# [SOLVED] Gentoo in non-friendly Windows domain environment

## cz0

Hello, folks!

I've been using Gentoo for ages by now and completely satisfied with it. But a couple of weeks ago I got a new job in a big bank with all this windowsy active directory and domain crap. It is not very welcomed to use anything but Win 7 Pro, but I did my tricky work and got a fresh Gentoo on my laptop (with a dual boot, just in case). The problem is in authorization.

I have another Ubuntu desktop with all this magic working, but I have no idea how all this was done.

What I can see from root .bash_history file is that mit-krb5, samba, ntp and nss were installed. When you login to this Ubuntu machine, you mast use your Domain user and password with only root as exception. Then it let you in. When you need some web surfing, browser will ask you for authorization once again (only for Linux, Windows work with no any extra steps here). You type something like DOMAIN\username and password and it let you go through the web. Only HTTP/HTTPS traffic is restricted, all the rest is free to go (this is how I got my Gentoo installed from Interned: with a help of SSH and some SOCKS5/HTTP proxy wrapping). Besides, some kind of hardware port protection is in use. For example: I log in on Ubuntu machine and authorize for HTTP with a help of browser, then I set same IP-MAC-HOSTNAME trinity on my Gentoo, reconnect it with this ethernet cable and I can get HTTP for some time until authorization expires. Then I can repeat the the trick. Same trick will work with my native IP-MAC-HOSTNAME if I login into Windows.

I was able to get my pam authorization work with Domain by enabling mit_krb5 use flag and reemergeing pam. It work as a charm and let me login only with my domain user/password pair. I got this working by simply copying /etc/krb5.conf from Ubuntu machine.

But then... I got stuck with HTTP authorization. Even with logged in via Domain account, after some time I get kind of "ironport" block from the HTTP proxy. I have no idea how all this work and how I can get it work as on Ubuntu machine.

So, I definitely need help and some theory on this topic.

----------

## cz0

Accidentally solved by adding two hard-defined host into /etc/hosts so the properly resolve and let me authorize on proxy.

----------

