Integrate LMS as a LAN Management System


(jelle) #1

I’ve been using LMS (http://lms.org.pl/?lang=en) for quite some years now. With it we manage all clients on our LAN. In short it is a system where you register most aspects of your network; DHCP range / gateway / etc, clients with their name and registered computers (MAC address and IP), finance subscriptions, but also your netdevices like switches and access points. freeRadius can look directly into the database and find auth credentials per user and per access point.
LMS can do a lot more like hold documents per user, create statistics reports (finance, invoicing, bandwidth usage), send messages (mail/sms) to specific users or networks, has a built in Helpdesk for managing tickets and you can create a network map of all your registerd devices. And even more… but I sugest you take a look yourself at the demo (http://lms.org.pl/demo.php)

LMS is written in PHP and has some Perl scripts to add functionality to the system, like creating dhcpd.conf, hosts file, daily/monthly finance management, automatic cutoff users when payment is behind or when bandwitdh is too high, (arp)ping hosts on the network, processing bandwidth statistics, creating iptables, and many more.

It boiles down to a webinterface where you can simply review your entire LAN, online and registered hosts and network settings and communicate with your users.

So, why bring this up here?
I think Nethserver is a powerful tool/OS for setting up the main system with easy package management and a clear view on the system. On top of that it would be great to implement an extra tool for really managing and registering your LAN, devices and clients. That’s where LMS comes into play I think.

While Nethserver manages the actual hardware and main system (interfaces, system packages, firewall) LMS can be used to manage your LAN with authenticated hosts and block access (MAC address or freeRadius) when necessary. Now, I can image just installing LMS as a webservice next to Nethserver, but creating a package for it and better integrate it into Nethserver would be really great!

I don’t have a plan for this, just bringing it up here because we might think of a way together. I’m working on installation instructions for using LMS in combination with a mangeable bridge (bridged interfaces) that functions as dynamic firewall where LMS can detect when users may have access or need to be blocked and pass that on to iptables.
I’ll post here when I’m finished with that howto so you can try it out if you like. It would also be a great setup icw Nethserver of course.

Well, maybe start of with your ideas about this. Is this even a good idea or do you think it doesn’t fit into Nethserver? What questions arise?


(Davide Principi) #2

NethServer is highly modular, and I would push further its modularity!

The current firewall configuration is managed by Lokkit (on single interface hosts) and Shorewall (on multi interfaces hosts). DHCP and DNS services are provided by Dnsmasq.

These components come as RPM packages, installed over the very basic system.

Following this approach one can choose different ways to implement a service, though trying to reuse existing components would be preferred.

Could you provide a list of services required by LMS? I guess

  • httpd?
  • radius?
  • some SQL DB?
  • iptables?

(Filippo Carletti) #3

I had a look, lms seems targeted to ISPs to me.
Maybe a NAC system could be the most important feature you’re looking for. See PacketFence (http://www.packetfence.org/). Other options cound be an audit system like OpenAudIT (http://www.open-audit.org/).


(Stefano) #4

I fully agree with you, Filippo


(jelle) #5

Yes, I guess you’re right. We’re kind of a ISP here for a limited number of home users (about 250). It might not be suitable for general use to others. I will take a look at packetfence soon, thanks.