Trippynet wrote:My setup is a bit more simple to be honest, no domain - just a simple workgroup.
Everything began this way, but my friends started getting interested and chipping in for electricity and storage, and it became a nightmare to manage the accounts.
So I have nextcloud, some services in FreeBSD jails (like torrent), a dropbox-thing for my friends to use as cold storage (sends stuff to tape), and an Apache proxy behind the HAProxy so I can handle everything using only a couple of certificates. There's a remote desktop solution for them to browse the internet from work using guacamole, and it's almost all LDAP + the Google Authenticator thing, with a few services requiring VPN. Also shell in a box.
I have two FreeBSD boxes behind the HAProxy (using Dodoid's Mini Indigo), so I can reboot them for patches without service interruption.
I wrote scripts to rotate a few passwords every day (such as guacamole, not using LDAP for that) and yes... it runs MUCH faster than Windows. For example, MariaDB on a Linux VM under Windows answers to keep alive queries from HAProxy in 25ms. In a FreeBSD Jail, it's 2ms. Altogether, the gains of performance make for a very smooth experience, even with my 2x 4Mbps uplink circuits.
Creating individual accounts for me only is fine, but for 8 other guys it became impossible to manage.
Otherwise, I'm a huge fan of the KISS thing, and would not have LDAP or AD.