So here’s my afternoon’s accomplishment (or lack there of) relating to my task list in the previous post:
- DNS (must reference DNS server running on firewall) – Windows DNS server removed and the domain of the Windows box changed to match the Kerberos realm (same as the AD domain) on the firewall DNS.
- AD (myself as dummy user, I must be able to logon to the domain) – Done!
- Terminal Server (change group security policy) – I can’t figure out how to do this because I can’t find any settings related to it in the domain security policy.
- SharePoint (fix SQL error although I have no idea how) – Not done!
- Samba (to share home directories on linux server) – Done, with one problem: When logging onto the domain, the user has no write permissions to the Windows profile directory (\\Tango\username\profile). This means that the windows profile cannot be loaded and a local one is used instead.
- OpenLDAP (must talk to AD to authenticate linux boxes) – Not done!
I suspect that fixing point 6 and changing the ownership of the user directories to users that have UIDs and GIDs in AD will allow users logging onto the domain to write to their profile directories (see note to point 5).
So the new todo list looks like this:
- OpenLDAP must talk to AD to authenticate linux boxes
- Users must be able to write to remote profile directories
- Test Terminal Services
- SharePoint (fix SQL error)