Best way to manage login credentials and ACL across 5 different machines with a mix of Linux & Windows

[Master Disaster]

I have so many logins to remember now that I'm getting them confused and often get locked out because I cannot remember the correct password, looking for the best way to consolidate them all into a single login management service.

 

Here's the list

Main Desktop, Linux, 1 account

Laptop, Windows, 1 account

NAS, Linux, 2 accounts

Homelab Server, Linux, 4 accounts (I have a main/sudo login, a webserver user login, ftp account login & ssh account login)

VM on Homelab, Linux, 2 accounts

 

In all cases my main account uses the same user & pass, the others are all different.

 

I can run a service on my homelab since its up 24/7 however I'm not sure what the best way to achieve it is. Since I have a Windows account it has to be something AD, right? AFAIK the 3 options are ADDC through SAMBA, OpenLDAP or Kerberos.

 

Which one is the easiest (Security isn't a massive priority since it'll never go beyond my LAN anyway) or have I missed something?

 

Cheers.

[leadeater]

Well since you are wanting Windows user account management then your only two options are Windows Active Directory or SAMBA Active Directory. Then all your Linux stuff can be sssd and bound to either, AD really is just an LDAP server with "extras" and those extras only apply to Windows stuff. Both are also Kerberos KDC.

 

Joining a Linux system to a domain is little more than just doing a realm join, depending on specific environment some additional post configuration can be required. Realm join sets up a basic sssd config as well btw.

 

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/realmd-domain

 

Really it's up to you if you want to go Windows or Linux AD side of things.

[Master Disaster]

12 minutes ago, leadeater said:

Well since you are wanting Windows user account management then your only two options are Windows Active Directory or SAMBA Active Directory. Then all your Linux stuff can be sssd and bound to either, AD really is just an LDAP server with "extras" and those extras only apply to Windows stuff. Both are also Kerberos KDC.

 

Joining a Linux system to a domain is little more than just doing a realm join, depending on specific environment some additional post configuration can be required. Realm join sets up a basic sssd config as well btw.

 

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/realmd-domain

 

Really it's up to you if you want to go Windows or Linux AD side of things.

Damn, I was hoping to avoid ADDC if possible. I've tried it in the past and it was kinda flakey though admittedly I was using SAMBA, it was on my Synology NAS (and Synology have a habit of messing with stuff for their own needs) and it was a few years ago.

 

TBH though, SAMBA DC would be the least work since homelab is running smbd already for filesharing.

 

I think I'll spin up a few Ubuntu VMs on a private network and play around with ADDC on samba away from my existing stuff.