Mixed environments security 2

[clocktower]

I am new to the forum so please have patience with me. In my environment we have both Apples and PCs as well as Apple Servers and NT servers. Being the new guy here I have been thrown into the Sarbanes-Oxley issue of getting all the computers to comply with the security issues. What I would like to see is all computers logging into one server (preferably active directory).

Is this a possibility or is it just a pipe dream?

Other factors:

Apple OS’s 8.6 to X

Windows OS’s 98 to XP

Budget – low to non existant

 

[Zelandakh]

If you want total transparency, you have 2 hopes and Bob is dead.

If you want users to share across the platforms, just add Apple Mac support to the NT Servers and if the Apple Servers are 10.2 and above or Appleshare IP 6.3.2 then the PCs can already connect.

Just set the security up on the share and you are done. No charge.

 

[ObviousTroll]

For the pre-OSX boxes, you have to either install window networking software (I think the product is called, believe it or not, "Dave") or else do what Zelandakh said and enable Apple services on the windows servers.

Upgrade the OS X boxes to Panther or better and they can join the Windows Domain, even letting people use their Windows UIDs to login.

 

[clocktower]

Unfortunately, Zelandakh, the security required goes beyond just shares. Someone else, on a different forum, suggested using “open directory” off our Apple server. I’ve just started to research it but might this be the solution I am looking for? Does anyone have a good resource about “open directory” or could give me some information beyond the sales hype.

ObviousTroll, thanks for the info. I have been looking at “dave” also and am in contact with them but I am afraid that it is mainly for file shares and printing. Their product “admitmac” is closer to what I am looking for but once again is for OSX 10.3 and up. Upgrading really isn’t an option at this time because of the budget.

 

[chiph]

Open Directory is Apple's implementation of LDAP (lightweight directory access protocol). Microsoft's implementation is Active Directory. Novell's is called eDirectory. Apple says that it can integrate with AD, as well as eDirectory, but I would take that with a grain of salt.

Be aware that your LDAP server (OpenDirectory or the others) will become the central place on your network for user permissions to be set. Ideally, all your applications will query the directory before allowing a user to do anything.

In order to get this right, you need to do a fair amount of planning. It's also a central point of failure -- if the LDAP server(s) go down, no one works. I would suggest you hire an expert to help you with this.

Chip H.


____________________________________________________________________
Donate to Katrina relief:

http://s1.amazon.com/paypage/PELYGQVJ8Q7IB/103-6821258-5919825

If you want to get the best response to a question, please read FAQ222-2244 first

 

[jimoblak]

It's also a central point of failure -- if the LDAP server(s) go down, no one works.

It's also a central point of hacking -- if the LDAP server(s) are compromised, the rest of the systems may be vulnerable. I like to keep some systems isolated to certain types of networks so that they cannot be accessed (aka hacked) by everyone on the common network protocol.

- - I hope this helps - -
_{(Complain to someone else if it doesn't)}