1. Forum
  2. Fsxnet Message
  3. FSX GEN

  • More homelabbin

    From poindexter FORTRAN@21:4/122 to All on Thursday, October 14, 2021 07:20:00
    I'm tempted to set up an AD domain at home and get my Linux VMs to authenticate to it. I'm looking to centralize my identity management at work and thought this might be a nice exercise.

    Does anyone have any experience doing so?

    I used Centrify products a few years back, they used to have a free tier. Looks like realmd would do the trick., too.


    ... Do you remember?
    --- MultiMail/DOS v0.52
    * Origin: realitycheckBBS.org -- information is power. (21:4/122)
  • From Atreyu@21:1/176 to Poindexter Fortran on Thursday, October 14, 2021 18:19:22
    On 14 Oct 21 07:20:00, Poindexter Fortran said the following to All:

    I'm tempted to set up an AD domain at home and get my Linux VMs to authenticate to it. I'm looking to centralize my identity management at wor and thought this might be a nice exercise.

    The only thing I've managed to do somewhat along these lines is to get Pfsense to authenticate with AD. You basically have the DC provide Radius.

    Atreyu

    --- Renegade vY2Ka2
    * Origin: Joey, do you like movies about gladiators? (21:1/176)
  • From Weatherman@21:1/132 to Poindexter Fortran on Thursday, October 14, 2021 20:07:39

    I'm tempted to set up an AD domain at home and get my Linux VMs to authenticate to it. I'm looking to centralize my identity management at work and thought this might be a nice exercise.

    Does anyone have any experience doing so?

    I have run an AD domain at home for a long time. You could use the LDAP service on the domain controller as the mechanism to authenticate other non-Windows systems.

    - Mark
    ÿÿÿ
    --- WWIVToss v.1.52
    * Origin: http://www.weather-station.org * Bel Air, MD -USA (21:1/132.0)
  • From acn@21:3/127.1 to poindexter FORTRAN on Friday, October 15, 2021 10:19:00
    Am 14.10.21 schrieb poindexter FORTRAN@21:4/122 in FSX_GEN:

    Hallo poindexter,

    I'm tempted to set up an AD domain at home and get my Linux VMs to authenticate to it. I'm looking to centralize my identity management at work and thought this might be a nice exercise.

    Does anyone have any experience doing so?

    No, not exactly. I've only set up an openldap server on my VPS to
    manage my mail server (postfix+dovecot+SOGo) and attach web apps
    (NextCloud, TinyTinyRSS) to it, so I have a single authentication
    system there.
    It is possible to use PAM_LDAP to make Linux authenticate against an openldap, and afaik use Samba for those legacy Windows systems :)

    Regards,
    Anna

    --- OpenXP 5.0.50
    * Origin: Imzadi Box Point (21:3/127.1)
  • From poindexter FORTRAN@21:4/122 to Weatherman on Friday, October 15, 2021 08:56:00
    Weatherman wrote to Poindexter Fortran <=-

    I have run an AD domain at home for a long time. You could use the
    LDAP service on the domain controller as the mechanism to authenticate other non-Windows systems.

    I have two options for domain control - there's an app for Synology that emulates a GC, LDAP, and other identity schemes. I have Windows server 2019 running in a Proxmox VM that I could use as well. I do like the idea of
    using the NAS instead of a VM, but we'll see.

    The one thing I won't do is run openLDAP. I inherited an OpenLDAP network
    with a handful of CentOS systems, and it's a royal pain in the ass to
    manage.


    ... Abandon desire
    --- MultiMail/DOS v0.52
    * Origin: realitycheckBBS.org -- information is power. (21:4/122)
  • From Weatherman@21:1/132 to Poindexter Fortran on Saturday, October 16, 2021 16:04:35

    I have two options for domain control - there's an app for Synology that emulates a GC, LDAP, and other identity schemes. I have Windows server
    2019 running in a Proxmox VM that I could use as well. I do like the idea of using the NAS instead of a VM, but we'll see.

    One of the reasons I have run domain controllers at home for many years is for drive mappings. I still use Kixstart to map drives when the computers log in.
    I also have created a few GPOs to turn off all the annoying things that comes with windows, like Defender, forced auto updates, etc.

    - Mark
    ÿÿÿ
    --- WWIVToss v.1.52
    * Origin: http://www.weather-station.org * Bel Air, MD -USA (21:1/132.0)
  • From Atreyu@21:1/176 to Weatherman on Saturday, October 16, 2021 17:49:03
    On 16 Oct 21 16:04:35, Weatherman said the following to Poindexter Fortran:

    One of the reasons I have run domain controllers at home for many years is f drive mappings. I still use Kixstart to map drives when the computers log i I also have created a few GPOs to turn off all the annoying things that come with windows, like Defender, forced auto updates, etc.

    I did the exact same thing here with GPO's including for Google Chrome. I just prefer having the same "experience" across all my computers.

    Atreyu

    --- Renegade vY2Ka2
    * Origin: Joey, do you like movies about gladiators? (21:1/176)
  • From Weatherman@21:1/132 to Atreyu on Sunday, October 17, 2021 08:17:02

    I did the exact same thing here with GPO's including for Google Chrome. I just prefer having the same "experience" across all my computers.

    Yes, it saves time when you create a new VM or physical system at home. At least you can make changes globally using the GPO when they are on the domain.
    I have a few specialized VMs not on the domain for security reasons, but otherwise everything is on it at home.

    - Mark
    ÿÿÿ
    --- WWIVToss v.1.52
    * Origin: http://www.weather-station.org * Bel Air, MD -USA (21:1/132.0)