Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
NETWORK OPERATING SYSTEM INTEROPERABILITY Jason Looney EKU, Department of Technology, CEN Overview The project I undertook was to try and provide an authentication method which would provide a single user logon over multiple Operating Systems. The goal was to be able to access shares and files over multiple operating systems. 2 MOTIVATION My motivation was formed out of curiosity about why so many websites complain about how hard it is to get Linux, UNIX, Mac OS X, and Windows to talk. From this curiosity I decided to choose this project in order to examine the pitfalls involved with getting these Operating Systems to talk to one another. I also wanted to show some solutions that are available in order to share data between multiple Operating Systems. 3 INTRODUCTION Why is interoperability so important? Problems with interoperability? What does this mean to Network Administrators? My ambitions for this project. 4 PROBLEM STATEMENT How do you get Windows Active Directory and UNIX based Operating Systems to authenticate to one another? 5 SOLUTIONS Open LDAP Microsoft Windows Services for UNIX 3.5 Apple’s Open Directory Other 3rd party software solutions. Kerberos and Samba Authentication 6 AMBITIONS To provide a single log on over a Wide Area Network connection, and using Multiple Operating Systems. By using VLANs to simulate provide multiple domains for each OS. My overall plan was to have 5 separate domains with each domain having a different primary OS. 7 RESULTS Problems!!!! Open LDAP requires you to use Microsoft Services for UNIX 3.5 which in turn requires a Network Information Server (NIS) on a “NIX” machine. Then Windows Services for UNIX 3.5 was unable to connect to the NIS. 8 Results Cont. Apple solutions required OS X 10.3 (Panther) or latest OS X 10.4 (Tiger). I had OS X 10.2 (Jaguar) which was unable to connect to Active Directory. Some sites recommended special 3rd party software for 10.2 but the software was only compatible with 10.3 or better. 9 MORE RESULTS Cisco routers unable to perform 802.1q encapsulation. Why? I don’t know after checking the IOS version and Cisco’s website I found that I should have been able to but the routers in the lab did not support VLAN routing. 10 KERBEROSE AND SAMBA PROBLEMS Not as many and it was the only authentication method I was able to get to work. The first problem was finding the right information about how to edit my samba.conf and krb5.conf files. The second problem was that I locked out the root account on my Linux system. The third was finding out that Windows sends Kerberos tickets out in all caps and Linux was case sensitive. 11 IT WORKS Finally I was able to get Kerberos and Samba to work with Active Directory. This was the only authentication method I was able to get to work and it was also the easiest to configure once I learned how Windows and Linux both see things. This method “should” work for any update version of “NIX” operating systems. Each system will be different but as long as Kerberos and Samba 3 are installed this method is the quickest choice. 12 IT WORKS CONT. The problem with this method is that you have to create accounts on both the Linux machine and in Active Directory. This means it’s not the most practical authentication method but if you’re using only a few machines this is not a bad route to take if you want secure connections between Linux and Windows networks and single user logons. 13 MY PERSONAL SUGGESTIONS If you’re planning to try this project for yourself these are a few of my suggestions for you. 1. Use virtual machines because you are going to break things and it’s easier to replace a virtual image than a real hard drive image or installation. 2. Research your network hardware to make sure it has all of the features you need. 14 MY PERSONAL SUGGESTIONS 3. Don’t believe all of the how to’s that are on the internet most are incomplete or don’t fully explain what they are doing. 4. Use multiple sites so that you can get a full understanding of what’s going on. 5. Don’t trust that because something should work that it will work. “Great plans rarely survive first contact with the enemy.” 15 MY PERSONAL SUGGESTIONS 6. Things are going to go wrong just accept it and be able to reorganize your plan accordingly. 7. Don’t get frustrated. This is definitely a project that will lead you to a lot of closed doors, use them as learning experiences not as show stoppers. 16 CONCLUSION To bring this presentation to an end I would like to say that overall this was an incredibly frustrating project because it destroyed almost everything that I wanted to accomplish, however it was a great learning experience. Plus through it all I had a lot of fun trying to put everything together and seeing what is possible. 17 CONCLUSION This project also pushed my networking skills to a new level and provided an incredible learning opportunity that I’ve greatly appreciated. I would also like to especially thank Dr. Kilgore, Stephen Crumb, and Dr. Chandra for all of their help in providing hardware and suggestions. 18 POSSIBLE EXTENSIONS 1. Getting Open LDAP to work so that you can have a single logon for and only have to set up a user account once on Active Directory (AD) and maybe once one Open LDAP if it can not replicate with AD. 2. Get OS X to authenticate into AD. 19