Announcement

Collapse
No announcement yet.

Central Authentication - No Domain (RADIUS or Kerberos??)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Central Authentication - No Domain (RADIUS or Kerberos??)

    Hello

    I have a bunch of hosted servers, currently they all use local usernames and passwords, this though is starting to be a limitation.

    I am looking at using a central authentication server to control access to these servers, as stated in the title though, these machines are no in a domain, and nor can they be. So really I am looking for any advice as I am not really sure what protocol will be best for me, I thought RADIUS or Kerberos, but maybe another will be more suited.

    Here is a basic list of what I am looking for.

    1. Multiple user support for both Windows & Linux, its 90% Windows but Linux would be a bonus.
    2. No single point of failure (I have two sites, so maybe some sort of active/active setup?
    3. Ability to be able to easly add a user to be able to logon to X machine but not Y
    4. I dont mind getting my hands dirty, and I suspect I would put this onto a couple of Linux boxes, but I would like the day 2 day to be through a GUI of some sort, so other administrators can use it without using the console.
    5. Some nice logging would not go amiss

    So if anybody has experance and can advice me of at least which protocol I should be look at, I can then get on a read up on that...

    Thanks for reading...

  • #2
    Re: Central Authentication - No Domain (RADIUS or Kerberos??)

    Curious as I am, why can't they join to a domain?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: Central Authentication - No Domain (RADIUS or Kerberos??)

      Well its not a bad question if I am honest, so we have a few hundred machines all hosted enviroments, ie this is not a office enviroment, historically we have always only uses local accounts, so the machines have no contact with each other, I assume that we would have to start opening a bunch of ports, buy extra licences and of cause get in a bunch of skill poeple who look after servers in domain enviroments. Being a hosted enviroment we dont have Exchange, we have no shares, none of that office stuff that being in a classic domain gives you, all we want is a central place to authenicate users, as currently we use KeePass to store the hundreds of username/passwords (as they are all different), in the future I would like "Bob" to be able to authenticate for access to say 15 servers...

      Hope that explains, but you may have a point...

      Comment


      • #4
        Re: Central Authentication - No Domain (RADIUS or Kerberos??)

        You could give Freeradius a go. I believe creating Kerberos realms in a windows workgroup would probably be impossible.
        Caesar's cipher - 3

        ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

        SFX JNRS FC U6 MNGR

        Comment


        • #5
          Re: Central Authentication - No Domain (RADIUS or Kerberos??)

          Thanks I will for sure have a readup on FreeRADIUS.

          Comment


          • #6
            Re: Central Authentication - No Domain (RADIUS or Kerberos??)

            ypdata or nis ?
            you could also use SMB on a Linux server... ?
            however, that would then hit the wall of needing to add each windows device to the smb domain..
            Please do show your appreciation to those who assist you by leaving Rep Point https://www.petri.com/forums/core/im.../icon_beer.gif

            Comment

            Working...
            X