Next: Servers Up: Authentication Previous: Authentication Contents
IPBrick allows several authentication modes and it is configured by default for all the users to authenticate themselves in their own IPBrick (Figure 7.7):
IPBrick Master: Default Mode. All the services in the server shall use the LDAP server;
Secondary Master IPBrick: Used only under High availability license. See Appendix E for details.
IPBrick Slave: LDAP server shall be a synchronized replica of the indicated IPBrick Master server, and this mode is used in a scenery with several servers. The users may authenticate themselves in this server, once there is a temporized synchronization of the LDAP database with the IPBrick Master, but there is no possibility to add users. In networks with a high number of users where there are several authentications, it is useful the use of slave authentication servers thus avoiding a congestion in the IPBrick Master network segment. This scenery is also of a great use in networks geographically distributed (Figure 7.8);
IPBrick Client: The services authenticate remotely in the indicated LDAP IPBrick server. In this case, there is no local database copy, and it is necessary to specify the IPBrick Master/Slave server. Normally, this way of authentication is used in a IPBrick.c in the extent of VPN, PPTP and Proxy services (Figure 7.9);
Netbios Client: It is possible to IPBrick to become a part of the domain managed by a server previous to Windows 200x to use the NetBIOS protocol. In a network like this, the users continue to authenticate themselves normally in the Windows machine.
AD Domain Member (IPBrick Master): IPBrick is a member of a domain managed by a Windows Active Directory server. The users of the network need, as always, to authenticate in AD;
AD Domain Member (IPBrick Slave): The IPBrick Slave is also going to be a member of a AD domain, acting as a secondary IPBrick server. The use of a Slave IPBrick as a member of a AD domain may be particularly useful in the case of secondary email servers, always implying the existence of another IPBrick server configured as a member of the AD domain - Master IPBrick .
NOTE: After changing the IPBrick authentication mode, during the Apply Configurations, the IPBrick will reboot automatically.
NOTE: At a Slave/Client IPBrick, the myipbrick virtualhost will be automatically configured with reverse proxy to the Master IPBrick.
Distributed Filesystem
The users nay be physically distributed by the Master/Slave servers. Meanwhile, the centralized information system - LDAP has the information about the physical location of each account. A NFS (Network File System) service makes available the accounts of the users through the network. The Automount service combines the LDAP information with NFS and makes automatically available the accounts of the users virtually in any other Master/Slave server. IPBrick allows the integration with authentication servers running in Windows operating systems, namely previous Windows 200x machines (NetBIOS authentication) and after Windows 200x machines (authentication via Active Directory).
Automount
LDAP is a directory service where the relevant information of a company is kept: Users, computer resources, contacts, etc. The Automount service combines the LDAP information with NFS and makes automatically available the accounts of the users virtually in any Master/Slave server.
In the Netbios authentication, the authentication server has not as a base a LDAP service. In this configuration, IPBrick uses its own LDAP server as an auxiliary member for the other services. In the authentication mode member of the AD domain, the authentication server is a LDAP implementation. All IPBrick services are configured to use this LDAP server. However, it is necessary to extend the structure of this LDAP server to support the requisites of IPBrick server, namely the UNIX/Linux credentials and the Automount information.
NOTE: At www.eshop.ipbrick.com - Downloads » Documentation » Other documentation there is a document about the integration of IPBrick as a member of an AD domain as well as necessary files for this procedure (you will have to be registered at our eshop for the Download section to be available).
IPBRICK
