My idea would be to have both services running also on the Raspberry Pi. And making both work together is even more difficult. While an LDAP server seems to easy to set-up, Kerberos seems to be more complicated. Issue 2 could be solved by using NFSv4 and Kerberos. Here, user and group IDs are stored so they are automatically in sync. If I understand it correctly, issue 1 could be solved by using an LDAP server. While I tried to exclude the devices that should not have access to the NFS server by IP address, one rogue device within the dedicated IP range could just get access to everything. The access to the NFS data is not secure.With the low number of machines, it's certainly doable but an automatic approach would be nice. All user IDs and group IDs need to synced by hand.Currently, I use NFSv3 so I have two issues what that: I mainly use Linux so I access data on the NAS using NFS. In future, I will get one or two additional desktop PCs or another/different NAS but in general, the main subnet will not grow a lot. Other devices that only need internet access are in another subnet. In addition, there are a media player (NVIDIA Shield) and some Android phones in this subnet, and the Jellyfin media server is running on the NAS. First the questions, details afterwards: In a (small) home network, is it worth to introduce an LDAP and/or Kerberos server for secure and easy usage of NFS? If so, what is the best approach?Ĭurrently, my main home network mainly consists of one desktop PC and a Laptop, a Synology NAS, a Raspberry PI as a DNS and OpenVPN server, and Internet/Wifi router.
0 Comments
Leave a Reply. |