Secure heterogeneous home / small business LAN
I want to set up a secure home / small business LAN. The LAN should be controlled by a FOSS server. The network must offer heterogeneous Single-Sign-On: a single username/password must be usable to log into Linux, Unix and Windows clients and the network; password changes etc. to take effect for all platform clients. The server should offer file sharing: No matter what client a user logs in from, a private directory of files should be available, and it should be possible to share specific directories between groups of users. The network should be as secure as possible against snooping between users as well resistent to a rouge client on the LAN.
My current idea is to have a central FreeBSD server with Unix/Linux PAM authentication through Kerberos, Linux/Unix PAM authorization through LDAP over SSL, Linux/Unix file sharing using NFSv4 with Kerberos, and using Samba (with the same Kerberos/LDAP backends) for Windows.
However, this does not seem to come "out of the box". I have quite some struggles to get a suitable Linux or FreeBSD server to work as described, and tools like Webmin only supports half of the abovementioned features.
I could just set up a Samba server, and let the Unix and Linux clients connect to this with SMB, but I find that this would be defeating the whole idea of FOSS. I have a hard time accepting that I should have to run a Unix / Linux network over SMB.
Any comments and suggestions would be most appreciated!
|