gnu-misc-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NYC LOCAL: Thursday 21 January 2010 UNIGROUP: Eric Hombo on Active Direc


From: secretary
Subject: NYC LOCAL: Thursday 21 January 2010 UNIGROUP: Eric Hombo on Active Directory Integration with Unix and Linux Systems
Date: 20 Jan 2010 00:06:13 -0500

<blockquote
  what="official UNIGROUP announcement"
  rsvp="registration requested, see below"
  entrance-fee="yes, see http://www.unigroup.org/unigroup-fees.html";
  location="The Cooper Union School of Engineering, see below"
  info="http://www.unigroup.org";
  edits="some paragraphs removed so notice fits in mailboxen">

 Date: Sun, 17 Jan 2010 08:00:14 -0500 (EST)
 From: Unigroup_of_NY <address@hidden>
 Subject: UNIGROUP Meeting 21-JAN-2010 (Thu): Active Directory Integration - 
Unix/Linux/Windows

 Unigroup is THIS Thursday... Please RSVP now if you will be attending!

 ====================================================================
 UNIGROUP OF NEW YORK - UNIX USERS GROUP - OCTOBER 2010 ANNOUNCEMENTS
 ====================================================================

    --------------------------------------
 1. UNIGROUP'S OCTOBER 2010 MEETING NOTICE
    --------------------------------------

       When:  THURSDAY, January 21st, 2010    (** 3rd Thursday **)

      Where:  The Cooper Union  <http://www.cooper.edu>
              School of Engineering  (*** New Building ***)
              41 Cooper Square  (3rd Avenue @ 7th St, between 6th & 7th Streets)
              East Village, Manhattan
              New York City
              Meeting Room: 201
              ** Please RSVP **

       Time:  6:15 PM - 6:30 PM  Registration
              6:30 PM - 6:45 PM  Ask the Wizard, Questions,
                                 Answers and Current Events
              6:45 PM - 7:00 PM  Unigroup Business and Announcements
              7:00 PM - 9:30 PM  Main Presentation

              ----------------------------------------------------
      Topic:  Active Directory Integration with Unix/Linux Systems
              ----------------------------------------------------

    Speaker:  Eric Hombo,
              Lead Escalation Support Engineer,
              Beyond Trust <http://www.beyondtrust.com>

    -------------------------------------------------------------------

    INTRODUCTION:
    -------------

    Happy New Year!  Unigroup's January 2010 meeting will cover
    Cross-Platform Integration across Unix, Linux and Windows systems.

    Unigroup Elections: Unigroup holds Board of Director Elections
    every January.  If you are a Unigroup Member and would like to
    run for the Unigroup Board, please contact us on or before our
    January 2010 meeting.

    Note: We are continuing to try to re-schedule our planned meeting
    on "The Latest in x86 Computer Architecture" to be presented by
    a leading PC hardware vendor.

    -------------------------------------------------------------------

    SPECIAL INSTRUCTIONS:
    ---------------------

    To REGISTER for this event, please RSVP by using the Unigroup
    Registration Page:
          http://www.unigroup.org/unigroup-rsvp.html

    This will allow us to automate the registration process.
    (Registration will also add you to our mailing list.)
    Please avoid Emailed RSVPs.

    Please continue to check the Unigroup web site and meeting page,
    for any last minute updates concerning this meeting.  If you
    registered for this meeting, please check your Email for any last
    minute announcements as the meeting approaches.  Also make sure
    any anti-spam white-lists are updated to _ALLOW_ Unigroup traffic!
    If you block Unigroup Emails, your address will be dropped from
    our mailing list.

    Also, if you have an interest in Unigroup, be sure to receive
    Unigroup information DIRECTLY from Unigroup, via direct receipt
    of Emails and by visiting the Unigroup Web Site.  NO OTHER SOURCE
    provides timely, accurate and complete Unigroup information.

    Please RSVP as soon as possible, preferably at least 2-3 days
    prior to the meeting date, so we can plan the food order.
    RSVP deadline is usually the night before the meeting day.

