Presentation
Download
Report
Transcript Presentation
NETWORK OPERATING SYSTEM
INTEROPERABILITY
Jason Looney
EKU, Department of Technology,
CEN
Overview
The project I undertook was to try and
provide an authentication method which
would provide a single user logon over
multiple Operating Systems.
The goal was to be able to access
shares and files over multiple operating
systems.
2
MOTIVATION
My motivation was formed out of curiosity
about why so many websites complain about
how hard it is to get Linux, UNIX, Mac OS X,
and Windows to talk. From this curiosity I
decided to choose this project in order to
examine the pitfalls involved with getting
these Operating Systems to talk to one
another. I also wanted to show some
solutions that are available in order to share
data between multiple Operating Systems.
3
INTRODUCTION
Why is interoperability so important?
Problems with interoperability?
What does this mean to Network
Administrators?
My ambitions for this project.
4
PROBLEM STATEMENT
How do you get Windows Active
Directory and UNIX based Operating
Systems to authenticate to one
another?
5
SOLUTIONS
Open LDAP
Microsoft Windows Services for UNIX
3.5
Apple’s Open Directory
Other 3rd party software solutions.
Kerberos and Samba Authentication
6
AMBITIONS
To provide a single log on over a Wide
Area Network connection, and using
Multiple Operating Systems. By using
VLANs to simulate provide multiple
domains for each OS. My overall plan
was to have 5 separate domains with
each domain having a different primary
OS.
7
RESULTS
Problems!!!!
Open LDAP requires you to use
Microsoft Services for UNIX 3.5 which in
turn requires a Network Information
Server (NIS) on a “NIX” machine. Then
Windows Services for UNIX 3.5 was
unable to connect to the NIS.
8
Results Cont.
Apple solutions required OS X 10.3
(Panther) or latest OS X 10.4 (Tiger). I
had OS X 10.2 (Jaguar) which was
unable to connect to Active Directory.
Some sites recommended special 3rd
party software for 10.2 but the software
was only compatible with 10.3 or better.
9
MORE RESULTS
Cisco routers unable to perform 802.1q
encapsulation.
Why?
I don’t know after checking the IOS
version and Cisco’s website I found that
I should have been able to but the
routers in the lab did not support VLAN
routing.
10
KERBEROSE AND SAMBA
PROBLEMS
Not as many and it was the only
authentication method I was able to get to
work.
The first problem was finding the right
information about how to edit my samba.conf
and krb5.conf files.
The second problem was that I locked out the
root account on my Linux system.
The third was finding out that Windows sends
Kerberos tickets out in all caps and Linux was
case sensitive.
11
IT WORKS
Finally I was able to get Kerberos and Samba
to work with Active Directory.
This was the only authentication method I
was able to get to work and it was also the
easiest to configure once I learned how
Windows and Linux both see things.
This method “should” work for any update
version of “NIX” operating systems. Each
system will be different but as long as
Kerberos and Samba 3 are installed this
method is the quickest choice.
12
IT WORKS CONT.
The problem with this method is that you
have to create accounts on both the Linux
machine and in Active Directory.
This means it’s not the most practical
authentication method but if you’re using only
a few machines this is not a bad route to take
if you want secure connections between Linux
and Windows networks and single user
logons.
13
MY PERSONAL SUGGESTIONS
If you’re planning to try this project for
yourself these are a few of my suggestions
for you.
1. Use virtual machines because you are
going to break things and it’s easier to
replace a virtual image than a real hard drive
image or installation.
2. Research your network hardware to make
sure it has all of the features you need.
14
MY PERSONAL SUGGESTIONS
3. Don’t believe all of the how to’s that are on
the internet most are incomplete or don’t fully
explain what they are doing.
4. Use multiple sites so that you can get a full
understanding of what’s going on.
5. Don’t trust that because something should
work that it will work.
“Great plans rarely survive first contact with
the enemy.”
15
MY PERSONAL SUGGESTIONS
6. Things are going to go wrong just
accept it and be able to reorganize your
plan accordingly.
7. Don’t get frustrated. This is definitely
a project that will lead you to a lot of
closed doors, use them as learning
experiences not as show stoppers.
16
CONCLUSION
To bring this presentation to an end I
would like to say that overall this was
an incredibly frustrating project because
it destroyed almost everything that I
wanted to accomplish, however it was a
great learning experience. Plus through
it all I had a lot of fun trying to put
everything together and seeing what is
possible.
17
CONCLUSION
This project also pushed my networking
skills to a new level and provided an
incredible learning opportunity that I’ve
greatly appreciated.
I would also like to especially thank Dr.
Kilgore, Stephen Crumb, and Dr.
Chandra for all of their help in providing
hardware and suggestions.
18
POSSIBLE EXTENSIONS
1. Getting Open LDAP to work so that
you can have a single logon for and
only have to set up a user account once
on Active Directory (AD) and maybe
once one Open LDAP if it can not
replicate with AD.
2. Get OS X to authenticate into AD.
19