with Linux
Chris Samuel
csamuel at vpac.org
Mon Oct 27 13:26:34 PDT 2008
----- "Dave Love" <d.love at liverpool.ac.uk> wrote:
> I don't understand that. If you need LDAP data, as opposed to just
> Kerberos authentication, and you're not allowed anonymous access to
> it,
Well we were told that AD doesn't permit anonymous access.
Bear in mind we're Linux geeks here, not Windows geeks.. ;-)
> you either use a `well-known' password on a special account (which
> you're probably also not allowed...)
Yup, that's what I described as not being permitted.
> or the `machine' account. The latter is what you get from
> `joining the domain' (e.g. with Samba)
Whilst I couldn't be certain I suspect their security
policy would have classed that as just being an implementation
of the former, and it too would have been locked out after
N failed attempts and hence locked out all users.
We got the impression that AD didn't permit them to
make an exception to this policy either.. :-(
cheers,
Chris
--
Christopher Samuel - (03) 9925 4751 - Systems Manager
The Victorian Partnership for Advanced Computing
P.O. Box 201, Carlton South, VIC 3053, Australia
VPAC is a not-for-profit Registered Research Agency
More information about the Beowulf
mailing list