Topic: [solved => VPN] LDAPs + NFS + Kerberos - Access from the outside?

[Old Lodge Skins]

Hi all,

I'm using Kerberized NFS shares on my server (7.4), my workstations are configured to use the LDAP server as their only authentication method.
From inside my local network, this works just fine. Really, perfect. But in the next few days I'm going to be away, and I'll need my laptop to at least access the LDAP server. The problem is, allowing LDAP access from the outside world into the server manager seems to open the standard LDAP port (389) while I really want to use it in secude mode only (636). So I figured I should redirect port 636 to the server's own IP in order to open it and I should have my secure LDAP access. Right? Can somebody confirm?

And next, I'd also like to have access to my NFS shares if possible... I could live without it but it'd be better if it was working. Do I have anything to change? Or will it naturally be accessible from the outside?

Thanks.

Seb.

[Stefano]

Old Lodge Skins: the right word is "VPN"

you don't need to public anything: just connect to your server via vpn and everything will be available

HTH

P.S. how did you setup nfs/kerberos/ldap?

[Old Lodge Skins]

Good idea I didn't think about that... I've never used my server's VPN capabilities though, I'll have to look into it. The VPN connection needs to be active BEFORE KDM starts on the client (since the LDAP server is used to identify the user). I guess this must be doable...
I made a post long ago about ldap / kerb / nfs just look at my posts you should find it easily.

Seb.

[Stefano]

Good idea I didn't think about that... I've never used my server's VPN capabilities though, I'll have to look into it. The VPN connection needs to be active BEFORE KDM starts on the client (since the LDAP server is used to identify the user). I guess this must be doable...

what client o.s. are you using?

I made a post long ago about ldap / kerb / nfs just look at my posts you should find it easily.

what about creating an howto in the wiki?

[Old Lodge Skins]

I'm using OpenSUSE 11.2 with NetworkManager...
Right now I'm trying to install OpenVPN as PPTP isn't exactly "secure" as far as I know but I'm stuck - can't get  http://sme.swerts-knudsen.dk/downloads/OpenVPN/OpenVPN.tgz the server isn't responding... I'm going to make an other thread asking if anybody has it, unless someone reads me here (I don't want to add a new thread for nothing).

Seb.

PS: By the time I set up my NFS / Kerb server, I've been suggested to send my method to the devinfo mailing list, so I did... I hoped someone would be able to make a contrib out of it.
It was quite a long time ago now (months) and I'd need to make it all over again if I wished to make a tutorial, cause I'd need to refresh my memory... Unfortunately I don't have a spare server to use lol! This said, my notes should be enough for someone else to write it or maybe even make a contrib... I've had some difficulties with it, but now that it's set up, it's working great.

[Stefano]

I'm using OpenSUSE 11.2 with NetworkManager...
Right now I'm trying to install OpenVPN as PPTP isn't exactly "secure" as far as I know but I'm stuck - can't get  http://sme.swerts-knudsen.dk/downloads/OpenVPN/OpenVPN.tgz the server isn't responding... I'm going to make an other thread asking if anybody has it, unless someone reads me here (I don't want to add a new thread for nothing).

IMVHO pptp is secure enough, so you should use it..

anyway, you can also create an ssh tunnel (google is full of examples)

PS: By the time I set up my NFS / Kerb server, I've been suggested to send my method to the devinfo mailing list, so I did... I hoped someone would be able to make a contrib out of it.
It was quite a long time ago now (months) and I'd need to make it all over again if I wished to make a tutorial, cause I'd need to refresh my memory... Unfortunately I don't have a spare server to use lol! This said, my notes should be enough for someone else to write it or maybe even make a contrib... I've had some difficulties with it, but now that it's set up, it's working great.

ok, I will search the dev's ML, thank you

[Old Lodge Skins]

I still have the messages I sent, I'll PM you.