Another opportunity to use Linux has appeared at
my company. If I can get some helpful
ideas/comments, perhaps I'll be able to replace
another MS machine!  :)

Here's the situation:  we used to have a W2K box
in our DMZ (I'll call it xterm) which accepted
TSAC web connections to it (TSAC is a web-based
terminal services client).  Once the user
authenticated to the local box's SAM (SAM is the
user/password database for a standalone box - we
didn't want to have our AD domain stuff out
there), another terminal service client session
is started for them (not web-based) to a MS
terminal server inside, on our LAN.  In this way
we could protect the internal MS boxen from
direct connections from the Internet.  Of course,
eventually, xterm got hacked, and now we don't
want to rebuild it with backed up SAM db because
someone might have all this info, and we don't
REALLY want to create all new passwords and get
them to the users, and then have it all happen
again.  So I suggest this, and please tell me if
it could work:

External user connects to a hardened Linux box in
the DMZ, via SSH. They are authenticated to our
RADIUS server (can Linux authenticate to radius? 
MS can't).  A script is run to then connect the
user with rdesktop to the MS terminal server
inside.  

Does this sound possible?  Has anyone done
anything like this?  

Thanks!!

Scott


.

__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com