    Note: RSVP is requested for this location to make sure the guard
          will let you into the building.  RSVP also helps us to
          properly plan the meeting (food, drinks, handouts,
          seating, etc.) and speed up your sign-in at the meeting.
          If you forget to RSVP prior to the meeting day, you may
          still be able to show up and attend our meeting, however,
          we cannot guarantee what building security will do if
          you are "not on the list".

    -------------------------------------------------------------------

    MAIN PRESENTATION
    -----------------

    Topic: Active Directory Integration with Unix and Linux Systems
           ========================================================

    - Introduction
      - Speaker Background
      - BeyondTrust
      - History of Directory Services
      - Why Active Directory?
      - Unix/Linux Integration with AD
      - Demonstration
      - References

    - Regulating Identities
      - Identities required for auditing and accountability
      - Directories proliferate to store identities
      - Identity Management is Decentralized
      - Islands of Identities
      - Non-standard data models

    - The Holy Grail: Unified Directory
      - X.500
      - LDAP v2
      - LDAP v3
      - Active Directory

    - Unified Directory
      - Single identity for authentication
      - Unified authentication
      - Not quite single sign-on (SSO)
      - Provides both authorization and authentication services in one

    - LDAP Schema

    - RFC 2307

    - Why Active Directory?
      - Unifies authorization and authentication
      - Built-in scalability
      - Extensibility
      - Leverage existing infrastructure
      - Interoperable
      - Flexible
      - Centralized Management

    - AD Integration with Unix/Linux
      - Active Directory Services (ADS) introduced with Windows 2000
      - LDAP v3 compliant
      - Kerberos compliant
      - Provides NIS capability (RFC 2307)
      - Windows client support built-in

    - Unix/Linux AD Client Solutions
      - Non-standard Vendor OS
      - Native Support
        - Sun Solaris/OpenSolaris
        - HP-UX
        - AIX
      - Linux (open source)
        - OpenLDAP and SAMBA/Winbind
        - Kerberos (MIT, Heimdal, Shishi)
      - Commercial

    - Unix/Linux Authorization: LDAP
      - Authorization via Name Service Switch (NSS)
      - Requires mapping or storing Unix attributes
      - SFU: Services for Unix (deprecated/unsupported)
      - IMU: Identity Management for Unix
      - DNS is integral to LDAP to locate DCs

    - Unix/Linux Authentication: Kerberos
      - Authentication via PAM
      - Requires common time source (NTP)
      - DNS is integral to locate KDCs and for host name resolution
      - Benefits of using AD as KDC

    - Kerberos Process

    - Kerberos: Common Problems
      - Segmented/Firewalled Networks
      - DNS resolution, NSS host order
      - Clock skew errors (> 300 seconds)
      - UDP Fragmentation
      - Large groups / nested groups

    - Applications
      - Applications must be "Kerberized"
      - A service principal must exist for each app
      - Requires additional integration through PAM

    - Procedures/Examples for:
      - Verify AD DNS Resolution
      - Setting Time (NTP)
      - Setting Time (NTP)
      - Setup Kerberos Client
      - Verify Computer Account in AD
      - Verify Kerberos Client
      - Create Unix Group in AD
      - Create Unix User in AD
      - Add Unix User to Unix Group in AD
      - Unix Group with Unix members
      - Verify Unix User Attributes
      - Configure LDAP Client
      - Verify LDAP Client
      - Verify Unix User Authorization in AD
      - Verify Unix User Authentication to AD
      - Configure PAM for Kerberos Authn

    - References


    Web Resources:
    --------------

    Unix AD Clients:

      AIX:

        IBM Redbook - Integrating AIX into Heterogeneous LDAP Environments
          <http://www.redbooks.ibm.com/redbooks/pdfs/sg247165.pdf>

        Configuring AIX 5L for Kerberos Based Authentication Using Windows 
Kerberos Service
          
<http://www-03.ibm.com/systems/resources/systems_p_os_aix_whitepapers_aix_kerberos2.pdf>

      HP-UX:

