Sorry for the slow reply: been on holiday for a (very soggy) week at Peterborough Beer Festival.
On 24/08/10 01:13, Wayne Stallwood wrote:
From the client side I can't really see what you could gain, apart from being able to log into your Linux box with domain credentials
That's pretty much what I thought, and actually having at least one machine that would keep going "if" the DC fails in some way would be no bad thing!
The more obvious thing would be where you are providing samba shares and want other domain users to authenticate to them
I'm not doing this, so I don't have anything to worry about here. However, logging into other shares on other machines that are in the domain is necessary - I currently do this without being a part of the domain but I guess it would be preferable to be a domain user for this?
Not had experience of likewise but it seems to just automate and guify some of the steps that are already possible with OSS tools, personally if you are dedicated to learning this then I would try it the "hard" way, there are plenty of howto's kicking about that will get you started.
Thanks, I wasn't sure if it was anything special.
The key thing is that your clock must be in sync with the domain. It's only sufficient to have your linux box talking to an external ntp pool if the domain is also synced to internet time, if your domain time has drifted then your auth attempts will fail. Otherwise use "net time set" to set the time on your box from the windows domain
That's useful to know, thanks. Presumably (OT!) this would also apply to Windows clients talking to the DC? If so I'll pass that on to those who might come up against it.