Re: Major noob question about freeradius
On Mon, Jan 18, 2010 at 11:51:28AM -0700, Bryan Boone wrote: I have a small network of about 10 windows XP machines. I need to set these machines up so that my users can log into any of these machines. I was told that a Radius server could accomplish the same thing for me. Is this true? Basically I just need a way for my users to sit down at any of the windows XP workstations and log into it. I don't need anything special like roaming profiles and such. Yes, google for pGina -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Major noob question about freeradius
On Mon, Jan 18, 2010 at 10:51 AM, Bryan Boone bryan-bo...@msn.com wrote: I have a small network of about 10 windows XP machines. I need to set these machines up so that my users can log into any of these machines. For me the simplest solution to solve this would be a windows 2003 server domain controller. Unfortunately due to some corporate restrictions I cannot install a windows server. I was told that a Radius server could accomplish the same thing for me. Is this true? Bryan: I'm not the ultimate FreeRADIUS authority, but I think you'll find RADIUS is a poor solution for this, if indeed a solution at all. If you can't set up a Windows server to do this job, the best way to meet this need is to run Samba on a Linux machine. If you run it in domain control mode, it'll act very much like a Windows server for the purposes you're talking about. Check out http://samba.org/ for details on Samba. And for what it's worth I would lean toward using CentOS as the core platform (of course opinions vary on this point). The book Samba-3 by Example gives an excellent guide to the setup if you need one. It's available online at http://www.samba.org/samba/docs/man/Samba-Guide/ Good luck! E. -- Eric Swanson, swan...@technologypartnerds.com Director of Marketing Sales / Senior Technical Staff Technology Partnerds 888-NERDS-55 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Major noob question about freeradius
At 02:01 PM 1/18/2010, Eric Swanson wrote: On Mon, Jan 18, 2010 at 10:51 AM, Bryan Boone mailto:bryan-bo...@msn.combryan-bo...@msn.com wrote: For me the simplest solution to solve this would be a windows 2003 server domain controller. Unfortunately due to some corporate restrictions I cannot install a windows server. If you can't set up a Windows server to do this job, the best way to meet this need is to run Samba on a Linux machine. If you run it in domain control mode, it'll act very much like a Windows server for the purposes you're talking about. If there's a corporate restriction on installing a windows server, setting up a linux server to behave just like a windows server might also be a problem. and indeed if it's one the same network, you'll really need to get things right so that it doesn't screw anything up (such as becoming the master browser). Just be sure first :-) rick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Major noob question about freeradius
On Mon, Jan 18, 2010 at 11:29 AM, freerad...@corwyn.net wrote: At 02:01 PM 1/18/2010, Eric Swanson wrote: On Mon, Jan 18, 2010 at 10:51 AM, Bryan Boone mailto: bryan-bo...@msn.combryan-bo...@msn.com wrote: For me the simplest solution to solve this would be a windows 2003 server domain controller. Unfortunately due to some corporate restrictions I cannot install a windows server. If you can't set up a Windows server to do this job, the best way to meet this need is to run Samba on a Linux machine. If you run it in domain control mode, it'll act very much like a Windows server for the purposes you're talking about. If there's a corporate restriction on installing a windows server, setting up a linux server to behave just like a windows server might also be a problem. and indeed if it's one the same network, you'll really need to get things right so that it doesn't screw anything up (such as becoming the master browser). Indeed. Just for the sake of clarity let me break it down one more notch: - If the policy that prevents you from installing a Windows server is something like a company-wide prohibition on using closed-source software, or on spending licensing money with Microsoft, and if your network stands on its own -- then Samba is probably a great approach. Good luck. - If, as Rick suggests, the policy comes from something like a central IT department that requires you to stay out of their realm of authority, then you've got a whole mess of constraints to navigate. Good luck. Speaking for myself, I'd say the pGina approach noted above by Josip makes sense only if you've already got RADIUS infrastructure. If you're building something from scratch, Samba is a much better fit, but if pGina lets you use existing RADIUS-centric stuff you just might be well-advised to go that way. Just be sure first :-) Indeed. Also, note that this is off-topic for the list. E. -- Eric Swanson, swan...@technologypartnerds.com Director of Marketing Sales / Senior Technical Staff Technology Partnerds 888-NERDS-55 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Major noob question about freeradius
Hi guys thanks for the info. The restrictions are licensing with a windows server. I didn't realize you could setup Samba to be a domain controller. thanks for the help. I think I will try the Samba route. thanks again. Date: Mon, 18 Jan 2010 11:39:00 -0800 Subject: Re: Major noob question about freeradius From: swan...@technologypartnerds.com To: freeradius-users@lists.freeradius.org On Mon, Jan 18, 2010 at 11:29 AM, freerad...@corwyn.net wrote: At 02:01 PM 1/18/2010, Eric Swanson wrote: On Mon, Jan 18, 2010 at 10:51 AM, Bryan Boone mailto:bryan-bo...@msn.combryan-bo...@msn.com wrote: For me the simplest solution to solve this would be a windows 2003 server domain controller. Unfortunately due to some corporate restrictions I cannot install a windows server. If you can't set up a Windows server to do this job, the best way to meet this need is to run Samba on a Linux machine. If you run it in domain control mode, it'll act very much like a Windows server for the purposes you're talking about. If there's a corporate restriction on installing a windows server, setting up a linux server to behave just like a windows server might also be a problem. and indeed if it's one the same network, you'll really need to get things right so that it doesn't screw anything up (such as becoming the master browser). Indeed. Just for the sake of clarity let me break it down one more notch: - If the policy that prevents you from installing a Windows server is something like a company-wide prohibition on using closed-source software, or on spending licensing money with Microsoft, and if your network stands on its own -- then Samba is probably a great approach. Good luck. - If, as Rick suggests, the policy comes from something like a central IT department that requires you to stay out of their realm of authority, then you've got a whole mess of constraints to navigate. Good luck. Speaking for myself, I'd say the pGina approach noted above by Josip makes sense only if you've already got RADIUS infrastructure. If you're building something from scratch, Samba is a much better fit, but if pGina lets you use existing RADIUS-centric stuff you just might be well-advised to go that way. Just be sure first :-) Indeed. Also, note that this is off-topic for the list. E. -- Eric Swanson, swan...@technologypartnerds.com Director of Marketing Sales / Senior Technical Staff Technology Partnerds 888-NERDS-55 _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. http://clk.atdmt.com/GBL/go/196390709/direct/01/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Major noob question about freeradius
Hi, I'm not the ultimate FreeRADIUS authority, but I think you'll find RADIUS is a poor solution for this, if indeed a solution at all. I'd say the same thing - SAMBA on a Linux box will easily do this in the 'windows way'. to use FreeRADIUS to control windows login (ie system login) you need to install extra Gina things - and pGina is the best of these (though no longer developed IIRC) FreeRADIUS is the main King when it comes to network login - either 802.1X on wired, wireless (WPA/WPA2 enterprise) or even backend system for captive portal alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html