        LDAP-UX Client Services B.04.15 with Microsoft Windows Active Directory
        Server Administrator's Guide
          <http://docs.hp.com/en/J4269-90084/index.html>

        Configuration Guide for Kerberos Client Products on HP-UX
          <http://docs.hp.com/en/5991-7718/index.html>

      Solaris:

        System Administration Guide: Naming and Directory Services (DNS, NIS, 
and LDAP)
          <http://docs.sun.com/app/docs/doc/816-4556>

        Solaris 5.11 / OpenSolaris - Project Winchester
          <http://hub.opensolaris.org/bin/view/Project+winchester/>

    Linux Debian/Ubuntu:

      SADMS
        <http://sadms.sourceforge.net/>

    Active Directory & Windows Server 2003/2008 R2:

      Identity Management for Unix
        
<http://technet.microsoft.com/en-us/library/cc782782%28WS.10,printer%29.aspx>

      How the Kerberos Version 5 Authentication Protocol Works
        
<http://technet.microsoft.com/en-us/library/cc772815%28WS.10,printer%29.aspx>

      Authenticate Linux Clients with Active Directory
        <http://technet.microsoft.com/en-us/magazine/2008.12.linux.aspx?pr=blog>

    BeyondTrust (formerly Symark)

      PowerAdvantage Product Overview
        <http://www.beyondtrust.com/products/padoverview.asp>

    -------------------------------------------------------------------

    Speaker Biography:
    ------------------

    Eric Hombo, Lead Escalation Support Engineer, Beyond Trust.

    Mr. Hombo holds a Bachelors degree from Whittier College in
    Mathematics with a minor in Computer Science, and has 21 years of
    varied experience from a diverse set of fields.  Starting from a
    telecommunications background, Mr. Hombo worked to get the Whittier
    College campus onto the Internet in 1988 and devised a 300 computer
    network for Internet access, shared file storage and print sharing
    across the campus.  From there until joining BeyondTrust as Lead
    Escalation Support Manager, Mr. Hombo worked with technologies
    including Unix systems such as Ultrix, SunOS/Solaris, and SGI,
    PCs from IBM and Apple, networking technologies both copper and
    fiber based, RARP and BGP-4 protocols, Cisco and Netcom hardware,
    and access methods from dialup to Fractional T-3s.  His experience
    also includes higher education planning, support and management
    consulting, systems support management for one of the world's
    largest high tech firm's basic research lab, and corporate MIS
    management for one of the US's largest independent insurance
    brokerage firms, an Australian furniture mover and a New Zealand
    kiwi orchard pruner.  He can say hello/welcome in a dozen
    different languages.

    -------------------------------------------------------------------

    Company Biography:
    ------------------

    BeyondTrust provides privilege authorization solutions for
    heterogeneous IT environments.  The BeyondTrust PowerBroker
    reduces the risks associated with misuse of privileges and
    theft of proprietary data, while documenting accountability to
    support increasing demands of regulatory compliance required
    across many industries.

    BeyondTrust is relied on by more than half of the top ten
    commercial banks in the U.S., some of the largest global
    aerospace and defense agencies, leading pharmaceutical companies
    and renowned universities.  The BeyondTrust customer retention
    rate is over 90%.  The company is headquartered in Los Angeles,
    California, with East Coast offices in the Greater Boston Area,
    and EMEA offices in London, United Kingdom.

    For more information about Beyond Trust, please visit:
      http://www.beyondtrust.com

    -------------------------------------------------------------------

    Giveaways:
    ----------

    Addison-Wesley Professional/Prentice Hall PTR, and O'Reilly have
    been kind enough to provide us with review copies of some of their
    books, which we will continue to raffle off as giveaways at our
    meetings.  The publishers always ask that the persons receiving
    the books provide a review and/or feedback about their books.

    Unigroup would like to thank both companies for the support
    provided by their User Group programs.

    As always, all of the books will be available for review at the
    start of the meeting.

    We have some Solaris Related CD-ROMs from our friends at the local
    NYC Sun Microsystems Office.

