Enterprise-style lab for segmentation, identity architecture, Zero Trust access, observability, and automation.

• Cross-forest trust architecture between FreeIPA and Samba AD
• VLAN segmentation for WAN, infra, clients, IoT, management, and DMZ
• Zero Trust access layers with Keycloak SSO and policy-driven administrative boundaries

Attempting cross-forest identity federation between FreeIPA and Samba AD. Real progress made, real limitations hit at the Samba auth boundary. Windows Server is the next step.

• FreeIPA deployed as Kerberos + LDAP identity provider for Linux hosts
• Samba AD DC stood up with Windows domain join and GPO capability
• Ansible connector service built to pass identity attributes from IPA to AD
• Cross-forest trust initiated; auth limitations reached at the Samba boundary
• Next: Windows Server 180-day trial to validate full AD interop

Dedicated inter-VLAN policy engine between segments with planned VPN termination and IDS/DNS filtering.

• Moves trust boundaries off edge-only routing
• Designed to centralize East-West access controls

Secure remote Proxmox management via Cloudflare Tunnel (pve.heckit.dev) with Access MFA and Keycloak SSO.

• Per-app Access policy with identity challenge
• Keycloak integrated for SSO-centric access flows

Low-cost receiver for FAA Remote ID using SDR with real-time map and alerts.

• Decode RID beacons; parse and display telemetry
• Local alerting; optional privacy-respecting map