Authentication, application, active directory servers?
John Richard Moser
nigelenki at comcast.net
Sat Apr 1 01:38:57 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
I would like to set up a small shop in my house to satisfy the
requirements of running a small enterprise network with the following
- Centralized authentication
- Kerberos 5, Active Directory, etc
- Application Server
- Roaming profile
The ideal set-up is thus:
SWITCH---SERVER (Auth, Roaming profiles, Application, VPN)
The problems I'm having are relatively straightforward:
1. I have no idea what "Active Directory" is, I THINK it's a Microsoft
product that does roaming profiles, authentication, and application
2. I have no idea how to set up any Linux server for roaming profile,
application server, authentication, or VPN.
3. I don't know how to set up clients for these, at all :)
What I CAN do is set up a server running a LAMP stack. I can install
Linux fine (Gentoo Ubuntu Slackware Fedora Mandriva SuSE...). The basic
stuff. This is a huge learning experience for me; I want a skill that I
can apply on the job.
Does anyone have any tips for what to use to do this stuff? I'm willing
to shift to Fedora Core 4 (or 5 when it's stable in a month or two) for
the server. I would say Debian but I don't like its 3 year release
cycles and lack of commercial support....
My priorities follow thusly:
- Central authentication (RADIUS, OpenLDAP, Kerberos-5), must work with
Free tools or built-in OS components only for OSX, Linux, Windows XP.
- VPN, must supply secrecy, integrity, non-repudiation, and
authentication. IPSec satisfies all of this and should work for OSX,
Linux, and Windows out of the box.
- Application server. Application and license management is a big
thing on Windows... :) 300 Photoshop licenses in a 5000 computer shop
means you should only let 300 copies be used at once!
- Roaming profiles, not sure what the hell these do. Settings and
files are accessible I think, but this has different implications
between Windows and Linux (don't want a copy of $HOME and a copy of
C:\Documents and Settings\USER interleaved).
I could also use some help configuring the Samba server to have
directories accessible by only set users or groups; read-only/read-write
by those; etc.
All content of all messages exchanged herein are left in the
Public Domain, unless otherwise explicitly stated.
Creative brains are a valuable, limited resource. They shouldn't be
wasted on re-inventing the wheel when there are so many fascinating
new problems waiting out there.
-- Eric Steven Raymond
We will enslave their women, eat their children and rape their
-- Evil alien overlord from Blasto
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v188.8.131.52 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the ubuntu-users