I take it fixing the IP Address doesn't help then?
Printable View
I take it fixing the IP Address doesn't help then?
Authenticating Linux against Active Directory
http://www.windowsnetworking.com/art...Directory.html
in your *quest* to *learn* something, there is a very real possibility that you are causing connectivity issues, outge issues somewhere else on the network. meaning someone else is getting real pissed off with the system and getting real pissed off the with admins. the admins are getting extra work trying to figure out what is causing the problem. not a good thing. put yourself in their shoes. (you did say you have good intentions?? i dont see it!)Quote:
Originally posted here by br_fusion
Very true TigerShark
But I'm trying to jump through more hoops, just for the sake of learning something. This might make me reckless or stupid, but what else am I going to do between classes.
I'll keep your comment in mind, because I do log in occasionally w/o trying to mess with everything. And spoofing my MAC couldn't hurt. (While keeping in mind, I AM trying to stay out of trouble here, not do anything stupid)
Thanks for the quick reply.
Fusion
bottom line - it'a not good to experiment with real live production systems. you could cause problems you are not aware of that you could cause. there are tons of tools out there that can help you experiment (emulatos, VR Systems) without it affecting other peoples productivity. if you get caught - you will be reprimanaded.
if you have the luxury of free time and a healthy curiosity --> you are trying to integrate linux into an unfriendly windows environment, right? have you considerd working on a prog./system/method/tool/whatever that will help others integrate their *nix boxs into windows? there is always a better way of doing things - you just have to find it. plus the effort might result in money or at the very least something nice to put on a resume.Quote:
This might make me reckless or stupid, but what else am I going to do between classes.
Thanks for the link secure_lockdown, it was really easy to follow.
As far as your *advice* and *pissing* people off. I’ve made sure from the start that the network settings I assign myself are not in use elsewhere, such as MAC and IP. So I don't see anyone getting disconnected in that way. As far as introducing a linux client in an AD environment, I really haven’t attempted anything that would cause network problems(besides the initial discovery). And while I plan on attempting to join the domain with linux, I try to use reliable resources/links(such as the one you sent me) as a guideline where they have yet to mention any apparent network problems.
You are right for what you said, but I try to keep all that into consideration already. And anytime someone wants to learn something these days, there will always be possibilities for problems, but that’s what learning is about. I’m young, I can’t afford half of the software on the net or any more test stations. I carefully make do as I go along. So until "emulatos, VR Systems" become a reasonable price, I'll continue to outweigh the risk and learn from the network here at school. Keeping in mind any problems I should stay clear from causing.
I just want to let you know that I"m somewhat aware of my actions and I'm not just recklessly connecting around a network.
Cheers
Fusion
First off, tyring to break into a schools network is grounds for expulsion and mass fees if you get caught. Universities are no longer taking this stuff lightly. At the university I work for we have a very similar security scheme, including the banning of macs, only we track which users use which mac. So if you spoof your mac eventually they will realise it and then ban your username. The schools computers macs are kept in a DB so they are not effected byt this. BUt every "non-school" computer that logs in gets copied down then the username gets stored with it. If we see an "out of the ordinary" number of different macs with one log in name the name gets added to a list of "suspects" if any other of those suspects have any other suspicious activity, as in frequent logging in or out, like an obscene amount of times in a day, or hour, or something they ban the name in case itis a "virus" and anytime they try log in it takes them to a page that says to visit any of the ICS labs, where they now have the right to remove any programs that can be "harmful" to the network before they un ban you. Remember, youre on their network, youre playing by their rules. Of course all of this stuff is published and in the agreement you sign when applying for your log in name...so its not a secret. This is just a warning, you should be careful, most school admins arent as stupid as they seem.
First off, I can see where you’re coming from. I almost have no room to talk because I don't know what you deal with on a daily basis. But here goes anyway...
You should have read my posts more closely before you gave me such a strict/unpleasant response. I wouldn't constitute my actions as breaking into the schools network. This sounds a little harsh to me. As for my attentions, I stated that the logging in is not used to track people, so it is not like I am trying to hide my actions. And when I do assign my own network information without logging in, my actions do not consist of any suspicious activity, this I can assure you. What I'm doing is to learn, I'm not trying to DoS their systems or anything. So yet what I'm doing may be some wrong doing, but by your grounds it makes it seem like I'm a criminal.
Again, you work for a University and might deal with some very malicious users. I just hope you don’t get their intentions confused with the innocent ones all the time. Or see the outcome of every user’s actions as always being malicious.
Cheers again
Fusion
br_fusion, if you are playing with hacking tools - you probably don't want to play with them hooked up to a network with other people on it - regardless of how much you think you know. based on your original post, it sounds like you are just getting familiar with this stuff. even the SANS guys play around with this stuff in a *controled* environment.
I in no way meant to say that you were being malicious. But from the eyes of the network admin if you are using any tools to mask who you are (macchanger) or are doing anything that is different from the norm it can and probably will be looked at as suspicious activity, reguardless of your intention. By assigning your self a static IP on a DHCP network you can cause problems, yea they are small, but problems none the less. If you are that interested in the workings of the network, go talk to the admin. There are student jobs as network staff at most universities, and when most admins see a person so eagerly wanting to learn, especially at a university, they are willing to give them a chance. I was just giving you a warning about the trouble you can get it, computer crimes are being taken very seriously, especially after incidents like the break in at berkley, network staff are on alert.
Technically, you could be in violation of your school's AUP if it requires you run a specific OS. At any rate, if you asked an admin for help adding your linux box, they will have probably one of two basic responses:Quote:
Originally posted here by br_fusion
And when I do assign my own network information without logging in, my actions do not consist of any suspicious activity, this I can assure you. What I'm doing is to learn, I'm not trying to DoS their systems or anything. So yet what I'm doing may be some wrong doing, but by your grounds it makes it seem like I'm a criminal.
- Here's how to do it
- Get stuffed
Why not ask them first? If they don't want you doing it, they don't want you doing it.
It will look more suspicious if you are avoiding detection/MAC bans than it would if you were up front about it. Honesty doesn't hurt when dealing with other people.
An alternative to logging into AD without installing Windows is to use VMWare and create a Windows VMSession with the appopriate config to authenticate to AD.
At work, they use eDirectory (requires the fat client to login).. so to keep my laptop pristine, I just fire up a VM Image whenever I need to pull something off the corp. network.
And.. as was already pointed out, just disable DHCP and you're set - since you indicated you had a static IP to use.