Difference between revisions of "Admin Server"

From New IAC Wiki
Jump to navigation Jump to search
m (Protected "Admin Server" ([edit=comp] (indefinite) [move=comp] (indefinite) [read=comp] (indefinite)))
m (Protected "Admin Server" ([edit=comp] (indefinite) [move=comp] (indefinite) [read=comp] (indefinite)))
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
==Hardware==
 
==Hardware==
 
Currently dual-core Pentium D with 512MB RAM and 2x500GB drives.
 
Currently dual-core Pentium D with 512MB RAM and 2x500GB drives.
 +
 +
==Samba configuration==
 +
Windows clients will remain stand-alone because there isn't a central domain controller, although this might be implemented in the future
 +
security =
 +
We want to force NTLMv2 because we're not interested in clients older than XP
 +
ntlm auth = no
 +
lanman auth = no
 +
Enable LDAP backend for user database. This will store the password, group mapping, SIDs, and other Windows attributes
 +
passdb backend = ldapsam:"ldap://localhost"
 +
Use encrypted passwords to increase security from network sniffing. This increases the complexity of password management because we have to keep 2 different hashes of a password.
 +
encrypt passwords = yes
 +
 +
==User management tools==
 +
The user management tools will have to be modified to update both crypt and samba hashes, and users who want samba access will have to re-enter or change their passwords.

Latest revision as of 02:06, 31 December 2010

Hardware

Currently dual-core Pentium D with 512MB RAM and 2x500GB drives.

Samba configuration

Windows clients will remain stand-alone because there isn't a central domain controller, although this might be implemented in the future

security = 

We want to force NTLMv2 because we're not interested in clients older than XP

ntlm auth = no
lanman auth = no

Enable LDAP backend for user database. This will store the password, group mapping, SIDs, and other Windows attributes

passdb backend = ldapsam:"ldap://localhost"

Use encrypted passwords to increase security from network sniffing. This increases the complexity of password management because we have to keep 2 different hashes of a password.

encrypt passwords = yes

User management tools

The user management tools will have to be modified to update both crypt and samba hashes, and users who want samba access will have to re-enter or change their passwords.