[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Tue, Apr 7, 2009 at 7:18 AM, Richard Brown <rich@xxxxxxxxxxx> wrote: > Hi > > I believe there are two approaches to building a local area network > (lan). The usual approach certainly when using xp etc is to build a > workgroup around a cluster of computers all talking to a > switch/hub/router. The second approach seems to be around a domain. > And it is this approach that I want to try to learn more about. Samba is the OSS implementation of the MS domain server model. I'm assuming as you are asking here that you are looking for a linux server to handle this? Samba supports both acting as a domain controller and a workgroup member. When samba is a domain controller, each work station logs on and this is send to samba for autherntication. Samba has a number of ways it can detail with the user info from simple db to LDAP and i think? it might be able to do pam now too (not sure on this). Samba can also handle roaming profiles so that users can logon and get there desktop and seperate to this it can provide a home drive for each user. On my system this is mapped to /home/$user/ on the linux box > > What is it please and how does it work? Does it mean you create a > server and then all computers feed of that etc? The reason I am asking > is because we are about to purchase several new computers for work and > we want to speed the whole network up and also protect it more. All > the computers currently log in to a file server and also a database > server and I am wondering whether we could also route the internet > through the servers to provide additional protection to the network. > But we are also looking for speed improvements on accessing data from > the database and wonder whether this will help. With samba you set the config to domain master. each workstation then has to be connected to the domain then the standard domain level username passwords are all authenticated by samba. Basically samba gives you a authentication system across the network for login, a home drive, shared server drives, roaming profiles, printer sharing (via cups/samba) etc The other things you want to do require other services. If you want to route internet then you will probably want to look at Squid, a Internet proxy/cache server. This has full logging and access control systems, so sites with specific words or other matches by URL etc can be filtered and a whole bunch more. To get the clients to use the proxy, they either need to be manually configured so that the internet browser of choice is set to use the proxy, or the network needs to provide the various automatic proxy discovery systems, one of which is done with DHCP and this points to a specific name on your network that contains the configuration files. Possibly then you would block outgoing web traffic NOT from the proxy. For the automatic proxy discovery for MS clients you will need to run an internal domain using bind9 as well. All of the above is what i run on our company network, it it works pretty well. I tend to use Debian stable as the server distro of choice but some of the services do require a bit of setting up to work correctly and securely. Robin -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html