Hi,
I have to install a small network in a school in a nearby village. The network will be Linux-only, one server and fifteen desktops. Here's the idea.
1) Authentication should be managed centrally on the server.
2) User home directories should also be on the server.
3) Users should all have disk quotas, something like 1 GB per user.
4) Some shared directories should be read/write for a defined group of users (teachers) and read-only for others.
So far, I've only dealt with local authentication. I have a little practice in basic setups of Samba and NFS and managed to get these to work OK. On the other hand, I've never worked with NIS, LDAP or the likes.
My question is more general, and I don't want to go into technical details. According to the KISS principle, which solution would you recommend (or explicitly *not* recommend)? A mix of LDAP and Samba? Or NIS and NFS? And what's this thing called Directory Server, which vaguely sounds like it's the right way to go?
Any suggestions?
Cheers from the hot South of France,
Niki
On Sat, Jul 10, 2010 at 11:59 AM, Niki Kovacs contact@kikinovak.net wrote:
Hi,
I have to install a small network in a school in a nearby village. The network will be Linux-only, one server and fifteen desktops. Here's the idea.
- Authentication should be managed centrally on the server.
- User home directories should also be on the server.
- Users should all have disk quotas, something like 1 GB per user.
- Some shared directories should be read/write for a defined group of
users (teachers) and read-only for others.
We have a similar setup with OpenLDAP and NFS. Works OK, except all directories defined are home to the users, and only their owner can read them. Adding users or changing passwords is an admin-only hassle, because we have never found a user management tool for LDAP which was convincingly able to be given away to teachers.
-- Eduardo Grosclaude Universidad Nacional del Comahue Neuquen, Argentina
On Jul 10, 2010, at 10:59 AM, Niki Kovacs contact@kikinovak.net wrote:
Hi,
I have to install a small network in a school in a nearby village. The network will be Linux-only, one server and fifteen desktops. Here's the idea.
- Authentication should be managed centrally on the server.
Use some type of directory service (LDAP/NIS) coupled with an authentication service like Kerberos.
Basically keep passwords out of the directory and you need to have a Kerberos ticket to access the directory.
- User home directories should also be on the server.
Not a problem, you can share these out via NFS and/or Samba.
- Users should all have disk quotas, something like 1 GB per user.
Also not a problem to setup quotas and use rquotad to remotely query these from NFS clients. Samba has builtin support for quotas.
- Some shared directories should be read/write for a defined group of
users (teachers) and read-only for others.
Standard posix perms can take care of that, for finer grained perms you can use ACLs.
So far, I've only dealt with local authentication. I have a little practice in basic setups of Samba and NFS and managed to get these to work OK. On the other hand, I've never worked with NIS, LDAP or the likes.
NIS is easier then LDAP and might be a good quick-n-dirty way to get going initially. Just use a separate authentication service like Kerberos and keep passwords out of the directory service.
My question is more general, and I don't want to go into technical details. According to the KISS principle, which solution would you recommend (or explicitly *not* recommend)? A mix of LDAP and Samba? Or NIS and NFS? And what's this thing called Directory Server, which vaguely sounds like it's the right way to go?
You can really mash all these technologies up.
If all clients are Linux then start with NFS/NIS/Kerberos then as things grow you can look to move to LDAP.
The "Directory Server" is a turn-key package for implementing LDAP plus Kerberos with a pre-established LDAP schema and tools to manage it.
Definitely worth taking a look at. Personally I don't have experience with it so can't recommend or not recommend it.
You COULD also have a Windows Active Directory server to provide LDAP and Kerberos services to your Linux environment. They definitely have nice management tools. MS for not-for-profit is dirt cheap. Run it as a VMware/VirtualBox/KVM/Xen VM. Hell, run the whole server as an ESXi host and have multiple VMs for redundancy/load spreading.
-Ross
At Sat, 10 Jul 2010 16:59:44 +0200 CentOS mailing list centos@centos.org wrote:
Hi,
I have to install a small network in a school in a nearby village. The network will be Linux-only, one server and fifteen desktops. Here's the idea.
- Authentication should be managed centrally on the server.
LDAP (install openldap-servers on the server, install openldap-clients on the clients).
- User home directories should also be on the server.
NFS (everything you need is installed by default)
- Users should all have disk quotas, something like 1 GB per user.
ext2/ext3 (everything you need is installed by default)
- Some shared directories should be read/write for a defined group of
users (teachers) and read-only for others.
Standard UNIX uid/gid, served by LDAP, and handled by NFS.
So far, I've only dealt with local authentication. I have a little practice in basic setups of Samba and NFS and managed to get these to work OK. On the other hand, I've never worked with NIS, LDAP or the likes.
LDAP is pretty straightforward. There is a quite good article about setting up LDAP (OpenLDAP) and migrating from file-based authentication on the RedHat RHEL documentation site (this applys equally well to CentOS).
