Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want that only my domain members will be able to use network resource as Internet.
Other User will not be able to access any services through my domain.
Someone says me that this will be through LDAP. I dont have any idea how to do it.
It is very required for me to do that in my office today.
Plz help me .
Regards:-
--------------
swastik swastikmohangupta@gmail.com
What kind of use do you mean by "access any services through my domain" ?
Prevent users from logging in by not giving password. But if these are users you need to allow shell login, but still prevent them from accessing the internet, that's much harder.
It is too unclear what you mean by these resources. Since different things may need different methods to control access, there isn't a good way to answer this until we know more.
1. There is a central domain controller over windows server 2008 for 15 locations.
2. There is a central DHCP server for 15 locations over which 15 different ip pools have been defined for the respective location.
Now,i am looking for some solution with which i can restrict any unauthorized user(which is not in the list of users on domain controller)..
Searching over the internet somewhere i found that something i have to work with LDAP.
Another way (not so nice) is to create a separate file/database (independent of domain controller) and it will authorize users. It may have the same login/password pairs as the domain's are. But if your domain security policy is to change passwords every N days, this scheme will be not so elegant.
You may configure MySQL authentication http://wiki.squid-cache.org/ConfigEx...enticate/Mysql
or NSCA authentcation (login:encrypted_password file) (no link, Google please)
I tried to do this by above link.
In Authentication options of above link there are below methods.
Negotiate/Kerberos, Negotiate/NTLM, NTLM and basic authentication
I am unable to think which method is better. Plz help me do this by giving step by step method through text or video link
In Authentication options of above link there are below methods.
Negotiate/Kerberos, Negotiate/NTLM, NTLM and basic authentication
I am unable to think which method is better.
Of the methods listed, Kerberos would be the most secure, also the most complex. Samba with WinBind (Windows Authentication) would be second, followed by basic authentication. The decision should be based upon your needs, as well as whether or not you already use Kerberos as part of your Windows Domain (you probably do).
Quote:
Plz help me do this by giving step by step method through text or video link
The short answer you will likely receive to this request is: no. You need to do your own searching for instructions on how to accomplish this task. In fact, the link you provided looks pretty good to me as far as a step by step set of instructions. If there are parts of this process that you don't understand, then you need to read, research and learn the missing pieces. Trying to just implement a service of this nature with said understanding will lead to failure or a terribly insecure system. It doesn't matter how badly you believe you need it RIGHT NOW, you must develop the understanding of what you are attempting to do when it comes to centralized authentication systems.
Seeing as you have centralised your DHCP you could make it so that only known devices (mac addresses) are given a lease, although if someone really wants to get on your network they can but this is probably going to be the case regardless.
Also not to point out the obvious but this is a "linux" forum and no where have you stated you are actually using any type of linux so perhaps asking the same question in a Microsoft based forum might yield some more responses.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.