DELETED_5350

The second router isn't required unless you plan on running the PCs that are connected to that on a different subnet? Just use a switch, mch more elegant solution to the problem.

What PCs will be able to see what will depend on that and also what firewall you are running on the win2k box and if its set up to allow the AD traffic.

You mention the win2k box will be running a firewall - by that do you mean a firewall for all the internet-bound traffic on your network or just for that machine? If you meant the former, then why? What is wrong with the firewall built into your router(s)?
 
BloodyL said:
The server will be useless in that setup for firewall etc.

internet-modem-server-switch-clients.
Click to expand...

Why would it? We don't know enough about his setup to tell that. For all we know, that server could be the default gateway for the LAN as dished out by the router's DHCP server, making it far from "useless".
 
surely placing the server so far down the chain would cause untold problems?
it'd be very easy to go direct to the router/modem for traffic rather then the server being the only way to get anywhere?

simplepic1.jpg
 
Yes, but it would depend on what you had set up and how etc. This sounds like a home network so hardly the most critical situation.

He still hasn't clarified exactly what role the server plays in the network, so lets wait and see before making guesses about it.
 
Sort of.

Using it as a firewall will mean you have to install some kind of routing software (or use ICS, eurgh) unless you fancied trying out Linux, which you could then use to virtualise win2k as your domain controller.

In reality, your router will do a good enough job as a firewall and will let you concentrate on the other stuff for your server without having to worry about the internet-facing side of it from a security point of view.

Lose the 2nd router though, replace it with a switch.
 
It depends on your application. With the exception of Active Directory, everything else you want your server to do is simple to do under Linux. The routing / firewall side of things will be faster and more secure than the Windows server, filesharing can be done with Samba (and it can join a Windows domain, but thats slightly more involved) etc.

Depending on your hardware spec, you can use something like VirtualBox to run your Windows server inside a VM which is extremely simple to set up (perhaps bar the networking side of things which is quite complicated but there is plenty of information about it on the web, but thats probably something you would want to learn?)

If you are completely new to Linux it might be a little daunting at first but if you are willing to persevere and learn you will learn a lot more about how what you are wanting to do really works etc.
 
That is usually the first thing people ask when moving from a windows networked PC environment to a linux one..
'Can I use active directory's group policies to lock down what my clients can do'

The simple answer is no, but it does not matter that much.

In windows, users can do a lot they probably should not be able to do, MMC/Lusrmgr/other snapins/ running admin tools (Even if they fail with permission errors, it still gives away information) and that's why group policies are useful. (And even then... my computer disabled by group policy? Try triple clicking 'All programs' or 'Programs' in the start menu...The 'up' button is then your friend ;P)


In linux however, everything that can change system wide preferences needs the root password (or someone with sudo privelages to temporarily give themselvs root ie, 'sudo command')

And if you are locking a windows client down to stop them (for example) navigating to other machines shares in the browser... Then you are securing the wrong side, and only lulling yourself into a false sense of security (That share is suddenly accessible again if someone brings in a laptop / logs on as a local user and not a AD user)

On a decently thought out network, group policies (except for startup scripts, which can be done on linux) are not really needed, and your users will actually be a lot happier with you if you don't get all high and mighty with them by disabling right click and so on :P (Lock them down in less obtrusive ways/at the network level if need be etc)

If you STILL want active directory style restrictions on linux boxes, there are a couple of third party products that implement this behavior (google linux group policy)

There is also the 'Gnome Lockdown Editor' in newer versions of gnome, which lets you do little things like disabling the command line, disabling save to disk / screensavers / using applets in the panel.
but:

A) i'm not sure weather this can be deployed network wide (probably just a config file that gets read to may be able to distribute it to your clients)

and B) Some things can be got around (disable terminal for example, just switch out of X onto a Vterm (Alt + F1/F2/../F6) and login there.

Hope this helps.
(And from the rest of your post, it wouldn't really matter, as you would only be running linux as the server, with windows server running on top of it in a virtual machine to provide logon's and group policies to your windows clients... unless you decide to move your clients to linux too.. in which case what I have just rambled about would apply :) )

//TrX
 
Well from the looks of it you want to run linux for the firewalling / routing server, but also want to run windows 2000 server / windows 2003 server for the active directory (central logon) stuff.

If you don't have another PC to spare (ie one for linux firewall and one for windows server) you can use software that allows you to create a 'virtual machine' (Basically a PC within a PC)

So you would run linux on your server, for routing etc etc, but on TOP of linux there would also be a window with a copy of windows server running in it... which also has access to the network, so you have to servers on one physical peice of hardware.

Check out VMware Server (free) or virtualbox (free) (both run on top of linux)

//TrX
 
It's up to how much you want to bite off at once.

I guess there is nothing wrong with using ubuntu server, if you are used to this more than any other distro, then it makes sense to go with it.

VMware server should be fairly easy to install on ubuntu too (which would allow you to get the windows server VM ontop of it quickly)

If you go down the windows first route, it may be wise to partition your servers disk, so you have free space on the disk for when you want to install linux (otherwise you would have to shrike the NTFS volume which isn't exactly fun)

//TrX
 
You must log in or register to reply here.
Back
Top Bottom