<div dir="ltr"><div>Thank you for the quick response. I may not have mentioned this previously but I am by no means a linux/networking expert. The company I work for is pro-MS. Recently, I got the urge to get back into Linux and here I am. </div>
<div> </div>
<div>My thinking (in regards to network structure) was that I wanted applications intended to the public as far away from my local lan as posible. The local lan requires the app server though- OpenVPN, Samba (as a PDC), misc other things so I wanted it available to the local lan but not to the DMZ.</div>
<div> </div>
<div>My main questions though are with Freeradius. My setup is for "hobby" purposes only and already I would have difficulty telling you exactly which users have access to what.</div>
<div> </div>
<div>I want to using a technology like Freeradius or LDAP create 1 central place on the app server that EVERYTHING would authenication to. In a perfect world, the end result would be that I could type something like this:</div>
<div> </div>
<div>select %user% from permissionsDB</div>
<div> </div>
<div>and be returned something like this:</div>
<div> </div>
<div>SSH: NO, OpenVPN: YES, Samba: %Specific group% (which indicates shares available), Shell Access: No, ect</div>
<div> </div>
<div>Basically, I want a setup where I can easilly scale upwards without having to "teach" each new application how to use a DB. Freeradious also can authenicate my wireless users when would also be great as for all I know, half my bandwidth is being used by my neighbors.</div>
<div> </div>
<div>-Jesse<br><br></div>
<div class="gmail_quote">On Fri, Sep 5, 2008 at 4:34 PM, Edvin Seferovic <span dir="ltr"><<a href="mailto:edvin.seferovic@kolp.at">edvin.seferovic@kolp.at</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div lang="DE" vlink="purple" link="blue">
<div>
<p><span lang="EN-US" style="FONT-SIZE: 11pt; COLOR: #1f497d">Hi,</span></p>
<p><span lang="EN-US" style="FONT-SIZE: 11pt; COLOR: #1f497d"> </span></p>
<p><span lang="EN-US" style="FONT-SIZE: 11pt; COLOR: #1f497d">excuse me for asking, but why dont you set up the AppServer in your DMZ ? you could have ( what I call ) the T – structure</span></p>
<p><span lang="EN-US" style="FONT-SIZE: 11pt; COLOR: #1f497d"> </span></p>
<p><span lang="EN-US" style="FONT-SIZE: 11pt; COLOR: #1f497d">>< --- INTERNET --> GATEWAY ( server1 ) <---> LOCAL LAN</span></p>
<p><span lang="EN-US" style="FONT-SIZE: 11pt; COLOR: #1f497d"> I</span></p>
<p><span lang="EN-US" style="FONT-SIZE: 11pt; COLOR: #1f497d"> I DMZ</span></p>
<p><span lang="EN-US" style="FONT-SIZE: 11pt; COLOR: #1f497d"> I</span></p>
<p><span lang="EN-US" style="FONT-SIZE: 11pt; COLOR: #1f497d"> SERVER2 + APPServer</span></p>
<p><span lang="EN-US" style="FONT-SIZE: 11pt; COLOR: #1f497d"> </span></p>
<p><span lang="EN-US" style="FONT-SIZE: 11pt; COLOR: #1f497d">It depends how your users use the gateway and how are they suppose to connect to the Internet. </span></p>
<p><span lang="EN-US" style="FONT-SIZE: 11pt; COLOR: #1f497d"> </span></p>
<p><span lang="EN-US" style="FONT-SIZE: 11pt; COLOR: #1f497d">Regards,</span></p>
<p><span lang="EN-US" style="FONT-SIZE: 11pt; COLOR: #1f497d">E:S</span></p>
<p><span lang="EN-US" style="FONT-SIZE: 11pt; COLOR: #1f497d"> </span></p>
<p><span lang="EN-US" style="FONT-SIZE: 11pt; COLOR: #1f497d"> </span></p>
<div style="BORDER-RIGHT: medium none; PADDING-RIGHT: 0cm; BORDER-TOP: #b5c4df 1pt solid; PADDING-LEFT: 0cm; PADDING-BOTTOM: 0cm; BORDER-LEFT: medium none; PADDING-TOP: 3pt; BORDER-BOTTOM: medium none">
<p><b><span lang="EN-US" style="FONT-SIZE: 10pt">From:</span></b><span lang="EN-US" style="FONT-SIZE: 10pt"> freeradius-users-bounces+edvin.seferovic=<a href="http://kolp.at/" target="_blank">kolp.at</a>@<a href="http://lists.freeradius.org/" target="_blank">lists.freeradius.org</a> [mailto:<a href="mailto:freeradius-users-bounces%2Bedvin.seferovic" target="_blank">freeradius-users-bounces+edvin.seferovic</a>=<a href="http://kolp.at/" target="_blank">kolp.at</a>@<a href="http://lists.freeradius.org/" target="_blank">lists.freeradius.org</a>] <b>On Behalf Of </b>Jesse Stone<br>
<b>Sent:</b> Samstag, 06. September 2008 01:25<br><b>To:</b> FreeRadius users mailing list<br><b>Subject:</b> Freeradius Usage</span></p></div>
<div>
<div></div>
<div class="Wj3C7c">
<p> </p>
<div>
<div>
<p>Hi All,</p></div>
<div>
<p> </p></div>
<div>
<p>I am new to this mailing list and am about to ask a probably very silly question. Please feel free to direct me to resources that'll help me answer them.</p></div>
<div>
<p> </p></div>
<div>
<p>I want to setup the following:</p></div>
<div>
<p> </p></div>
<div>
<p>Gateway [server1]</p></div>
<div>
<p> - nic1 = Internet</p></div>
<div>
<p> - nic2 = DMZ [server2]</p></div>
<div>
<p> - nic3 = Router w/ Wireless -> App Server [Server3] (FREERADIUS SERVER HERE) -> Local Lan</p></div>
<div>
<p> </p></div>
<div>
<p>I read a lot about both Freeradius and LDAP and cannot determine if either can accomplish my goals.</p></div>
<div>
<p> </p></div>
<div>
<p>What I want is:</p></div>
<div>
<p> </p></div>
<div>
<p>1) 1 central place where all user authenication takes place: SSH, Shell Access, Samba, OpenVPN, Mumble, Any other app that requires user administration.</p></div>
<div>
<p>2) This information stored in a SQL type database so that I can build my own custom apps to report on user usage, performance ect.</p></div>
<div>
<p>3) My router has wireless and I have enabled the security features. I would still like authenication to take place before a wireless user is allowed on the network.</p></div>
<div>
<p> </p></div>
<div>
<p>For example, </p></div>
<div>
<p> </p></div>
<div>
<p>Currently, I have this: Router w/ Wireless -> App Server [Server3] + Local Lan</p></div>
<div>
<p> </p></div>
<div>
<p>I want this: Router w/ Wireless -> App Server [Server3] -> Local Lan</p></div>
<div>
<p> </p></div>
<div>
<p>Is Freeradius the best approach for my needs? Do I need anything else? </p></div>
<div>
<p> </p></div>
<div>
<p>-Jesse</p></div>
<div>
<p> </p></div></div></div></div></div></div><br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br></blockquote>
</div><br></div>