Your confusion is confusing me lol
I don’t see how this would work as it relies upon every single device on the network supporting a particular authentication mechanism.
Wdym? That’s not a thing, you can have some devices on LDAP some with local logins and some with OIDC or any other combination. Authentication is generally an application layer thing and switches operate at layer 2 maybe 3 if it’s doing some routing. As long as your network has a functioning DHCP server the web UI of the switch will be able to communicate with the LDAP server that you configure it to
Do you have time to build something partially from scratch? I could see repurposing an old laptop, disassemble it and make the screen face outwards with the board affixed to the back of the screen lid.
Might take some creative routing with the internal display cable, but I’ve taken apart tons of laptops where this would be doable, especially after you’ve discarded the plastic chassis
Though you’ll still need a frame of some kind, unless you like the “raw-tech” look
I would do option A, but instead of just not using the free internet, I would use it for everything else not needing server services. So like streaming or general browsing.
Just leaving the Google fiber as a dedicated pipe for all my self hosted services
You can do this kind of split with pfSense easily
I do, for a multitude of reasons
In addition to what others have said with roaming profiles and such:
DO NOT SET YOUR AD DOMAIN AS THE SAME DOMAIN OF A WEB ADDRESS YOU USE
I…er…someone… Found themselves in this situation and have been in a mess since lmao
If the switch supports it, you login with local credentials first, navigate to its config page and configure LDAP under there. You’ll tell it the IP address of the LDAP server as well as give it its client side configuration. You give it a bind account credentials (a dedicated service account with as minimal permissions as needed) that it uses to lookup the users on the server as well as Organization Unit paths and such
When a user goes to login the switch will query the provided credentials against the LDAP server, if it’s valid the LDAP server will respond with a success and the switch will log the user in
Generally there is always a local account fallback in the event that the LDAP server is unavailable for whatever reason