If you are concerned about an outside user entering your network, try using a Linux box with PPTP & FreeSwan implemented for MS friendly VPN support. This will give you an encrypted VPN you can control, then use rdesktop to make the desktop connection. There is a distro based on Redhat that implements the VPN at www.clarkconnect.org that has what you need, including firewall. I am using this same solution with several clients without any issues. :) If you would like to talk offline message me personally. btafoya@sgcaz.com. Brian Tafoya VP of Information Technologies Smart Guys Computing www.sgcaz.com -----Original Message----- From: plug-discuss-admin@lists.plug.phoenix.az.us [mailto:plug-discuss-admin@lists.plug.phoenix.az.us] On Behalf Of Scott H Sent: Friday, July 11, 2003 12:48 PM To: PLUG Subject: Linux front end for a MS Terminal Server? Another opportunity to use Linux has appeared at my company. If I can get some helpful ideas/comments, perhaps I'll be able to replace another MS machine! :) Here's the situation: we used to have a W2K box in our DMZ (I'll call it xterm) which accepted TSAC web connections to it (TSAC is a web-based terminal services client). Once the user authenticated to the local box's SAM (SAM is the user/password database for a standalone box - we didn't want to have our AD domain stuff out there), another terminal service client session is started for them (not web-based) to a MS terminal server inside, on our LAN. In this way we could protect the internal MS boxen from direct connections from the Internet. Of course, eventually, xterm got hacked, and now we don't want to rebuild it with backed up SAM db because someone might have all this info, and we don't REALLY want to create all new passwords and get them to the users, and then have it all happen again. So I suggest this, and please tell me if it could work: External user connects to a hardened Linux box in the DMZ, via SSH. They are authenticated to our RADIUS server (can Linux authenticate to radius? MS can't). A script is run to then connect the user with rdesktop to the MS terminal server inside. Does this sound possible? Has anyone done anything like this? Thanks!! Scott . __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.497 / Virus Database: 296 - Release Date: 7/4/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.497 / Virus Database: 296 - Release Date: 7/4/2003