On Fri, 2003-07-11 at 12:48, Scott H wrote: > Another opportunity to use Linux has appeared at > my company. If I can get some helpful > ideas/comments, perhaps I'll be able to replace > another MS machine! :) > > Here's the situation: we used to have a W2K box > in our DMZ (I'll call it xterm) which accepted > TSAC web connections to it (TSAC is a web-based > terminal services client). Once the user > authenticated to the local box's SAM (SAM is the > user/password database for a standalone box - we > didn't want to have our AD domain stuff out > there), another terminal service client session > is started for them (not web-based) to a MS > terminal server inside, on our LAN. In this way > we could protect the internal MS boxen from > direct connections from the Internet. Of course, > eventually, xterm got hacked, and now we don't > want to rebuild it with backed up SAM db because > someone might have all this info, and we don't > REALLY want to create all new passwords and get > them to the users, and then have it all happen > again. So I suggest this, and please tell me if > it could work: > > External user connects to a hardened Linux box in > the DMZ, via SSH. They are authenticated to our > RADIUS server (can Linux authenticate to radius? > MS can't). Yes Linux can be configured to authenticate via radius, or ldap, or Windows NT server or Kerbros, others or roll your own via the PAM interface. > A script is run to then connect the > user with rdesktop to the MS terminal server > inside. > > Does this sound possible? Has anyone done > anything like this? > > Thanks!! > > Scott > > Don't see any reason why it would not work. Cheers, Davidm > . > > __________________________________ > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! > http://sbc.yahoo.com > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- David IS Mandala gpg fingerprint 8932 E7EF CCF5 1B8C 1B5C A92E C678 795E 45B2 D952 Phoenix, AZ (480) 460-7545 HP, (602) 741-1363 CP http://www.them.com/~davidm/