Authentication, application, active directory servers?

[John Richard Moser]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I would like to set up a small shop in my house to satisfy the
requirements of running a small enterprise network with the following
features:


 - Centralized authentication
   - Kerberos 5, Active Directory, etc
 - Application Server
 - Roaming profile

The ideal set-up is thus:

ROUTER---INTERNET
 |
SWITCH---SERVER (Auth, Roaming profiles, Application, VPN)
       |-LINUX WORKSTATION
       |-WINDOWS WORKSTATION

The problems I'm having are relatively straightforward:

 1.  I have no idea what "Active Directory" is, I THINK it's a Microsoft
product that does roaming profiles, authentication, and application
servering.
 2.  I have no idea how to set up any Linux server for roaming profile,
application server, authentication, or VPN.
 3.  I don't know how to set up clients for these, at all :)


What I CAN do is set up a server running a LAMP stack.  I can install
Linux fine (Gentoo Ubuntu Slackware Fedora Mandriva SuSE...).  The basic
stuff.  This is a huge learning experience for me; I want a skill that I
can apply on the job.

Does anyone have any tips for what to use to do this stuff?  I'm willing
to shift to Fedora Core 4 (or 5 when it's stable in a month or two) for
the server.  I would say Debian but I don't like its 3 year release
cycles and lack of commercial support....

My priorities follow thusly:

 - Central authentication (RADIUS, OpenLDAP, Kerberos-5), must work with
Free tools or built-in OS components only for OSX, Linux, Windows XP.
 - VPN, must supply secrecy, integrity, non-repudiation, and
authentication.  IPSec satisfies all of this and should work for OSX,
Linux, and Windows out of the box.
 - Application server.  Application and license management is a big
thing on Windows... :) 300 Photoshop licenses in a 5000 computer shop
means you should only let 300 copies be used at once!
 - Roaming profiles, not sure what the hell these do.  Settings and
files are accessible I think, but this has different implications
between Windows and Linux (don't want a copy of $HOME and a copy of
C:\Documents and Settings\USER interleaved).

I could also use some help configuring the Samba server to have
directories accessible by only set users or groups; read-only/read-write
by those; etc.


- --
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.

    Creative brains are a valuable, limited resource. They shouldn't be
    wasted on re-inventing the wheel when there are so many fascinating
    new problems waiting out there.
                                                 -- Eric Steven Raymond

    We will enslave their women, eat their children and rape their
    cattle!
                                     -- Evil alien overlord from Blasto
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBRC3ZsAs1xW0HCTEFAQK25Q//eW3KLBZMQJ8dwO+aT8CDTevxN3SPCElM
6Bg8KZOWXmu58p0Oqvyr9LhighAz3tRWxBFuuS/ZZrK2BNTinTVhIz0vy4Epi1p9
fOWFLi3D+pPvZ7gJ/XRQUdzic2Pdj7pGCaYID1IbT3YgzLspnljaEaobiGlTdHF7
BmufelhbK/9JDI0UR8MtF4FD9r5HrcWnMTmeCeiuZOuFjYOw6xy2bc/qkNlK8yqb
5V3rC3Q2wXDJwxmPJH8G0RQrCsgw+8Zvct8RgPkUvwFx+xsFBAzdUy+KSGG4nCQi
rzzv9etI0p8E5aIclWnIXxUbQUCoQb6krn6N80w7sfq5TtoCJRRbSkBFlJJhWRKW
gLopnOmOwiJ5TpWVY7/nGUlwBe2pnuun+l9wr0vSX7JTpSDbiv5B9QZnGSu4vPWl
bDyetvWH3v+LfBUvvpcCvrxrtFdjyD/ehfAdfkzn9v3cHfCMfaLer6v2BbPXrYrT
RsiLxzQ5JHR2rrrJZryif5h7aY62g57rfU5TmC5bAYvlnx/Lf0/kfEiVDCcB74T3
4DyZg84uPDdU4sLrtEfBhaCs0WtB+WVChvAFtgD+o8lkqJDOZ+XpplDzrkzDrFnF
f5iXr28x0WZsVZ8NIky9pBvNEYjHu7l2zvZ76rQBXlg8hVTd1LmXazNqrvkKgEVa
Et3OIp+DHsk=
=Snu/
-----END PGP SIGNATURE-----