Difference between revisions of "Admin Server"
m (Protected "Admin Server" ([edit=comp] (indefinite) [move=comp] (indefinite) [read=comp] (indefinite))) |
m (Protected "Admin Server" ([edit=comp] (indefinite) [move=comp] (indefinite) [read=comp] (indefinite))) |
||
(One intermediate revision by the same user not shown) | |||
Line 1: | Line 1: | ||
==Hardware== | ==Hardware== | ||
Currently dual-core Pentium D with 512MB RAM and 2x500GB drives. | Currently dual-core Pentium D with 512MB RAM and 2x500GB drives. | ||
+ | |||
+ | ==Samba configuration== | ||
+ | Windows clients will remain stand-alone because there isn't a central domain controller, although this might be implemented in the future | ||
+ | security = | ||
+ | We want to force NTLMv2 because we're not interested in clients older than XP | ||
+ | ntlm auth = no | ||
+ | lanman auth = no | ||
+ | Enable LDAP backend for user database. This will store the password, group mapping, SIDs, and other Windows attributes | ||
+ | passdb backend = ldapsam:"ldap://localhost" | ||
+ | Use encrypted passwords to increase security from network sniffing. This increases the complexity of password management because we have to keep 2 different hashes of a password. | ||
+ | encrypt passwords = yes | ||
+ | |||
+ | ==User management tools== | ||
+ | The user management tools will have to be modified to update both crypt and samba hashes, and users who want samba access will have to re-enter or change their passwords. |
Latest revision as of 02:06, 31 December 2010
Hardware
Currently dual-core Pentium D with 512MB RAM and 2x500GB drives.
Samba configuration
Windows clients will remain stand-alone because there isn't a central domain controller, although this might be implemented in the future
security =
We want to force NTLMv2 because we're not interested in clients older than XP
ntlm auth = no lanman auth = no
Enable LDAP backend for user database. This will store the password, group mapping, SIDs, and other Windows attributes
passdb backend = ldapsam:"ldap://localhost"
Use encrypted passwords to increase security from network sniffing. This increases the complexity of password management because we have to keep 2 different hashes of a password.
encrypt passwords = yes
User management tools
The user management tools will have to be modified to update both crypt and samba hashes, and users who want samba access will have to re-enter or change their passwords.