On Fri, 2003-07-11 at 12:48, Scott H wrote:
> Another opportunity to use Linux has appeared at
> my company. If I can get some helpful
> ideas/comments, perhaps I'll be able to replace
> another MS machine! :)
>
> Here's the situation: we used to have a W2K box
> in our DMZ (I'll call it xterm) which accepted
> TSAC web connections to it (TSAC is a web-based
> terminal services client). Once the user
> authenticated to the local box's SAM (SAM is the
> user/password database for a standalone box - we
> didn't want to have our AD domain stuff out
> there), another terminal service client session
> is started for them (not web-based) to a MS
> terminal server inside, on our LAN. In this way
> we could protect the internal MS boxen from
> direct connections from the Internet. Of course,
> eventually, xterm got hacked, and now we don't
> want to rebuild it with backed up SAM db because
> someone might have all this info, and we don't
> REALLY want to create all new passwords and get
> them to the users, and then have it all happen
> again. So I suggest this, and please tell me if
> it could work:
>
> External user connects to a hardened Linux box in
> the DMZ, via SSH. They are authenticated to our
> RADIUS server (can Linux authenticate to radius?
> MS can't).
Yes Linux can be configured to authenticate via radius, or ldap, or
Windows NT server or Kerbros, others or roll your own via the PAM
interface.
> A script is run to then connect the
> user with rdesktop to the MS terminal server
> inside.
>
> Does this sound possible? Has anyone done
> anything like this?
>
> Thanks!!
>
> Scott
>
>
Don't see any reason why it would not work.
Cheers,
Davidm
> .
>
> __________________________________
> Do you Yahoo!?
> SBC Yahoo! DSL - Now only $29.95 per month!
> http://sbc.yahoo.com
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
--
David IS Mandala
gpg fingerprint 8932 E7EF CCF5 1B8C 1B5C A92E C678 795E 45B2 D952
Phoenix, AZ (480) 460-7545 HP, (602) 741-1363 CP
http://www.them.com/~davidm/