Nx2l's Home Lab blog

nx2l · February 5, 2019, 2:20pm

I was thinking about setting up an IPA server to user for central management of users & authentication at home.

Anyone have any tips or suggestions

I’ve never had luck with setting up kerberos keytab for use with secure NFS before… really want to figure it out.

(when i get enough motivation to tackle this change at home, I’ll have to redo my home network so I can properly do vlan tagging on my switches) – edit - completed!

nx2l · February 11, 2019, 6:02pm

Something else I want to add to my list is to setup this:

http://ipaudit.sourceforge.net/

reavessm · February 11, 2019, 7:27pm

I was about to install keycloak on a kubernetes cluster, but I am still very confused by kerberos/ldap. It seems to be straight-forward, but we’ll see

reavessm · February 11, 2019, 7:31pm

Also if this is just a general home lab blog, I am about to install a new Gentoo server and load it up with kubernetes, libvirt, and probably some other stuff. I will probably be back here asking for advice haha

nx2l · February 11, 2019, 8:07pm

Im cool with that

nx2l · February 11, 2019, 11:45pm

Once the 8TB nas drives ( I got on sale) get here, i’ll backup my DIY SAN system and then update it from fedora 27.

oO.o · February 12, 2019, 4:03am

+1

1 update since 2005 though? Idk…

nx2l · February 12, 2019, 9:48am

Understandable reaction. But last I tried it… which was in a security class in college, it was nice.

nx2l · February 12, 2019, 3:21pm

I have always enjoyed using kerberos auth with my linux servers (at work)

all you have to configure is the krb5.conf (manually or using the authconfig command)
create a local user with same user id as the AD user
can use usermod -L to lock the local auth via /etc/shadow
and then the user can only log in via kerberos

reavessm · February 12, 2019, 5:18pm

So does this affect like the local login manager (gdm, sddm, etc)?

nx2l · February 12, 2019, 5:24pm

I don’t know why it would be. The uid gid are still controlled via etc/passwd.

nx2l · February 13, 2019, 11:22pm

Site says my drives shipped two days ago but there have not been any tracking updates…

Concern

oO.o · February 14, 2019, 6:24am

Agreed. It seems like sso was a huge focus for a while and more and more things were being kerberized, but now not as much.

I have been planning to test Samba AD/FreeIPA trust to create a completely cross-platform, open-source directory structure, but I’m still working on the Samba half.

nx2l · February 15, 2019, 7:42pm

and now I have to wait up to 5 more days based on the tracking… wtf

oO.o · February 15, 2019, 7:55pm

They aren’t getting rerouted through Virginia are they?

nx2l · February 15, 2019, 9:09pm

What is happening in VA…
but yes. I think it should go thru VA…

oO.o · February 15, 2019, 9:11pm

I was joking, but…

And my bad, I think it’s Maryland, not Virginia.

Goalkeeper · February 15, 2019, 9:14pm

I never heard of this before.

injinj · February 15, 2019, 10:19pm

I once locked my keys in my car in the parking lot at the NSA… Fortunately, the parking lot police were able to unlock the car by looking at it.

Goalkeeper · February 15, 2019, 11:06pm

You were at the NSA why?