Thursday, February 3, 2011

Merging Multi-Platform Domains

Hey Serverfaultians,

I really did not know how to title this one its quite a complicated one. Or I am just completely overlooking the solution telling me I need to open my eyes.

Scenario:

Two Companies, Company A and Company B

Two Domains, Domain A and Domain B

Two Companies Merge

Domain A is Windows Server Domain Domain B is Mac Server Domain

It was all fine until companies decided to move into one bigger office. :(

One Network, Two Domains, Expanded Subnet(255.255.0.0)

So what we need is to get users on Domain A access to all services on Domain B and vice versa.

Domain A consists of:

8/9 Windows Servers, fileservers, svn, exchange and so on...

Domain B consists of:

Mac Servers, Linux Servers for fileservers, svn, kerio mail and so on...

So the Question is:

How do I get around general authentication for end-users to access file services primarily on domain a or b. They may be setup using ldap on mac or windows active directory. Is there a layer on top that can provide authentication cross all platforms or get the domains to sit nicely together.

Current set-up is have a DMZ setup and vpn into domain b, obviously this is not an acceptable solution so was wondering if anyone knew of a better solution for this scenario or had any information to lead me in the right direction.

Thanks in advanced and thanks for reading and answering.

From serverfault Anicho

  • Read up on "magic triangle" (aka "golden triangle") setups for Mac OS X. A properly designed magic triangle will let your Mac users authenticate to the Windows resources and your Windows users get to the Mac resources. It's not trivial to set up, unfortunately. Have a look at http://images.apple.com/business/solutions/it/docs/Best_Practices_Active_Directory.pdf and see if that helps any.

    Anicho : That does actually help quite a bit, with other issues like mac managed on windows based domain so thank you. The issue I am having now is that everyone is using windows auth, the mac has old permissions I need to replace old permissions with new permissions from windows auth. I am going to transfer all files to windows servers and change permissions need a script to change permissions from firstname.secondname to f.secondname when transferring files.
    From Paul Robichaux
Posted by Ku XI at 8:46 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)