Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
so do you have any suggestions (or any useful input) for implementing this network policy?
what about filtering at DNS server level - user requests come to local DNS server, which forwards valid requests to external DNS servers, and blocks all others or points them somewhere else?
DNS filtering is an option but if users have the access to change the DNS settings for their respective systems, it would not work. They can use any other global DNS and by pass your settings.
Our network is very small. This gives me an option to manually set everything I want. Also have a windows domain as well. So I can restrict users from changing the proxy settings for the browsers.
If you have got nothing like this and your network is big, you really need a proper security model.
all users (5 deps x 30-50 users) are restricted winXP users so they can't change network settings. so DNS filtering would work, but if it's considered as dirty hack, it's no feasible then
there is no Windows server, so no Windows domain, but I'm about to setup Samba Domain Controler and I'll see the options to control users settings regarding proxies. would that lead to better architecture, this time?
I do not know how much control will SAMBA as PDC will give you. It surely can be used to authenticate and authorise users for network resources but windows domain controller can have better granular control over windows clients. SAMBA 4 is coming I guess. And it may have better options for it as PDC. You may want to look into it though.
It definitely will be a better network architecture than what your presently is.
Samba doesn't do group policy stuff if that's what you mean. AD does a bizarrely vast range of things, few of which are any interest of samba's. There are projects like freeipa which are pulling together this wider functionality under one name using samba and other things under the hood, but they are no where near production equivalents.
Exactly. But it still depends on the control OP wants on his resources. With windows clients windows server makes sense. GPOs can come in handy in a lot of ways. And because it is closed source, no one can expect it to come with open source with as many options as in windows. We use windows server for PDC. For us it makes sense. if OP has got no such intentions, he can happily settle down with samba.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.