1. Forum
  2. fsxNet
  3. FSX GEN

  • More homelabbin

    From poindexter FORTRAN@21:4/122 to All on Thu Oct 14 07:20:00 2021
    I'm tempted to set up an AD domain at home and get my Linux VMs to authenticate to it. I'm looking to centralize my identity management at work and thought this might be a nice exercise.

    Does anyone have any experience doing so?

    I used Centrify products a few years back, they used to have a free tier. Looks like realmd would do the trick., too.


    ... Do you remember?
    --- MultiMail/DOS v0.52
    * Origin: realitycheckBBS.org -- information is power. (21:4/122)
  • From Atreyu@21:1/176 to Poindexter Fortran on Thu Oct 14 18:19:22 2021
    On 14 Oct 21 07:20:00, Poindexter Fortran said the following to All:

    I'm tempted to set up an AD domain at home and get my Linux VMs to authenticate to it. I'm looking to centralize my identity management at wor and thought this might be a nice exercise.

    The only thing I've managed to do somewhat along these lines is to get Pfsense to authenticate with AD. You basically have the DC provide Radius.

    Atreyu

    --- Renegade vY2Ka2
    * Origin: Joey, do you like movies about gladiators? (21:1/176)
  • From Weatherman@21:1/132 to Poindexter Fortran on Thu Oct 14 20:07:38 2021

    I'm tempted to set up an AD domain at home and get my Linux VMs to authenticate to it. I'm looking to centralize my identity management at work and thought this might be a nice exercise.

    Does anyone have any experience doing so?

    I have run an AD domain at home for a long time. You could use the LDAP service on the domain controller as the mechanism to authenticate other non-Windows systems.

    - Mark
    ���
    --- WWIVToss v.1.52
    * Origin: http://www.weather-station.org * Bel Air, MD -USA (21:1/132.0)
  • From acn@21:3/127.1 to poindexter FORTRAN on Fri Oct 15 10:19:00 2021
    Am 14.10.21 schrieb poindexter FORTRAN@21:4/122 in FSX_GEN:

    Hallo poindexter,

    I'm tempted to set up an AD domain at home and get my Linux VMs to authenticate to it. I'm looking to centralize my identity management at work and thought this might be a nice exercise.

    Does anyone have any experience doing so?

    No, not exactly. I've only set up an openldap server on my VPS to
    manage my mail server (postfix+dovecot+SOGo) and attach web apps
    (NextCloud, TinyTinyRSS) to it, so I have a single authentication
    system there.
    It is possible to use PAM_LDAP to make Linux authenticate against an openldap, and afaik use Samba for those legacy Windows systems :)

    Regards,
    Anna

    --- OpenXP 5.0.50
    * Origin: Imzadi Box Point (21:3/127.1)
  • From poindexter FORTRAN@21:4/122 to Weatherman on Fri Oct 15 08:56:00 2021
    Weatherman wrote to Poindexter Fortran <=-

    I have run an AD domain at home for a long time. You could use the
    LDAP service on the domain controller as the mechanism to authenticate other non-Windows systems.

    I have two options for domain control - there's an app for Synology that emulates a GC, LDAP, and other identity schemes. I have Windows server 2019 running in a Proxmox VM that I could use as well. I do like the idea of
    using the NAS instead of a VM, but we'll see.

    The one thing I won't do is run openLDAP. I inherited an OpenLDAP network
    with a handful of CentOS systems, and it's a royal pain in the ass to
    manage.


    ... Abandon desire
    --- MultiMail/DOS v0.52
    * Origin: realitycheckBBS.org -- information is power. (21:4/122)
  • From Weatherman@21:1/132 to Poindexter Fortran on Sat Oct 16 16:04:34 2021

    I have two options for domain control - there's an app for Synology that emulates a GC, LDAP, and other identity schemes. I have Windows server
    2019 running in a Proxmox VM that I could use as well. I do like the idea of using the NAS instead of a VM, but we'll see.

    One of the reasons I have run domain controllers at home for many years is for drive mappings. I still use Kixstart to map drives when the computers log in.
    I also have created a few GPOs to turn off all the annoying things that comes with windows, like Defender, forced auto updates, etc.

    - Mark
    ���
    --- WWIVToss v.1.52
    * Origin: http://www.weather-station.org * Bel Air, MD -USA (21:1/132.0)
  • From Atreyu@21:1/176 to Weatherman on Sat Oct 16 17:49:02 2021
    On 16 Oct 21 16:04:35, Weatherman said the following to Poindexter Fortran:

    One of the reasons I have run domain controllers at home for many years is f drive mappings. I still use Kixstart to map drives when the computers log i I also have created a few GPOs to turn off all the annoying things that come with windows, like Defender, forced auto updates, etc.

    I did the exact same thing here with GPO's including for Google Chrome. I just prefer having the same "experience" across all my computers.

    Atreyu

    --- Renegade vY2Ka2
    * Origin: Joey, do you like movies about gladiators? (21:1/176)
  • From Weatherman@21:1/132 to Atreyu on Sun Oct 17 08:17:02 2021

    I did the exact same thing here with GPO's including for Google Chrome. I just prefer having the same "experience" across all my computers.

    Yes, it saves time when you create a new VM or physical system at home. At least you can make changes globally using the GPO when they are on the domain.
    I have a few specialized VMs not on the domain for security reasons, but otherwise everything is on it at home.

    - Mark
    ���
    --- WWIVToss v.1.52
    * Origin: http://www.weather-station.org * Bel Air, MD -USA (21:1/132.0)