You are not logged in.

#1 2020-07-11 13:18:24

MattMatt2
Member
Registered: 2019-03-11
Posts: 29

Network users

Hi,
I created a club in my school about IT, and the admin gave us a server and several computers. I want to make something like in the school network: each user can log in in each machine, have his own home directory, and a graphical login.

Problem is, I don't know where to start with: I don't know how to name this kind of network, what technology I should use, how to ensure everything is secure...
Any ideas?

Thanks for your help.

Offline

#2 2020-07-12 12:12:41

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,868

Re: Network users

Sounds like you want to setup an LDAP system[1]

The most used ldap implementation on a pure linux network is OpenLDAP[2] ,  for a pure microsoft windows network that's MS Active Directory[3]

For mixed networks samba[4] is often used to glue things together.


[1] https://en.wikipedia.org/wiki/Lightweig … s_Protocol
[2] https://wiki.archlinux.org/index.php/OpenLDAP
[3] https://en.wikipedia.org/wiki/Active_Directory
[4] https://wiki.archlinux.org/index.php/Samba


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#3 2020-07-14 10:28:38

MattMatt2
Member
Registered: 2019-03-11
Posts: 29

Re: Network users

Thanks for your reply. Now to store the home directories, which technology should I use? NFS+Samba?

Last edited by MattMatt2 (2020-07-14 10:28:58)

Offline

#4 2020-07-14 10:54:16

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,932
Website

Re: Network users

I administer a network with centralized authentication for club as well.
I used NFSv4 over WireGuard for the shared /home part and OpenLDAP for user authentication.
The latter turned out to be a bad decision in retrospect, since integrating an LDAP user database into FreeRADIUS for WIFI to provide a full-service SSO within the network, turned out to be nightmare.

        #  Uncomment it if you want to use ldap for authentication
        #
        #  Note that this means "check plain-text password against
        #  the ldap database", which means that EAP won't work,
        #  as it does not supply a plain-text password.
        #
        #  We do NOT recommend using this.  LDAP servers are databases.
        #  They are NOT authentication servers.  FreeRADIUS is an
        #  authentication server, and knows what to do with authentication.
        #  LDAP servers do not.
        #
        #Auth-Type LDAP {
        #       ldap
        #}

Offline

#5 2020-07-15 10:42:10

Lone_Wolf
Member
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 11,868

Re: Network users

LDAP user database into FreeRADIUS for WIFI to provide a full-service SSO within the network, turned out to be nightmare

In my (limited) experience SSO is what triggers the security nightmare.
Out of curiosity, which authentication method did you end up using ?

Last edited by Lone_Wolf (2020-07-15 10:42:34)


Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.


(A works at time B)  && (time C > time B ) ≠  (A works at time C)

Offline

#6 2020-07-15 12:36:57

schard
Member
From: Hannover
Registered: 2016-05-06
Posts: 1,932
Website

Re: Network users

For the time being I reverted to PSK authentication until I figure out a way to provide the SSO for WiFi in a secure manner.

Offline

Board footer

Powered by FluxBB