    -------------------------------------------------------------------

    Fee Schedule:
    -------------

    Unigroup is a Professional Technical Organization and User Group,
    and its members pay a yearly membership fee.  For Unigroup members,
    there is usually no additional charges (ie. no meeting fees) during
    their membership year.  Non-members who wish to attend Unigroup
    meetings are usually required to pay a "Single Meeting Fee".

        Yearly Membership (includes all meetings):      $ 50.00
        Student Yearly Membership (with current! ID):   $ 25.00
        Non-Member Single Meeting:                      $ 20.00
        Non-Member Student Single Meeting (with! ID):   $  5.00

      * Payment Methods: Cash, Check, American Express.

      ! Students: We are looking for proof that you are
        currently enrolled in classes (rather than working
        full-time), and as such, your Student ID should show
        a CURRENT date.  We have been presented Student IDs
        containing NO dates whatsoever, and in the
        current environment, perpetual/non-expiring access
        to university facilities just does not feel right.
        If your ID contains no date, please bring
        additional proof of current enrollment.  Thanks,

    NOTE: Simply receiving Unigroup Email Announcements does
          NOT indicate membership in Unigroup.

    -------------------------------------------------------------------

    Food:
    -----

    Complimentary Food and Refreshments will be served.  This
    includes "wraps" such as turkey, roast beef, chicken, tuna
    and grilled vegetables as well as assorted salads (potato,
    tossed, pasta, etc), cookies, brownies, bottled water and
    assorted SOFT beverages.

    -------------------------------------------------------------------

    Directions:
    -----------

      The Cooper Union  <http://www.cooper.edu>
      School of Engineering  (*** New Building ***)
      41 Cooper Square (3rd Avenue @ 7th St, between 6th & 7th Streets)
      East Village, Manhattan
      New York City
      Meeting Room: 201

    Located on the East side of Cooper Square.  Look for the
    new building with the non-traditional appearance.
    Entrance is at the corner of 3rd Avenue and 7 Street.

    Building lobby sign-in is required at the guard's desk.
    Enter the building, check in with the guard at the lobby for
      directions to Unigroup and Room 104 (1st Floor).

    Nearest mass transit stations are:
      '6'           to Astor Place (stops right at The Cooper Union),
                    then walk 1 block East and 1 block South.
      'R'           to 8th Street, then walk about 2 blocks East
                    then 1 block South.
      '4/5/6/R/N/Q' to Union Square, then walk South and East.
      'B/D/F/V'     to Broadway-Lafayette, then walk North and East.

    Free street parking in the area becomes available at 6pm.

    There are also parking lots on Broadway, at (or just south of)
      Astor Place (8th Street).

    -----

    Please mark this meeting on your calendar and join us!
    Please tell your friends about Unigroup!

 ----------------------------------------------------------------------------
 ----------------------------------------------------------------------------

< ... />

    =========================================================================
    = For Unigroup Information, Events and Meeting Announcements be sure to =
    = visit our World Wide Web Home Page:                                   =
    =       http://www.unigroup.org                                         =
    =========================================================================

    For further information or to get on the Unigroup Electronic Mail Mailing
    List send an EMail message to:
         unilist (-a_t-) unigroup.org

    To contact the Board of Directors of Unigroup, send an EMail message to:
         uniboard (-a_t-) unigroup.org

    If you have recently attended a meeting and you are not receiving
    Email announcements, please send us an Email and we will make
    corrections to our lists.

    Please Email the Board with any suggestions, especially potential
    meeting topics and speakers.  Unigroup welcomes contributions and
    content suggestions for our newsletter.  Unigroup is a volunteer
    organization and we need your assistance!  Please let us know if you
    can help!

 ----------------------------------------------------------------------------
 ----------------------------------------------------------------------------

 -Rob Weiner
  Unigroup Executive Director
  unilist (-a_t-) unigroup.org
  http://www.unigroup.org
  
</blockquote>


Distributed poC TINC:

Jay Sulzberger <address@hidden>
Corresponding Secretary LXNY
LXNY is New York's Free Computing Organization.
http://www.lxny.org


reply via email to

[Prev in Thread] Current Thread [Next in Thread]