LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 03-09-2011, 02:27 AM   #1
kitek
Member
 
Registered: Apr 2005
Posts: 252

Rep: Reputation: 15
Solutions for my network infrastructure please suggest


I will try and save everyone's eyes and short phrase what I want to do and if you guys could help me decide what's best.

I have a windows, linux, and a couple macs. The windows network has DC's and workstations etc. It is on a seprate public IP. Then I have 2 DNS's on 2 seprate IP's. They are on linux plattforms. Then I have a webserver on another IP. I was thinking about letting the DNS and webservers keep their own public IP's and then the windows network has its own. Then add a second NIC's in the linux boxes and connect them to the windows network switch then activate samba and nfs to access those servers within the network as a whole now. This will work right? Also I want to be able to have the windows domain and linux boxes all have the same login with the windows servers being the boss. I haven't used kerbose before so I haven't even researched on how to use it. I have a couple 1 TB usb drives on the windows networks for storage. I would like to use them to access between the windows and linux pc's as well. I am going to be adding a couple more linux servers.

what do you guys think?
 
Old 03-10-2011, 04:04 AM   #2
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
It sounds like you want to have public facing IP addresses for servers and use a private LAN to communicate amongst the machines. This will work and can have a lot of security advantages. For your authentication and sharing, Samba with Kerberos and LDAP should do the trick. There is lots of documentation on how to set this up, but will likely still be a project in-and-of itself (read PITA).

I say go for it. Take it a step at a time though, and focus on getting one thing working at a time. You will have a lot of variables, including using options that may not be standard in some of the packages, such as Kerberos support, and you may need to compile them from source.
 
Old 03-10-2011, 08:23 AM   #3
kitek
Member
 
Registered: Apr 2005
Posts: 252

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Noway2 View Post
It sounds like you want to have public facing IP addresses for servers and use a private LAN to communicate amongst the machines. This will work and can have a lot of security advantages. For your authentication and sharing, Samba with Kerberos and LDAP should do the trick. There is lots of documentation on how to set this up, but will likely still be a project in-and-of itself (read PITA).

I say go for it. Take it a step at a time though, and focus on getting one thing working at a time. You will have a lot of variables, including using options that may not be standard in some of the packages, such as Kerberos support, and you may need to compile them from source.
thank you for your response noway2. Sounds good. I figured it was good to do but I didn't even think about the advantages of security. What is the differece in LDAP and kerberos? And is there one of these packages that I should setup first?
 
Old 03-10-2011, 11:33 AM   #4
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Gentoo
Posts: 2,125

Rep: Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781Reputation: 781
In terms of security, a private LAN is a good place to put network based tools that you don't want to have be publicly accessible, such as webmin, myadmin, etc which can really FSCK you up if they get owned. It isn't 100% so be sure you still use good credential authentication methods, but it puts a good size hurdle in front of them.

With regards to your other question, LDAP and Kerberos work together, but on different aspects of the authentication. In essence, LDAP is a database for authenticating your users and realms. Windows Active Directory and Linux can be configured to utilize LDAP for user authentication and maintaining a "home" directory. This frees you from having to have individual user accounts on each machine. Once a user has been authenticated on one machine, Kerberos works in the background to allow one machine to authenticate with an other and allow them to communicate securely. I admit that I don't understand all the details behind it, but it utilizes public-key encryption techniques to generate authentication 'tickets' that are good for a certain period of time. Combined the two systems allow you to have a single, centralized user login system that can be used on any machine and one can access their files from any of these machines.
 
Old 03-10-2011, 06:45 PM   #5
kitek
Member
 
Registered: Apr 2005
Posts: 252

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by Noway2 View Post
In terms of security, a private LAN is a good place to put network based tools that you don't want to have be publicly accessible, such as webmin, myadmin, etc which can really FSCK you up if they get owned. It isn't 100% so be sure you still use good credential authentication methods, but it puts a good size hurdle in front of them.

With regards to your other question, LDAP and Kerberos work together, but on different aspects of the authentication. In essence, LDAP is a database for authenticating your users and realms. Windows Active Directory and Linux can be configured to utilize LDAP for user authentication and maintaining a "home" directory. This frees you from having to have individual user accounts on each machine. Once a user has been authenticated on one machine, Kerberos works in the background to allow one machine to authenticate with an other and allow them to communicate securely. I admit that I don't understand all the details behind it, but it utilizes public-key encryption techniques to generate authentication 'tickets' that are good for a certain period of time. Combined the two systems allow you to have a single, centralized user login system that can be used on any machine and one can access their files from any of these machines.
Any suggestions on what servers should do what? What I mean is you know have a kreberos and a ldap as one and samba nfs. You know where there isnt one server doing it all or do you think that is okay? as you know a linux serve can handle a lot on one machine.
 
