Need A Solution For a Home Server Design

Hello to you are What I want to setup is a Server in which each user have there own profile and drive in which they can save there data to, I also want each User to be able to logon to the Domain by any computer in the house / network and I wan't to be able to administrate users / groups via the server. I also want to have the ability to setup and map drives. I want the server to work with both Windows XP / 7

I want to cut the cost so i'm going with Linux, I don't really want to go with a full fledge distribution that helps such as Zentyal or SME server. I will be using Centos and wish to learn how to setup and administrate it from the start.

The part I am really getting confused with is do I need to user LDAP or Kerberos to setup this or can I setup a PDC just using samba 4 and get it to do what I want it to do? Has anyone setup something similar to something I want to achieve.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

ChooseLife

Others may disagree, but here's my opinion:

Unless you have a strong (and I mean strong) background in systems administration, setting up open-source directory services may become a project far more involved than you may anticipate. If cost is the main driver for going with Linux, do yourself a favour, buy an MS Server license and go with a usual Active Directory. And if you want to practice, you can always build an opensource solution in a lab.

I do Linux administration for living, and having worked with openldap/kerberos/samba/duct-tape solutions in the past, I believe this is one of the rare situations where MS is doing a better job, at least at the moment. OTOH, experience with open-source solutions for directory services will give you a much better understanding of how things like Kerberos work - perhaps more than you would want to know

ally_uk

Do you have to use LDAP, Keberos to setup up a simple domain so that users can log onto the network using any computer? Or can it be done just by editing a Samba Config?

dustinmurphy

BTW - you can save a LOT of money using Microsoft products using a Technet Subscription. As long as you don't plan on the licenses going into business production, you can get most editions of Server and other MS products for a $200/year subscription (I got a single year, took my licenses and now I have all those "test" licenses for $200)

demonfurbie

you may wanna look at ClearOS | Overview | Software

dustinmurphy

Play to the strengths of the OS. The situation you are looking to create is a very simple, and built-in process for a Windows-based server. Using Linux to create a domain is very difficult, and as others have said... takes a lot of band-aids. Building a MS domain and doing the things you want to do... is MUCH easier on a Windows box. If you are looking for the experience... sounds good... enjoy. If you're looking for a good solution and one that works, and will be supported in most business environments, MS is the way to go.

MentholMoose

ally_uk wrote: »

Do you have to use LDAP, Keberos to setup up a simple domain so that users can log onto the network using any computer? Or can it be done just by editing a Samba Config?

I haven't tried this but I think it's entirely done through Samba... from skimming Samba4/HOWTO - SambaWiki, it looks like it includes its own LDAP and kerberos services.

dustinmurphy

MentholMoose wrote: »

I haven't tried this but I think it's entirely done through Samba... from skimming Samba4/HOWTO - SambaWiki, it looks like it includes its own LDAP and kerberos services.

I think that guide is more or less how to integrate SAMBA into AD... versus actually setting up LDAP/kerberos. (I used something similar to setup my SAMBA server with AD authentication)

I COULD be wrong, though.

Patel128

You may want to look at UnRaid (Home). I am currently using it and I love it.

onesaint

ally_uk wrote: »

The part I am really getting confused with is do I need to user LDAP or Kerberos to setup this or can I setup a PDC just using samba 4 and get it to do what I want it to do? Has anyone setup something similar to something I want to achieve.

As ChooseLife said, this will be a very involved project. If your coming from Windows only, you're jumping into an ocean. It's a really hard learning curve, then administration can be much of the same. With that said, you would setup LDAP for your directory services and have kerberos be your authentication method. Then set up SMB/CIFS to host your shares.

This link will help you get an idea of configuring CentOS 6 (RHEL) in this way.
Chapter 10. Configuring Authentication

Forsaken_GA

ChooseLife wrote: »

I do Linux administration for living, and having worked with openldap/kerberos/samba/duct-tape solutions in the past, I believe this is one of the rare situations where MS is doing a better job, at least at the moment. OTOH, experience with open-source solutions for directory services will give you a much better understanding of how things like Kerberos work - perhaps more than you would want to know

I wouldn't necessarily say better. Easier, certainly. Active Directory is still a gutted piece of trash, but most software companies have bowed to the market presence and gone for AD interoperability. Even me, I changed over everything in the house to start auth'ing off of an AD DC instead of an LDAP server simply because winbind makes it incredibly trivial to do so now.

ally_uk

I don't really want to use Active Directory or Microsoft Server Products, the whole project / challenge was to figure out and learn more about the Open Source Way of doing things, I want a Linux Server for the Domain and the Windows Clients to Authenticate against it with the ability to have Single Sign On / Logon.

Every client should have it's own profile, User Share ( home directory) and I want to have other shares availbile to users i.e Finance, Admin,

I don't really want to use ClearOs or SME or any of those methods, I want to get my hands dirty and go purely through setting it up from scratch i.e editing Samba and working with the cli

Have I bitten off more then I can chew? the whole thought about LDAP and Keberos is slightly putting me off I know nothing about these

Forsaken_GA

ally_uk wrote: »

I don't really want to use Active Directory or Microsoft Server Products, the whole project / challenge was to figure out and learn more about the Open Source Way of doing things, I want a Linux Server for the Domain and the Windows Clients to Authenticate against it with the ability to have Single Sign On / Logon.

I understand and respect that, as I did the same thing for years, and it was a good learning experience. That being said, it's not a trivial task, and it's something that's unrealistic to maintain in the real world. I am about as big of an open source advocate as you will find, and even I bowed to the operational reality that my skillset is better off integrating unix hosts to auth off of AD then the other way around.

Have I bitten off more then I can chew? the whole thought about LDAP and Keberos is slightly putting me off I know nothing about these

Probably, but there's nothing wrong with that. Just break it into individual parts. First, get the LDAP server up and running, and then get your linux clients authenticating off of it. This will be a large bulk of the time, but it will teach you the guts of LDAP. Once you've got that working, then modify LDAP and your clients to use TLS for their LDAP connections instead of cleartext (trust me - don't try to setup TLS on the initial setup, you'll drive yourself crazy unless you've already got extensive experience in doing so)

Once that's done, then bring up Kerberos and make sure you linux clients can still authenticate.

Once you have your linux hosts authenticating off the setup you want, THEN start migrating the Windows hosts.

It's like any other big task, you cut the elephant up and you eat it one bite at a time.

MentholMoose

dustinmurphy wrote: »

I think that guide is more or less how to integrate SAMBA into AD... versus actually setting up LDAP/kerberos. (I used something similar to setup my SAMBA server with AD authentication)

I COULD be wrong, though.

Configuring a Samba file server to use AD for authentication is explained here:
Samba & Active Directory - SambaWiki

I've read a bit more of Samba4/HOWTO - SambaWiki and I believe it does explain how to configure Samba4 as a DC in a new AD domain. For example, step 4 starts with:

The "provision" step sets up a basic user database, and is used when you are setting up your Samba4 server in its own domain.

For configuring Samba4 as a DC in an existing domain there is yet another guide:
Samba4/HOWTO/Join a domain as a DC - SambaWiki

ally_uk

Lol I may just wimp out and wait until SME Server 8 hits, apparently 7 doesn't have support for windows 7 machines to autenticate against a domain controller. This LDAP, Keberos, Samba stuff just seems to overwhelming don't have a clue where to start to be honest

ChooseLife

ally_uk wrote: »

apparently 7 doesn't have support for windows 7 machines to autenticate against a domain controller

You mean a client Windows 7? That depends on the edition. Home ed. can't, Prof ed. can, for the legion of other editions, consult the manual.
Not sure why you mention Server 8.

Forsaken_GA

ally_uk wrote: »

Lol I may just wimp out and wait until SME Server 8 hits, apparently 7 doesn't have support for windows 7 machines to autenticate against a domain controller. This LDAP, Keberos, Samba stuff just seems to overwhelming don't have a clue where to start to be honest

I told you where to start. You're still trying to eat the elephant whole.

onesaint

ally_uk wrote: »

Lol This LDAP, Keberos, Samba stuff just seems to overwhelming don't have a clue where to start to be honest

Is it Linux in general that is overwhelming or the directory services that's getting you? How comfortable are you with Linux, now?

If it's just the directory services, then just setup two VMs. If you go for Red Hat distros, use Cent 6 on both VMs. Setup a simple LDAP configuration on one (server), authenticate to it with the other VM (client). Forsaken pretty much laid it out for you, but here is the first steps for LDAP under RHEL and downstream -

Chapter 16. Directory Servers

ally_uk

I meant version of sme server 8 will support windows 7 authenticating to a domain. I am not studying for the MCDST I need to change this. From a Linux point of view I am comfortable with the Cli but as forsaken has said I am trying to bite off more then I can chew I haven't had much experience of using or administrating Samba. As for LDAP lol it scares me I don't even know what it is let alone what I do with it lol. So looks like I will need to take serious baby steps.

demonfurbie

clearos is alot simplier than sme

ive tired both