The premise
I've been tasked with finding a solution to the following scenario:
- our main file server is a Linux machine.
- on the LAN, users simply access the files using SMB.
- each user has an account on the file server and his/her own access rights.
- user accounts are simple passwd/group security accounts, not NIS/LDAP.
The problem
We want to give users (or at least some of them, say if they belong to a particular group) the ability to access the files from the Internet while travelling.
Ideally
- I'd like a seamless solution. Maybe something that allows the user to access a mapped drive would be ideal.
- A web-oriented solution is also good but it should present files in a way that is familiar to users, in an explorer-like fashion for instance.
- Security is a must of course, and users would be expected to log-in.
The connection to the server should also be encrypted.
Anyone has some pointers to neat solutions?
Any experiences?
Edit
The client machines are Windows only.
Best Answer
OpenVPN will make you very, very happy, I think. It's pretty easy to setup with static keys for testing and playing around, and only marginally more difficult to setup with certificates when you're ready to go into production.
You can require logins on the clients via your server's PAM (and thus your /etc/passwd file), in addition to either static keys or certificates, by using the "auth-pam.pl" script provided and the "auth-user-pass" directive in your client configurations.
The OpenVPN GUI for Windows is very nice, so if your clients have Windows machines it won't be a jarring command line-based experience.
All-in-all, I've been very pleased with OpenVPN.