Hello dudes,

First sorry any english mistakes, since it's not my native language. And sorry 
about the long text.

I'm planning a complete migration and restructuration of our servers.

I was not planning to use Gentoo, since our legacy use the "Red Hat Terrorism" 
and many users are skeptical about other Linux distros. But with Scientific 
Linux (another RHEL clone), I was unable to set features like Active Directory 
Authentication through Samba and Winbind because RHEL5 uses Samba 3.0 (old and 
deprecated) and the AD Server is running at Windows 2008 R2, and no, since it's 
a new installation I don't want to use old software. So if I need to recompile 
almost every package from the source I will use Gentoo.

Let-me explain my actual environment and what I want to be with the new 

Router / Firewall: Heavily loaded iptables with a lot of rules and deprecated 
gated binary for routes and RIP.
Mail Server: obsolete Sendmail as MTA with Dovecot for IMAP.
DNS Server: named running in Scientific Linux 5.
VPN Server: gentoo running poptop PPTPd.
Radius: FreeBSD 7.2 with FreeRADIUS 1.1.7
Generic Server 1: Scientific Linux 5 with secondary named (DNS), DHCP server, 
netatalk (compiled from source with all dependencies), broken SMB, broken CUPS, 
another poptop server, LAMP, NIS Server, NFS Server, WebDAV Server.
Generic Server 2: SSH entrance with Scientific Linux 5, NIS Client.
Generic Server 3: Mailman, Webmail (with SquirrelMail and Horde IMP), LAMP and 
once again: Scientific Linux 5.
Generic Server 4: Time Server, LAMP Server, SVN Server, Nagios and Cacti 
Servers. SL5.

We have a most mixed software and hardware environment, with obsolete hardware. 
Like Pentium's 3, Pentium's 4, Athlon MP and XP. Some machines are from 2008 
with Core 2 Duo or Pentium Dual-Core (the same Core 2 core with reduced L2).

About the problems? Various: heavy loaded mail server due limitations of 
Sendmail (1GB plain text files for example), old software thanks to RHEL 
approach, aging hardware, no single-sing on solution, no Windows control, 
indiscriminate printer usage, ridiculous approach with WPA2 Enterprise due 
limitations of FreeRADIUS 1; and a lot of problems.

What I want to do:
Directory Server with Active Directory Domain Services; it's implemented and 
running. So it can serve: Microsoft's LDAP, AD, DNS, Time Server.

Mail Server: Exchange Server 2010 SP1. To be implemented, I don't even have the 
hardware for it.

Linux Authentication Machine:
I've done some tests and it's working to authenticate through AD, so my getent 
function works, people can authenticate with SSH and Samba/Winbind takes 
control of UID and GID mappings. It's really awesome. FreeRADIUS 2 is already 
installed and working with NTLM_AUTH. So I finally get the "single-sing on 

What's missing: OpenLDAP replication from AD? Is this possible? Is this needed? 
Since I want another machines (running Linux) to authenticate it will be a good 
idea only ONE machine get information from AD and everyone else authenticate 
natively on this Gentoo Machine.

What's wrong: Not running a hardened profile. And I think this necessary. But I 
need to use genkernel to have easy hardware migration if something went wrong.

And about the Generic Servers: Put Gentoo on it. With better defined services, 
such: Routing Services (Route, DHCP, DNS) and File Services (SMB, AFP, NFS, 

Thanks for your attention and patience. This is a huge project and I really 
want to hear the feedback, critics and everything else, even the hate mails 
about Microsoft Servers.
Vinícius Ferrão.

PS: We already have MS Licenses, since I'm in a university with MSDNAA program.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to