| 1 |
Hello dudes, |
| 2 |
|
| 3 |
First sorry any english mistakes, since it's not my native language. And sorry about the long text. |
| 4 |
|
| 5 |
I'm planning a complete migration and restructuration of our servers. |
| 6 |
|
| 7 |
I was not planning to use Gentoo, since our legacy use the "Red Hat Terrorism" and many users are skeptical about other Linux distros. But with Scientific Linux (another RHEL clone), I was unable to set features like Active Directory Authentication through Samba and Winbind because RHEL5 uses Samba 3.0 (old and deprecated) and the AD Server is running at Windows 2008 R2, and no, since it's a new installation I don't want to use old software. So if I need to recompile almost every package from the source I will use Gentoo. |
| 8 |
|
| 9 |
Let-me explain my actual environment and what I want to be with the new approach. |
| 10 |
|
| 11 |
Running: |
| 12 |
Router / Firewall: Heavily loaded iptables with a lot of rules and deprecated gated binary for routes and RIP. |
| 13 |
Mail Server: obsolete Sendmail as MTA with Dovecot for IMAP. |
| 14 |
DNS Server: named running in Scientific Linux 5. |
| 15 |
VPN Server: gentoo running poptop PPTPd. |
| 16 |
Radius: FreeBSD 7.2 with FreeRADIUS 1.1.7 |
| 17 |
Generic Server 1: Scientific Linux 5 with secondary named (DNS), DHCP server, netatalk (compiled from source with all dependencies), broken SMB, broken CUPS, another poptop server, LAMP, NIS Server, NFS Server, WebDAV Server. |
| 18 |
Generic Server 2: SSH entrance with Scientific Linux 5, NIS Client. |
| 19 |
Generic Server 3: Mailman, Webmail (with SquirrelMail and Horde IMP), LAMP and once again: Scientific Linux 5. |
| 20 |
Generic Server 4: Time Server, LAMP Server, SVN Server, Nagios and Cacti Servers. SL5. |
| 21 |
|
| 22 |
We have a most mixed software and hardware environment, with obsolete hardware. Like Pentium's 3, Pentium's 4, Athlon MP and XP. Some machines are from 2008 with Core 2 Duo or Pentium Dual-Core (the same Core 2 core with reduced L2). |
| 23 |
|
| 24 |
About the problems? Various: heavy loaded mail server due limitations of Sendmail (1GB plain text files for example), old software thanks to RHEL approach, aging hardware, no single-sing on solution, no Windows control, indiscriminate printer usage, ridiculous approach with WPA2 Enterprise due limitations of FreeRADIUS 1; and a lot of problems. |
| 25 |
|
| 26 |
What I want to do: |
| 27 |
Directory Server with Active Directory Domain Services; it's implemented and running. So it can serve: Microsoft's LDAP, AD, DNS, Time Server. |
| 28 |
|
| 29 |
Mail Server: Exchange Server 2010 SP1. To be implemented, I don't even have the hardware for it. |
| 30 |
|
| 31 |
Linux Authentication Machine: |
| 32 |
I've done some tests and it's working to authenticate through AD, so my getent function works, people can authenticate with SSH and Samba/Winbind takes control of UID and GID mappings. It's really awesome. FreeRADIUS 2 is already installed and working with NTLM_AUTH. So I finally get the "single-sing on approach". |
| 33 |
|
| 34 |
What's missing: OpenLDAP replication from AD? Is this possible? Is this needed? Since I want another machines (running Linux) to authenticate it will be a good idea only ONE machine get information from AD and everyone else authenticate natively on this Gentoo Machine. |
| 35 |
|
| 36 |
What's wrong: Not running a hardened profile. And I think this necessary. But I need to use genkernel to have easy hardware migration if something went wrong. |
| 37 |
|
| 38 |
And about the Generic Servers: Put Gentoo on it. With better defined services, such: Routing Services (Route, DHCP, DNS) and File Services (SMB, AFP, NFS, WebDAV). |
| 39 |
|
| 40 |
Thanks for your attention and patience. This is a huge project and I really want to hear the feedback, critics and everything else, even the hate mails about Microsoft Servers. |
| 41 |
Vinícius Ferrão. |
| 42 |
|
| 43 |
PS: We already have MS Licenses, since I'm in a university with MSDNAA program. |
Archives