[CentOS] Simple solution for small network in a school ?
Ross Walker
rswwalker at gmail.com
Sat Jul 10 15:24:52 UTC 2010
On Jul 10, 2010, at 10:59 AM, Niki Kovacs <contact at kikinovak.net> wrote:
> Hi,
>
> I have to install a small network in a school in a nearby village. The
> network will be Linux-only, one server and fifteen desktops. Here's the
> idea.
>
> 1) Authentication should be managed centrally on the server.
Use some type of directory service (LDAP/NIS) coupled with an authentication service like Kerberos.
Basically keep passwords out of the directory and you need to have a Kerberos ticket to access the directory.
> 2) User home directories should also be on the server.
Not a problem, you can share these out via NFS and/or Samba.
> 3) Users should all have disk quotas, something like 1 GB per user.
Also not a problem to setup quotas and use rquotad to remotely query these from NFS clients. Samba has builtin support for quotas.
> 4) Some shared directories should be read/write for a defined group of
> users (teachers) and read-only for others.
Standard posix perms can take care of that, for finer grained perms you can use ACLs.
> So far, I've only dealt with local authentication. I have a little
> practice in basic setups of Samba and NFS and managed to get these to
> work OK. On the other hand, I've never worked with NIS, LDAP or the likes.
NIS is easier then LDAP and might be a good quick-n-dirty way to get going initially. Just use a separate authentication service like Kerberos and keep passwords out of the directory service.
> My question is more general, and I don't want to go into technical
> details. According to the KISS principle, which solution would you
> recommend (or explicitly *not* recommend)? A mix of LDAP and Samba? Or
> NIS and NFS? And what's this thing called Directory Server, which
> vaguely sounds like it's the right way to go?
You can really mash all these technologies up.
If all clients are Linux then start with NFS/NIS/Kerberos then as things grow you can look to move to LDAP.
The "Directory Server" is a turn-key package for implementing LDAP plus Kerberos with a pre-established LDAP schema and tools to manage it.
Definitely worth taking a look at. Personally I don't have experience with it so can't recommend or not recommend it.
You COULD also have a Windows Active Directory server to provide LDAP and Kerberos services to your Linux environment. They definitely have nice management tools. MS for not-for-profit is dirt cheap. Run it as a VMware/VirtualBox/KVM/Xen VM. Hell, run the whole server as an ESXi host and have multiple VMs for redundancy/load spreading.
-Ross
More information about the CentOS
mailing list