HPE Community
Operating System - Linux
1832855 Members
3059 Online
110047 Solutions
New Discussion

Re: "proxy" PDC

 
Josef Forman
Frequent Advisor

‎12-05-2004 09:29 PM

‎12-05-2004 09:29 PM

"proxy" PDC

Hi,
I have Apache/NTLM module for autentization for our department. Every autentization id routed to the main PDC in our company. Sometime the amount of autentization questions is really huge. So I need something like my private proxy PDC. Every auth. traffic will be directed to the proxy, for the first time the auth.question will be redirected to real PDC and the following auth. question will be terminated in my proxy PDC.

Is it possible?

Any idea?
0 Kudos
Reply
5 REPLIES 5
xyko_1
Esteemed Contributor

‎12-05-2004 09:58 PM

‎12-05-2004 09:58 PM

Re: "proxy" PDC

Hi Josef,

I think your question is best suited to a windows forum, but if the answer will be yes I suggest that you look samba 3 running on top of linux as your authentication PDC. Using linux/samba you will not have to pay windows licenses.

Regards,
Xyko
0 Kudos
Reply
Josef Forman
Frequent Advisor

‎12-05-2004 10:33 PM

‎12-05-2004 10:33 PM

Re: "proxy" PDC

I need Linux solution. It could be Samba 3, but probably with some special configuration.

0 Kudos
Reply
xyko_1
Esteemed Contributor

‎12-05-2004 10:44 PM

‎12-05-2004 10:44 PM

Re: "proxy" PDC

Ok Josef,

but as I told you this is a Linux forum and you need first to know if it's possible to do what you want using windows. If it's possible you have to know how to do the job and then we may try to help you how to do the same thing in linux/samba.

Tell us how you would do what you want using windows and I think that some linux expert will help you with samba.

regards,
Xyko
0 Kudos
Reply
Thomas Bianco
Honored Contributor

‎12-07-2004 01:17 AM

‎12-07-2004 01:17 AM

Re: "proxy" PDC

being a windows guy who wanders the unix world, i think your best bet is to create a DC in the same subnet as your Apache server, then lie to the appache server until it believes the new DC is the PDC.

i am not going to pretend i understand the apache module in question, but there are a few things that define a PDC. in NT4, it's nothing but a writable copy of the SAM and a special netbios message.

every DC registers the 0x1c group record (if the domain name is MyDomain then the DC record is "MyDomain \0x1c"), but only the PDC (or PDCEMU in 2k) registers the 0x1b Netbios record. take a look here http://support.microsoft.com/default.aspx?scid=kb;en-us;314108

linux has lmhosts for local NBT name reso.: http://www.die.net/doc/linux/man/man5/lmhosts.5.html

assuming your module is using netbios, you'll want to modify your nssswitch.conf file to use files only for netbios (i think it's the WINS entry, not sure) and write a lmhosts file similar to the following

1.1.1.1 myproxydc
1.1.1.1 mydomain#1b
1.1.1.1 mydomain#1c

let us know how it turns out.
There have been Innumerable people who have helped me. Of course, I've managed to piss most of them off.
0 Kudos
Reply
Thomas Bianco
Honored Contributor

‎12-07-2004 01:20 AM

‎12-07-2004 01:20 AM

Re: "proxy" PDC

the posting fairy ate my whitespace, but that was supposed to be 16 spaces, per below:
__________1111111_____
_1234567890123456_____
"MyDomain_______\0x1c"
There have been Innumerable people who have helped me. Of course, I've managed to piss most of them off.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.