≡ Menu

desktop computers

HowTo: Use OpenBSD In the Corporate Environment

OpenBSD has a reputation for high security and difficult operating systems for new user. But, some orginsations are using OpenBSD for everything including firewall, servers and desktop computers. This is quite impressive, from the article:

So our paid job is hacking on and deploying, maintaining, supporting... OpenBSD installations. We are also required to hack on things that can be merged back into OpenBSD itself and when it's not possible, then we change what we did so that it can be. Of course some developments are very specific to what we do and have no place in the project's CVS tree.

So, amongst other services, we set up and maintain several 100% OpenBSD-based infrastructures (going from the entry site firewall to the secretary's workstation) and this is what I'm going to talk about here.

As a side note, it is important to know that we are working exclusively for Fortune 500 companies (each operating in totally different and unrelated sectors).

Read more: A Puffy in the corporate aquarium.

Every IT shop has a mix of Windows and Linux system. Sometime you need to authenticate your Linux desktop system against Microsoft Active Directory service. You can save time, effort and IT infrastructure by sharing authentication server. This article explains how to setup the Linux desktop computers with Active Directory using Samba and winbind.

From the article:
Starting with Windows 2000, Microsoft moved from NTLM to Active Directory and its integrated Kerberos authentication services. Kerberos was considerably more secure than NTLM, and it scaled better, too. And Kerberos was an industry standard already used by Linux and UNIX systems, which opened the door to integrating those platforms with Windows.

Most Linux distributions come with several PAM authentication modules, including modules that support authentication to an LDAP directory and authentication using Kerberos. You can use these modules to authenticate to Active Directory, but there are some significant limitations, as I will discuss later in this article.

=> Authenticate Linux Clients with Active Directory