Member Avatar for darrglud

I am looking to setup a domain controller, a security system (with website filtering, I would prefer if it let me unblock certain websites, and let me use a username and password to login, and bypass all filtering), and a webserver / ftp. Preferably this will all be done on one system, with virtual machines

In regards to the domain controller, I'm not positive that is what I'm looking for, but I can describe what I am. I am looking for a way to have one system control all of the usernames and passwords and network shares. So if someone changes a password on one computer, every computer on the network will have changed the password. If possible, it would be ideal to have settings move from computer to computer too. How about resolutions? Can i make them change for each account. So if Bob wants the resolution (screen) to be 1600x1200, and Joe wants his resolution to be 1280x1024, and they are on the same system, is it possible? I know it is with Linux.

With the filtering / security gateway, which do you recommend? I'm thinking of doing this for a school and I'm wondering what would be a good os / program. I've looked at Astaro Security Gateway a little bit, but I don't know about it.

When it comes to the ftp server and web server, I can figure those out, since I've had some experience with those types of applications.

Since i want to do this on one system, what would be a good way to manage this. Will I need two nic cards, one for a connection to the internet (actually the pre-network firewall) and one for the rest of the network or not? I don't know about that though, because I think there is not really any easy way to connect the computer directly to the network. So, basically, can I do this with one nic card?

If you need any clarifications, then just post them :).

Thank you,
DarrGlud

  • 2 Contributors
  • 5 Replies
  • 132 Views
  • 21 Hours Discussion Span
  • Latest Post Latest Post by cutepinkbunnies

Recommended Answers

All 5 Replies

Member Avatar for cutepinkbunnies

Hi DarrGlud,

Sounds like you're looking for a domain controller in your description, except it kind of sent up a red flag as to where you're going to place this machine.

Windows domain controllers aren't like setting up a FTP server or an ACL on a file share, these are complicated things that use and will introduce multiple layers of protocols and technologies it relies on to your network. To configure a domain controller on a Windows 2003 Server use the command "DCPROMO" from a cmd window. I'd recommend reading up a bit more on the Windows Active Directory Infrastructure since I really can't explain it in a reply, or even several pages of replies.

For your proxy/gateway, ISA Server with Webspy is a good combination and will easily integrate with your AD Infrastructure. I can't comment on Astaro since I've never seen/heard of the product. If you'd like to use something free IPCop works well but you're not going to get it to integrate with AD.

Also, your domain controller SHOULD NEVER sit on the gateway. It is a big security no-no to do this, so plan on having several machines. Your ISA Server or IPCop machine is the only thing that should sit on the gateway, and yes it will need 2 NICs.

Here is a link to a few amazon books relevant to "MCSE" which is a Microsoft certification for those that are versed in Active Directory Infrastructures. These are the books to read if you want to really learn about Active Directory.

http://www.amazon.com/s/ref=nb_ss_gw/102-1743044-6131311?url=search-alias%3Daps&field-keywords=MCSE

I hope this helps, if you have any more questions don't hesitate to ask.

Jon

Member Avatar for darrglud

Ok, well i cannot do multiple servers, but did I mention that I will be behind a router, and the site / ftp will ONLY be accessable outside the network. I will have to use linux, because i want to make the maximum profits possible (plus I like linux anyway). As for the gateway, would a pentium 1 work?

Member Avatar for cutepinkbunnies

I will have to use linux, because i want to make the maximum profits possible

Profits and cost of ownership are two different things. There is no linux-copy of Active Directory that offers even close to the scale/power of its Microsoft Counterpart.

Point being, yes apache is a great alternative to IIS, Bind for DNS, etc...Nothing yet will replace Active Directory. Saying you're going to run Active Directory on linux is like saying you're going to make a Ford Corvette.

With IPCop (a debian based Gateway solution), you could successfully run it on a Celeron 300 (I've done it before).

With your limitations of running boxes, there isn't much you can really do...procure a copy of Windows 2003 Server Small Business Edition? About $800 and includes ISA and everything else you need, and then you will still have your DC sitting on the gateway because of the 1 box limitation.

All this depends on what time and money you have at your disposal.

Jon

Member Avatar for darrglud

Profits and cost of ownership are two different things. There is no linux-copy of Active Directory that offers even close to the scale/power of its Microsoft Counterpart.

Point being, yes apache is a great alternative to IIS, Bind for DNS, etc...Nothing yet will replace Active Directory. Saying you're going to run Active Directory on linux is like saying you're going to make a Ford Corvette.

With IPCop (a debian based Gateway solution), you could successfully run it on a Celeron 300 (I've done it before).

With your limitations of running boxes, there isn't much you can really do...procure a copy of Windows 2003 Server Small Business Edition? About $800 and includes ISA and everything else you need, and then you will still have your DC sitting on the gateway because of the 1 box limitation.

All this depends on what time and money you have at your disposal.

Jon

Well couldn't I use a samba server, because the most important thing for me that i can have the accounts on every computer in the network. Is it also possible to setup the shares, because i can do the restrictions on the local system.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.