Linux front end for a MS Terminal Server?

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMScott H at <-
.M 
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Brian Tafoya
Date:  
Subject: Linux front end for a MS Terminal Server?
If you are concerned about an outside user entering your network, try
using a Linux box with PPTP & FreeSwan implemented for MS friendly VPN
support. This will give you an encrypted VPN you can control, then use
rdesktop to make the desktop connection. There is a distro based on
Redhat that implements the VPN at www.clarkconnect.org that has what you
need, including firewall. I am using this same solution with several
clients without any issues. :)

If you would like to talk offline message me personally.
.

Brian Tafoya
VP of Information Technologies
Smart Guys Computing
www.sgcaz.com

-----Original Message-----
From:
[mailto:plug-discuss-admin@lists.plug.phoenix.az.us] On Behalf Of Scott
H
Sent: Friday, July 11, 2003 12:48 PM
To: PLUG
Subject: Linux front end for a MS Terminal Server?

Another opportunity to use Linux has appeared at
my company. If I can get some helpful
ideas/comments, perhaps I'll be able to replace
another MS machine! :)

Here's the situation: we used to have a W2K box
in our DMZ (I'll call it xterm) which accepted
TSAC web connections to it (TSAC is a web-based
terminal services client). Once the user
authenticated to the local box's SAM (SAM is the
user/password database for a standalone box - we
didn't want to have our AD domain stuff out
there), another terminal service client session
is started for them (not web-based) to a MS
terminal server inside, on our LAN. In this way
we could protect the internal MS boxen from
direct connections from the Internet. Of course,
eventually, xterm got hacked, and now we don't
want to rebuild it with backed up SAM db because
someone might have all this info, and we don't
REALLY want to create all new passwords and get
them to the users, and then have it all happen
again. So I suggest this, and please tell me if
it could work:

External user connects to a hardened Linux box in
the DMZ, via SSH. They are authenticated to our
RADIUS server (can Linux authenticate to radius?
MS can't). A script is run to then connect the
user with rdesktop to the MS terminal server
inside.

Does this sound possible? Has anyone done
anything like this?

Thanks!!

Scott


.

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.497 / Virus Database: 296 - Release Date: 7/4/2003


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.497 / Virus Database: 296 - Release Date: 7/4/2003



This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Best Place to Register a Domain Name, Opinions WantedBest Place to Register a Domain Name, Opinions Wanted->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)