Old 03-10-2011, 09:02 PM   #6
ComputerErik
Member
 
Registered: Apr 2005
Location: NYC
Distribution: Debian, RHEL
Posts: 269

Rep: Reputation: 54
If you already have the Windows server acting as a Domain Controller and you want that to be the central server to manage logins there is no real need for a Linux LDAP or Kerberos server since that is essentially what the Domain Controller does. All you need if you want to authenticate your Linux servers against the existing Windows directory is the client portions. And if you want to make it easier, and gain some more control, there are tools such as Centrify and Likewise to get it done.
 
Old 03-10-2011, 09:06 PM   #7
kitek
Member
 
Registered: Apr 2005
Posts: 252

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by ComputerErik View Post
If you already have the Windows server acting as a Domain Controller and you want that to be the central server to manage logins there is no real need for a Linux LDAP or Kerberos server since that is essentially what the Domain Controller does. All you need if you want to authenticate your Linux servers against the existing Windows directory is the client portions. And if you want to make it easier, and gain some more control, there are tools such as Centrify and Likewise to get it done.
Yeah I have a good windows network going. 3 DC's. I just want the linux boxes to have the same logins and such. So if you attempted to login on any linux server/client, your login creditials are check by the windows domain and permissions as well?
 
Old 03-10-2011, 11:07 PM   #8
ComputerErik
Member
 
Registered: Apr 2005
Location: NYC
Distribution: Debian, RHEL
Posts: 269

Rep: Reputation: 54
Exactly, essentially you are joining those Linux machines to your Windows domain and they become just like any of the Windows machines in terms of authentication. You can even get fancy and do a kerberized SSH so you can login to any of the other Linux machines with no need to type a password since a Kerberos ticket gets passed in the background.
 
Old 03-11-2011, 12:06 AM   #9
kitek
Member
 
Registered: Apr 2005
Posts: 252

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by ComputerErik View Post
Exactly, essentially you are joining those Linux machines to your Windows domain and they become just like any of the Windows machines in terms of authentication. You can even get fancy and do a kerberized SSH so you can login to any of the other Linux machines with no need to type a password since a Kerberos ticket gets passed in the background.
Interesting. I just built 3 new boxes with out O/S's on them yet. I think I will load one up with centos 5.5 and first get it joined to the windows network and test it all out before I do anything with the other two and once I get it on working correctly I will decided what to do with the other 2 and the current servers joined up too. So I will need to just start out the NFS and samba right?
 
Old 03-11-2011, 06:55 AM   #10
ComputerErik
Member
 
Registered: Apr 2005
Location: NYC
Distribution: Debian, RHEL
Posts: 269

Rep: Reputation: 54
That will depend on what your end goal is. If you want the Windows servers to provide just authentication and the Linux servers to provide storage yes. If you already have files on the Windows servers you want the Linux PCs to be able to access you might need only Samba.
 
Old 03-11-2011, 07:39 AM   #11
kitek
Member
 
Registered: Apr 2005
Posts: 252

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by ComputerErik View Post
That will depend on what your end goal is. If you want the Windows servers to provide just authentication and the Linux servers to provide storage yes. If you already have files on the Windows servers you want the Linux PCs to be able to access you might need only Samba.
I will actually want to do it both ways. Such as, Windows PC's can access files on the Linux Boxes, and Linux be-able to access other Linux and Windows Shared Folders/Drives.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Kernel Log: Coming in 2.6.38 (Part 3) – Network drivers and infrastructure LXer Syndicated Linux News 0 02-25-2011 09:21 PM
How to interconnect an ad-hoc network with an infrastructure network tonydeb Linux - Wireless Networking 3 08-08-2005 02:42 PM
Designing a Linux Network Infrastructure!? therizwaan Linux - Networking 5 09-12-2002 05:51 PM
Network Solutions Help ohssax Linux - Networking 4 05-31-2002 02:39 PM
network infrastructure kodiakmook Linux - Networking 4 11-13-2001 07:26 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 02:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration