• Their passwords are going to have to change at some point, due to security policy.
• When they change it on their desktop, it’s not automatically done on their laptop.
• After changing the desktop password, they need to connect the laptop to the network and then login with that new password for it to be cached.

Now, it’s easy to write out, and easy for a tech to understand the scenario – but it’s not that easy for a 45yr old Hispanic guy who hates his laptop anyway to grasp. But what if they didn’t have to grasp anything? What if no matter where you were, the login process and the features available were as seamless in Wisconsin as if you were sitting at your desk in Texas?

What I’m proposing is this:

• Internet is gained through the use of a mobile AirCard, that is set to automatically connect once plugged in. If no AirCard, some other form of high-speed internet would suffice, and possibly be preferred.
• Use OpenVPN as a system service that runs when Windows boots. It makes its connection to the Main Network with a PSK (pre-shared key), authenticates, and then routes all internet and network traffic through that connection.
• A Windows or Linux client that has been previously joined to the Active Directory Domain on campus.

Upon boot, the computer connects to the internet, and then sets up the VPN connection to the main campus. This is done as a Windows or Linux service. When the login prompt appears, the user enters their most recent credentials for the main campus, and logs in. These credentials are then passed through the secured VPN to the main campus, authenticated against LDAP or AD, and their group policies, logon scripts, and other drive mappings are passed back down to the client. After the personal settings have loaded, their laptop experience is just as it would be if they were on the main campus LAN – but all their traffic is secured, and over a WAN.

Can it be done? Has it been done? Is there a step I’m missing – or some important brick preventing it?

Blogged with Flock

Tags: openvpn, network, windows, linux, authentication, active directory, PSK, WAN, LAN, mobile, laptop, connection, internet, security, group policy

Technorati Tags: active directory, aircard, client, computer, desktop password, directory domain, Domain, drive mappings, group, group policies, high speed internet, laptop, ldap, Linux, network, network traffic, openvpn, passwords, personal settings, PSK, scripts, security, security policy, technology, University, user, vpn connection, WAN, Windows

Originally, as you might recall from previous posts, [[Oracle]] is an IRC bot that we use for auto responding and chanserv purposes. Our bots are still the same in function so far, but they each have their own computer.

[[Oracle]] is now the webserver for tsnlocal.net, and runs the tsn.lcl project. It’s hosting a hamachi client, and serveral tsnlocal network connections. It’s also using Google Desktop those network shares, so that I can make them web-searchable, and the files downloadable for those connected to the tsnlocal network. I’m still working on the technology to provide the search page to the outside world (though the files will only be accessible to those who are connected and authenticated to the hamachi network.

To do this, I have installed WAMP (Apache, MySQL, and PHP for Windows) and put it on an XP Professional box. There is a main webpage up right now that shows the online status of [[Oracle]] and [[Oracle]].1 (a secondary server, of which there is also an [[Oracle]].2 which will be used later). The webpage also shows the online status of those involved with the tsnlocal project. The design of the webpage is still under construction though, at the moment.

[[Oracle]] is also hosting some other services for tsn…things that aren’t directly tied to the website, per se…like a TeamSpeak server, Blockland game server, and some other stuff that I haven’t gotten to set up yet.

It’s also been brought to my attention that there is a security exploit in Apache for windows, and [[Oracle]] will be the test-bed for solving that exploit. I have a solution in mind that would work, but might be a bit difficult to set up – though it would solve the problem until a patch is fixed. I’ll post more on that when I get some time to test it.

Technorati Tags: Apache, apache mysql, client, computer oracle, design, game server, google, hamachi, IRC, irc bot, MySQL, network connections, network shares, oracle hosting, PHP, search page, Servers, TeamSpeak, teamspeak server, technology, the-spot.net, tsnLocal.net, WAMP, webserver, website, Windows