[Newlug] Roaming profiles
Brian Dunbar
Brian.Dunbar at plexus.com
Mon Dec 1 17:05:30 CST 2003
Patrick Dench [mailto:pdench at acdisplays.com] on Monday, December 01, 2003
10:47 AM said;
> Ok, got a Q for those familiar with Linux user authentication here...
> Here is our recipe for disaster.
> A dozen Win9x/XP workstations
> 1 Windows 2000 (Server) Server
> 1 Linux (RH) Firewall
> Add a naive systems administrator (me two years ago). Mix in a office
move,
> and an overbearing PHB. Voila! A security disaster waiting to happen.
> Basically our authentication is pathetic. A user signs on to the local
> workstation, which is checked against the server when trying to access the
> shared drive there. I'd *like* to set up some better authentication for
> these Win9xP machines where the firewall would server as authenticator for
> network access - at the time of user logon.
I'd avoid using the firewall for authentication - the firewall is supposed
to be dedicated to that task (in a good world the only access is via local
console, yes?), loading it up with more duties opens up your firewall for
the potential to be exploited.
You've got some spare boxes sitting around - turn the beefiest one of them
into a Samba PDC.
~brian
More information about the Newlug
mailing list