Quoting Kin C Wong <[EMAIL PROTECTED]>:
The office is planning to go virtual to reduce cost so everyone (some people are in different cities as well). Currently there is a webserver and ftp server, a mailserver, firewall (all linux) and a file server using Citrix and a domain server (Microsoft).
Going forward, I want to change everything to Linux. We will eliminate the domain server and the file server will use Samba instead. Currently everything except the webserver is behind a firewall (even the email server). Any advice on how one should configure this to be effective.
My initial thoughts are that the mail server does not need to be behind the firewall and can be easily co-located with the webserver and ftp server.
I prefer to put everything behind the firewall, then port forward what I need to
the appropriate server. Though there is nothing wrong with buying a dedicated
server and hosting web and mail on it (this is what I do). I also have smtp
auth with TLS securing the link, IMAPS (SSL) secures inbound email.
I know it is popular to store files using Samba, but if the office is virtual, would you configure ftp to point to the shared files? Would you use a different box and ip than mail, web and ftp server?
Ftp usernames and passwords are sent in the clear, and as such is a bad idea.
You could use sftp which is based on SSH, so remote users will need accounts on
the box, which they would likely have with SAMBA access anyway. You could
backend user accounts into LDAP removing the need to have local accounts for
all services (samba, web, mail, sftp etc). This is a lot more work, but
depending on the number of people you will be providing access to, it may be
worthwhile in the end. As an aside, I have all mail users authenticating
against LDAP, with sftp/ftp users to follow in the coming months.
There are SSL enabled ftp servers but I have had compatability issues with many
client software packages.
BTW, unfortunately on the client side, we still need to be on Windows if that makes a difference.
Mozilla/thunderbird support the TLS/SSL stuff on our mail server. Winscp and
filezilla are windows based sftp clients. There is a package called pgina
which you can use to provide alternative authentication methods to your windows
boxes.
Hope this helps,
Gustin
--
No trees were harmed in the transmission of this message, however a large number
of electrons were seriously inconvenienced.
--------------------------------------------------- This message was sent using Echostar Secure Webmail
pgpCasyFO3vai.pgp
Description: PGP Digital Signature_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
