Authentication/Management for Linux Systems

I really want to get into being a linux admin, but I am not sure what is used for device management, and authentication.

I am playing around a bit with openVPN, but if someone wanted to get into linux dev, what are some applications to look at for managing large amounts of machines(Like an open source RMM).


Foreman is a big name right now.

1 Like

Thanks, that actually looks very nice.
Is openLDAP good for central authentication? Would you ever run it in a business?

I have only ever really worked with Windows Server Environments, so I am trying to sort of design a set of linux that performs the needed tasks in a company.

I’m using FreeIPA, which has LDAP built in

1 Like

For user management / file sharing I use Zentyal at a couple of sites and it seems to work ok and works as a windows domain. I’ve not tested with windows 10 though so ymmv.

If you are looking for automation tools then ansible and puppet. Docker maybe to automate building systems.

1 Like

I’m a little confused by your post. You start off talking about linux desktop/server administration then development. Which one are you wanting help on?

RMM in the traditional sense is huge and the biggest 10-20 RMM providers do usually include a linux agent. When I think of RMM for Linux it’s different in the sense of a lot of people would probably use puppet among other automation tools to accomplish things. That usually negates the need of the traditional ideal of authentication. To put it into context, if your managing 100’s or 1000’s of VM’s that’s child’s play to bigger companies where 1 engineer is probably responsible for 100k to 1 Million VM’s. So it’s all about the toolset and toolchains your doing.

If you already have experience with administration, explain what did (or are currently) using to monitor anything right now?

Technically my Solar Winds Putty client can do mass scale management if we talking about tossing scripts around and remoting into machines. If you have had time to properly watch any of Tom’s video’s he does a great job of showing you all the linux based apps he uses. Today I’ve been playing with Atera and SynchroMSP among other tools.

Here is a good read:

I like using Cockpit and Webmin

The way I do administration on Windows vs Linux doesn’t vary much. Document what your onboarding steps are for a new machine/host and learn both the GUI and command way (when applicable) to perform same task on either system. Document document document and document some more. Technically you can use Microsoft AD.

As far as my environment I use primarily XCP-NG (latest release) for my virtualization hypervisor. I deploy different flavors of linux but my prime tool I base off of is usually Turnkey Linux / . The reason I use them is because it gives me a consistent environment with the administration and backup built into each vm. I do play around with OEM/Vendor builds directly also but I do love what Turnkey does in general.

Honestly I’m in a scramble to get rid of Windows at home (except for gaming) and where applicable for work. Honestly I see no point of it as Google Chrome OS / Chromium, Linux and a RDP environment (where applicable) can really save on cost and keep anyone flexible. Chrome OS is easier to maintain than even a standard Linux.

Coincidentally Turnkey has something for you :wink:

1 Like

Hello Krisleslie,

Thank you for all that information.
The MSP that i work at is trying to do everything using windows servers, and since its my first IT Job, I have only worked with the windows stack in production.

I am also wishing to change all of my home stuff to linux even for gaming with the newer proton compatibility layer, but at the same time, set up a deployment as if it were at a client, so I can test out and use more open-source linux options. I hate administrating Windows environments though because it feels like a constant battle.

I currently use Connectwise Manage/Automate/Control for work. So i have an idea behind automation and management. I was looking for information or maybe just having a discussion about what is in use out there.

I couldn’t find anywhere what Lawrence uses in-house for central authentication, and since it is a home setup, i wouldn’t be paying for something huge like Solarwinds.

The Foreman actually looks amazing, even though its really feature-filled and will take some time for me to learn.

The central Login authentication is really nice to have, but I am looking for something that would normally be used in a production environment. Do you have any thoughts between the turnkey’s Domain Controller, openLDAP or FreeIPA? I have tested the 2 turnkey machines, as well as a couple other solutions, but I’m wondering what a company would go with in an environment where they do not wish to use a Windows Active Directory Domain Controller as their main method of login.

This will be for workstations, on top of virtual machines. Would puppet be sufficient to control the logins for these workstations?

Hopefully this cleared some things up.

1 Like

To go into what I do at the MSP i work at, its mostly using the RMM tools to try and to everything. As a company, we seem to be lacking in the real power that comes with using a windows server(Like having GPOs that better lock-down security for machines.)

The things I am looking at specifically is:
-One place i can go to see an inventory of all machines
-The ability to have configs persistent on new machines (so the file /etc/whatever.conf gets auto-copied)
-The ability to remove all accounts(keeping root with a long password) except for a login server.

On top of that, I am going to be also setting up a mediawiki from turnkey, as well as my own encrypted text/voice chat with jitsi and zulip. I already have a Workstation server that is just an x2go host, and pfsense for routing. Everything is hosted on xcp-ng.

If you think theres something better I should be doing, please share, as I am doing this to learn, and would love any input.

1 Like

I have used Zentyal, and it does work well with windows 10(I am not sure about any updates though, i tested this over a year ago).

I am looking more for something that will specifically work with Linux, since i am so fed up with windows updates(They can’t have a budget to hire enough QC/QA, but they can blow 50+ million on Mixer, then shut down?)

I felt that Zentyal was more Windows focused. I may revisit it though after i go over freeIPA.

1 Like

For the most part MDM solutions are set to replace AD and other forms of authentication we have used in the past in favor of cloud or saas delivered solutions. In the sense of managing a fleet of servers, using puppet or comparable automation solution, authentication is trivial. Normally the tool is explicitly confirming things like username/password are hard set across all things via your cookbook. I haven’t spent enough time on it but if I recall the only red flag was it may send data in the clear that way. Which could be a no-no but that is a surface assumption not a deep one as again I haven’t jumped in deep enough myself. I’m rebuilding my lab and probably within a month or two time frame will have all the pieces I need.

For the most part Zentyal is a AD replacement but only for the simplest of things. You do obviously pose the risk of it not being replicable. I used it about 8 years ago when we had a workgroup and horrible setup for infrastructure. We now are better but still horrible in many ways (beyond my control). We normally use AD and join all our desktops/workstations/laptops to the domain, nothing fancy there. For the linux machines, as I mentioned before I normally just use Webmin etc since it’s easy to do samba.

1 Like

FreeIPA came on my radar a few months ago. I haven’t heard anything bad about it but I haven’t deployed it in my lab.

1 Like

Ah, I was looking at puppet/Foreman as a RMM, not as an MDM. It would make sense, that an MDM would replace the authentication methods.
I haven’t actually used an MDM yet, just done a bit of reading on a couple that are out there.

Lets say I was setting up VPN, to allow someone else to connect in and work on the servers with me. Instead of creating 1 profile, i thought I could use the central login to give them 1 account, and mark their permissions through there.

As far as I can tell, most of the applications including Foreman have LDAP for login authentication as an option. I do not need something to push out config, since it looks like Foreman/Puppet are amazing for that (I don’t have it working yet, but it looks promising. I may have to come back to setting up foreman later though, since I am almost half way through my vacation, and I still haven’t even gotten the 1 server set up, and I also want to set up a bunch of stuff(I was hoping to be able to deploy them easily through Foreman. Lol)

it really depends.
If you just want a platform for your linux-devices go with freeipa.

If you want a cheap MS AD alternative checkout Univention UCS.
The core version is free is making exactly this.

1 Like