Adding child Win 2003 Server domain to unix tree

Toggle sidebar Toggle sidebar
F

Fencer128

Platinum Member
Jun 18, 2001
2,700
1
91
Hi,

Does anyone know how easy/possible it is to add a child domain to an existing unix administered domain.

i.e. example.unix.com windows active directory PDC added to unix.com unix administered domain?

When I try to do this I'm told that the server can't find a higher domain controller with active directory installed (or words to that effect), because we use unix and NIS above us.

Cheers,

Andy
 
S

Saltin

Platinum Member
Jul 21, 2001
2,175
0
0
It can't be done (as far as I know).
Windows 2k and 2003 look for AD domains when you attempt to create a child domain, obviously a UNIX domain is not going to fill that need.
You could create a new forest and name it whatever.unix.com, and then make the appropriate delegations in your DNS structure. As far as trust relationships between the two domains, I wouldnt know where to begin.
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: Saltin
It can't be done (as far as I know).
Windows 2k and 2003 look for AD domains when you attempt to create a child domain, obviously a UNIX domain is not going to fill that need.
You could create a new forest and name it whatever.unix.com, and then make the appropriate delegations in your DNS structure. As far as trust relationships between the two domains, I wouldnt know where to begin.
Click to expand...

By Unix domains, are you all talking about just DNS domains? If you are, you shouldnt really have to "add" a Win2k AD server to it, since there are no AD servers there already... Maybe Im confused here though.

You could possibly add the non-spec stuff MS put into LDAP to make AD and use Open-LDAP or something.
 
S

Saltin

Platinum Member
Jul 21, 2001
2,175
0
0
n0c,

I'm not really up to snuff when it comes to Unix. Is the concept of a domain as a security boundary even used?
If all a Unix domain is is a bunch of machines that share a common namespace in DNS, then it's alot different than a Windows domain.

I think what the original poster wants to do is create a new Windows 2003 domain that is a child domain of a DNS namespace (UNIX). Obviously, there is no AD to actually make it a proper, Windows child domain. What can be done, as I mentioned above, is simply creating a new Windows 2003 domain that is a child to the UNIX dns namespace in DNS terms only.

i.e
UNIX.com
Windows2003.UNIX.com

In essence, a root Windows 2003 domain (not a child in the Windows sense), that has a shared namespace with the Unix servers/machines.

Let me know if I am off on this.
 
F

Fencer128

Platinum Member
Jun 18, 2001
2,700
1
91
Hi,

This sounds like what I'd like to do. Can I get some feedback (as suggested above) as to the feasibility if this.

Cheers,

Andy
 
N

n0cmonkey

Elite Member
Jun 10, 2001
42,936
1
0
Originally posted by: Saltin
n0c,

I'm not really up to snuff when it comes to Unix. Is the concept of a domain as a security boundary even used?
If all a Unix domain is is a bunch of machines that share a common namespace in DNS, then it's alot different than a Windows domain.

I think what the original poster wants to do is create a new Windows 2003 domain that is a child domain of a DNS namespace (UNIX). Obviously, there is no AD to actually make it a proper, Windows child domain. What can be done, as I mentioned above, is simply creating a new Windows 2003 domain that is a child to the UNIX dns namespace in DNS terms only.

i.e
UNIX.com
Windows2003.UNIX.com

In essence, a root Windows 2003 domain (not a child in the Windows sense), that has a shared namespace with the Unix servers/machines.

Let me know if I am off on this.
Click to expand...

:confused:

There are really no "domains" in Unix. A DNS domain is the closest thing I can think of. Unless you get into LDAP (what AD is based on), and something there may be called a "domain." But I dont have enough experience with LDAP to say for sure. Ill have to read up on the Windows stuff when I get time...
 
S

Saltin

Platinum Member
Jul 21, 2001
2,175
0
0
Fencer,

I don't see any real problems doing this as long as the admin's of the root domain (unix.com) know what you are up to.
You would simply ask them to create a delegation record on the DNS server responsible for the unix.com namespace. That delegation record would point all queries for whatever.unix.com on to your Windows 2003 DNS server.

The actual Windows 2003 domain would not enjoy much/any interoperability with the Unix namespace machines.

In DNS terms, your new domain would be a child domain

In Windows terms, it would not be a child domain, it would be a root.
 
F

Fencer128

Platinum Member
Jun 18, 2001
2,700
1
91
Hi,

Thanks for that. The lack of interaction between Windows/UNIX is not a problem. The reason for the windows domain is to have centralised admin for everything within it. So long as DNS requests get routed through UNIX DNS servers to the "child" windows domain that's fine. The only Windows/UNIX interaction we may later adopt is NIS user authentication, which can be done through MS services for unix (SFU) 3.0.

Cheers,

Andy
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom