Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[SOLVED] Gentoo in non-friendly Windows domain environment
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
cz0
Apprentice
Apprentice


Joined: 13 Jun 2005
Posts: 280
Location: /earth/russia/moscow
PostPosted: Mon Jul 27, 2015 8:12 pm    Post subject: [SOLVED] Gentoo in non-friendly Windows domain environment Reply with quote
Hello, folks!
I've been using Gentoo for ages by now and completely satisfied with it. But a couple of weeks ago I got a new job in a big bank with all this windowsy active directory and domain crap. It is not very welcomed to use anything but Win 7 Pro, but I did my tricky work and got a fresh Gentoo on my laptop (with a dual boot, just in case). The problem is in authorization.
I have another Ubuntu desktop with all this magic working, but I have no idea how all this was done.
What I can see from root .bash_history file is that mit-krb5, samba, ntp and nss were installed. When you login to this Ubuntu machine, you mast use your Domain user and password with only root as exception. Then it let you in. When you need some web surfing, browser will ask you for authorization once again (only for Linux, Windows work with no any extra steps here). You type something like DOMAIN\username and password and it let you go through the web. Only HTTP/HTTPS traffic is restricted, all the rest is free to go (this is how I got my Gentoo installed from Interned: with a help of SSH and some SOCKS5/HTTP proxy wrapping). Besides, some kind of hardware port protection is in use. For example: I log in on Ubuntu machine and authorize for HTTP with a help of browser, then I set same IP-MAC-HOSTNAME trinity on my Gentoo, reconnect it with this ethernet cable and I can get HTTP for some time until authorization expires. Then I can repeat the the trick. Same trick will work with my native IP-MAC-HOSTNAME if I login into Windows.
I was able to get my pam authorization work with Domain by enabling mit_krb5 use flag and reemergeing pam. It work as a charm and let me login only with my domain user/password pair. I got this working by simply copying /etc/krb5.conf from Ubuntu machine.
But then... I got stuck with HTTP authorization. Even with logged in via Domain account, after some time I get kind of "ironport" block from the HTTP proxy. I have no idea how all this work and how I can get it work as on Ubuntu machine.
So, I definitely need help and some theory on this topic.
Back to top
View user's profile Send private message
cz0
Apprentice
Apprentice


Joined: 13 Jun 2005
Posts: 280
Location: /earth/russia/moscow
PostPosted: Tue Jul 28, 2015 6:54 pm    Post subject: Reply with quote
Accidentally solved by adding two hard-defined host into /etc/hosts so the properly resolve and let me authorize on proxy.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy