0
I am looking for a solution for the following network setup (think university):
Clients are mainly Laptops or PCs with their own local users / groups / system. They should be able to work without a network or in any other network (at home etc.) and with any system (Ubuntu / Fedora, Gnome / KDE, ...).
But it should be possible to mount NFS shares from a server, given the clients are in the same network as the server (physically or via VPN). The clients should need to authenticate with a username / password and then get access to shares they have authorisation for.
The typical solution for a large network with file shares (think university) would be Kerberos/LDAP/NFS4 and users can only login from the managed workstations, all of which have the same system. But this is not what I want as it couples the clients tightly to the network.
jonas
Posted 2018-07-12T09:54:02.627
Reputation: 101
Could you elaborate a bit more on that? Do you suggest fixed IP per user via VPN and NFS with IP restrictions? This gives only very limited control over which groups of users can access which files. – jonas – 2018-07-12T12:08:50.300
I would recommend running openVPN on top of PFsense or OPENsense. the NFS OS would be what authenticated the users. for instance, i have a NAS/RAID that authenticates users via the freeRADIUS package from PFsense. the NAS Firmware is what grants or denies folder access on a per Users basis. the users are created, managed, and removed through the central authentication. (RADIUS) – Tim_Stewart – 2018-07-12T12:44:40.580