|
Need help and advice on a server configuration I dont even know is possible
Hi there everyone,
I was toying with the idea of making one of my old computers into a Radius server (using FreeRadius) to act as authentication for my wireless router. That idea was simple enough. Then I started over thinking. Not good. Now I want to not only have that system act as a Radius server, but also as a sort of domain controller, with roaming profiles for my windows and linux boxes. I have no idea to where to even start on this. I have a Dlink 655 Wireless Extreme N Router that is connected to my broadband connection. The server - although it has 2 nic's, will only use one. It will not be used to assign IP addresses as all the NAT work is being handled by the router. I want the desktops to authenticate to the server apon log-in, and authenticate against FreeRadius for network access. When a Desktop log's in, it will retrieve it's roaming profile from the server. Will this even work or am I making this way to complicated than it needs to be? I've worked with setting up servers with NAT on the OUTSIDE of routers using the router as an Access point, but never in reverse so I'm on some shakey ground here. I'm using Ubuntu 9.04 as the OS on the server. Any suggestions, assistance, or feedback is welcome. Thanks Carlo |
Nothing wrong with making it complicated when you're doing it for fun mate, just remember that at the end you want it easy to manage.
If I was giving this a go I'd probably start with FreeIPA as the "domain controller", you may need to customise it to support roaming profiles for Windows and Linux (depending on how you do it) as they wouldn't be compatible being separate operating systems. Radius is a great tool for authenticating logins to network equipment but I wouldn't require it just for network access. Then again you may be able to integrate it with FreeIPA and so require anyone to authenticate before getting internet access... Anyway.. good luck.. cheers, kbp |
Thank you for the advice!
Quote:
I was originally thinking of using Samba as the DC, authenticating against LDAP. Using Samba, I should be able to set up a network drive that can store both Linux and Windows roaming profiles (Theory LOL - I've never tried it lol). The hope is that with having Samba authenticate against LDAP, and that FreeRadius also authenticates against LDAP, that I could have a one stop shop, where the server authenticates at login, giving access to the internet, network shares, and roaming profiles. I honestly never heard of FreeIPA. I took a look at it today online and it looks like it will do the job nicely without all the messy re-working of scripts. It seems to authenticate against LDAP, and there appears to be a plugin for FreeRadius to use it for authentication as well. If it can make use of Samba, that would be the cat's meow. Again thank you for pointing this out to me! I'm testing everything in a VMWare environment before going live. So much easier than lugging my server from my basement - up 2 flight of stairs to my office to do the work and then back down to hook up for testing lol (no monitor for my server LOL) |
After doing some extensive research on the issue, it is do-able but extremly complicated and I"m not 100% convinced that it would be worth it trying to configure it to work the way I had envisioned it
From what I can tell, the options are this: a) Remove the domain authentication level thus removing any ability for roaming profiles, but able to remain secure through a radius server b) remove the radius server, and go through a complicated set of hurdles to creat a wireless bootstrap profile for the windows machines (however I only found guides for vista - not xp) There doesn't appear to be a win/win situation here. The way I wanted it however should work absolutly fine with a complete linux network as long as they have built in wireless drivers, just because of the way linux loads that information as it is booting up. It seems to prepare the connection prior to loging in (the wireless frame work is established, it has a network list in memory, just needs to be told what to do or what to connect to). Windows doesn't do this. It boots its video drivers, and sound drivers, and even LAN drivers durring boot, but wireless drivers don't appear to be loaded or initialised untill after login. Here is an excerpt from something I found on the net. Quote:
http://computerguidetips.blogspot.co...ss-client.html And from here it gets complicated LOL The articles are based on creating the bootstrap via another windows machine running Active Directory. I could not find a single article that described a method of creating one when utilising linux as the DC or as a Radius server. Anyone else up for a challenge? LOL I was doing trying to do it for fun, but this is starting to get to be a bit much. Plus my wife is getting mad at me cause in the process I've made it so her laptop can't connect to the internet (LOL) So I think I might have to abandon this idea for another day. I had heard that apparently Windows 7 is going to work more like Linux and pre-load the wireless drivers before loging in, but thats only rumors so I have no idea if its true or not. I've never beta tested it so I wont speculate on it. Again - this may be something someone who has the time and inclination can try out. |
| All times are GMT -5. The time now is 11:19 PM. |