Sorry for the spam, but.. I forgot a part in my current "user add" process:
I then have to have the user login via SSH (after having them download Putty) so that they can change their password. Then, I have to disallow them access to SSH (because they shouldn't be logging directly into the servers). On Fri, Sep 5, 2008 at 10:41 PM, Jesse Stone <[EMAIL PROTECTED]> wrote: > Would Freeradius be the correct technology for this? > > For example, > > Currently, for me to allow someone access to my OpenVPN server and Samba I > have to first add them as a standard user with the useradd script. Then I > have use smbpasswd -e to enable their account for Samba. If I wanted that > user to also be able to SSH into another server I would have to repeat this > process. After about 3 users I forgot who has access to what. This is the > process I want to simply. I want 1 place/script that prompts for every > app/server that I want to restrict access to: Samba, SSH, Shell access, X, > ect. I want this infromation stored in a standard SQL type database though > so I can easilly manipulate users once they've been created on the fly. > Perferrably within 1 table like a provided in my last email for an example > simple user management style. > > What do large companies that have many users/linux machines use to handle > user administration? > > -Jesse > > > On Fri, Sep 5, 2008 at 5:30 PM, Edvin Seferovic <[EMAIL PROTECTED]>wrote: > >> It is a tricky concept, but it can be done with a lot of effort. >> Probably not for all applications ( since it doesn't make any sense for some >> of them ). Maybe you should consider making a real network DMZ. The concept >> of DMZ allows you to define and allow/disallow access to services from the >> Internet and those from the local LAN. You DO NOT make things or services >> available "to the DMZ" ! >> >> >> >> Start simple ! >> >> >> >> Regards, >> >> E:S >> >> >> >> *From:* freeradius-users-bounces+edvin.seferovic=kolp.at@ >> lists.freeradius.org >> [mailto:freeradius-users-bounces+edvin.seferovic<freeradius-users-bounces%2Bedvin.seferovic> >> [EMAIL PROTECTED] *On Behalf Of *Jesse Stone >> *Sent:* Samstag, 06. September 2008 01:50 >> *To:* FreeRadius users mailing list >> *Subject:* Re: Freeradius Usage >> >> >> >> Thank you for the quick response. I may not have mentioned this >> previously but I am by no means a linux/networking expert. The company I >> work for is pro-MS. Recently, I got the urge to get back into Linux and >> here I am. >> >> >> >> My thinking (in regards to network structure) was that I wanted >> applications intended to the public as far away from my local lan as >> posible. The local lan requires the app server though- OpenVPN, Samba (as >> a PDC), misc other things so I wanted it available to the local lan but not >> to the DMZ. >> >> >> >> My main questions though are with Freeradius. My setup is for "hobby" >> purposes only and already I would have difficulty telling you exactly which >> users have access to what. >> >> >> >> I want to using a technology like Freeradius or LDAP create 1 central >> place on the app server that EVERYTHING would authenication to. In a >> perfect world, the end result would be that I could type something like >> this: >> >> >> >> select %user% from permissionsDB >> >> >> >> and be returned something like this: >> >> >> >> SSH: NO, OpenVPN: YES, Samba: %Specific group% (which indicates shares >> available), Shell Access: No, ect >> >> >> >> Basically, I want a setup where I can easilly scale upwards without having >> to "teach" each new application how to use a DB. Freeradious also can >> authenicate my wireless users when would also be great as for all I know, >> half my bandwidth is being used by my neighbors. >> >> >> >> -Jesse >> >> On Fri, Sep 5, 2008 at 4:34 PM, Edvin Seferovic <[EMAIL PROTECTED]> >> wrote: >> >> Hi, >> >> >> >> excuse me for asking, but why dont you set up the AppServer in your DMZ ? >> you could have ( what I call ) the T – structure >> >> >> >> >< --- INTERNET --> GATEWAY ( server1 ) <---> LOCAL LAN >> >> I >> >> I DMZ >> >> I >> >> SERVER2 + APPServer >> >> >> >> It depends how your users use the gateway and how are they suppose to >> connect to the Internet. >> >> >> >> Regards, >> >> E:S >> >> >> >> >> >> *From:* freeradius-users-bounces+edvin.seferovic=kolp.at@ >> lists.freeradius.org >> [mailto:freeradius-users-bounces+edvin.seferovic<freeradius-users-bounces%2Bedvin.seferovic> >> [EMAIL PROTECTED] *On Behalf Of *Jesse Stone >> *Sent:* Samstag, 06. September 2008 01:25 >> *To:* FreeRadius users mailing list >> *Subject:* Freeradius Usage >> >> >> >> Hi All, >> >> >> >> I am new to this mailing list and am about to ask a probably very silly >> question. Please feel free to direct me to resources that'll help me answer >> them. >> >> >> >> I want to setup the following: >> >> >> >> Gateway [server1] >> >> - nic1 = Internet >> >> - nic2 = DMZ [server2] >> >> - nic3 = Router w/ Wireless -> App Server [Server3] (FREERADIUS >> SERVER HERE) -> Local Lan >> >> >> >> I read a lot about both Freeradius and LDAP and cannot determine if either >> can accomplish my goals. >> >> >> >> What I want is: >> >> >> >> 1) 1 central place where all user authenication takes place: SSH, Shell >> Access, Samba, OpenVPN, Mumble, Any other app that requires user >> administration. >> >> 2) This information stored in a SQL type database so that I can build my >> own custom apps to report on user usage, performance ect. >> >> 3) My router has wireless and I have enabled the security features. I >> would still like authenication to take place before a wireless user is >> allowed on the network. >> >> >> >> For example, >> >> >> >> Currently, I have this: Router w/ Wireless -> App Server [Server3] + Local >> Lan >> >> >> >> I want this: Router w/ Wireless -> App Server [Server3] -> Local Lan >> >> >> >> Is Freeradius the best approach for my needs? Do I need anything else? >> >> >> >> -Jesse >> >> >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