My question is more general, and I don't want to go into technical details. According to the KISS principle, which solution would you recommend (or explicitly *not* recommend)? A mix of LDAP and Samba? Or NIS and NFS? And what's this thing called Directory Server, which vaguely sounds like it's the right way to go?
LDAP and NFS. Samba really only makes sense if you are serving MS-Windows and/or Macs. Samba would be combersome in a pure-Linux environment. NFS would propagate standard UNIX permissions transparently. You could also use automount to reduce 'clutter' (only mount what is needfull on an as-needed basis).
Visit:
http://www.deepsoft.com/2009/08/setting-up-thin-clients-at-the-wendell-free-...
For an article on how I set things up at our local Library. While this article mostly covers a server serving a bunch of *diskless* workstations, many of the basic ideas also apply to a situation with workstations with local disks.
Any suggestions?
Cheers from the hot South of France,
Niki _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Niki Kovacs wrote:
Hi,
I have to install a small network in a school in a nearby village. The network will be Linux-only, one server and fifteen desktops. Here's the idea.
Authentication should be managed centrally on the server.
User home directories should also be on the server.
Users should all have disk quotas, something like 1 GB per user.
Some shared directories should be read/write for a defined group of
users (teachers) and read-only for others.
So far, I've only dealt with local authentication. I have a little practice in basic setups of Samba and NFS and managed to get these to work OK. On the other hand, I've never worked with NIS, LDAP or the likes.
My question is more general, and I don't want to go into technical details. According to the KISS principle, which solution would you recommend (or explicitly *not* recommend)? A mix of LDAP and Samba? Or NIS and NFS? And what's this thing called Directory Server, which vaguely sounds like it's the right way to go?
Any suggestions?
You might want to look at ClearOS before tackling this yourself. It is CentOS-based but comes up with a slick web based administration program and uses LDAP for authentication out of the box. It uses openldap and I think it is integrated with samba so you could use windows clients if you wanted. On something of that scale I don't think you'd have to worry about the performance or replication differences in openldap or directory server - the administrative tools you use will be more important.
Greetings,
On 7/10/10, Niki Kovacs contact@kikinovak.net wrote:
Hi,
I have to install a small network in a school in a nearby village. The network will be Linux-only, one server and fifteen desktops. Here's the idea.
KISS Princple: ext3 with ACL enabled (better xfs/zfs -- in centos if available) with a script for adding users wrapping the newusers.And oh, gulsterefs or whatever if you want to throw in hpc.. y'know R and renderers just love hpc and children would love their animation coming up so fast...
A million dollar Idea if all the nodes had hard disks.. [sigh.. this wrong way to promote business in this list...]
HTH
Regards,
Rajagopal
2010/7/10 Niki Kovacs contact@kikinovak.net:
Hi,
I have to install a small network in a school in a nearby village. The network will be Linux-only, one server and fifteen desktops. Here's the idea.
Authentication should be managed centrally on the server.
User home directories should also be on the server.
Users should all have disk quotas, something like 1 GB per user.
Some shared directories should be read/write for a defined group of
users (teachers) and read-only for others.
for a small setup like this, I would go with LTSP.
Alexander Georgiev wrote:
2010/7/10 Niki Kovacs contact@kikinovak.net:
Hi,
I have to install a small network in a school in a nearby village. The network will be Linux-only, one server and fifteen desktops. Here's the idea.
Authentication should be managed centrally on the server.
User home directories should also be on the server.
Users should all have disk quotas, something like 1 GB per user.
Some shared directories should be read/write for a defined group of
users (teachers) and read-only for others.
for a small setup like this, I would go with LTSP.
Hi Niki,
Have you had a look at the K12 systems available from different distro vendors? It is build specifically for schools.
http://www.google.co.nz/search?q=linux+K12&hl=en&safe=off&prmd=v...
http://www.k12opentech.org/implementation-study-2-indiana-desktop-linux
https://fedorahosted.org/k12linux/
Kind regards, Carel
010/7/12 Carel Lubbe carel.lubbe@gmail.com:
Hi Niki, Have you had a look at the K12 systems available from different distro vendors? It is build specifically for schools.
Indeed K12 should cover school specific requirements, and as far as I remember it was LTSP based.
On 7/10/2010 10:59 AM, Niki Kovacs wrote:
Hi,
I have to install a small network in a school in a nearby village. The network will be Linux-only, one server and fifteen desktops. Here's the idea.
Authentication should be managed centrally on the server.
User home directories should also be on the server.
Users should all have disk quotas, something like 1 GB per user.
Some shared directories should be read/write for a defined group of
users (teachers) and read-only for others.
So far, I've only dealt with local authentication. I have a little practice in basic setups of Samba and NFS and managed to get these to work OK. On the other hand, I've never worked with NIS, LDAP or the likes.
My question is more general, and I don't want to go into technical details. According to the KISS principle, which solution would you recommend (or explicitly *not* recommend)? A mix of LDAP and Samba? Or NIS and NFS? And what's this thing called Directory Server, which vaguely sounds like it's the right way to go?
Any suggestions?
Cheers from the hot South of France,
Niki _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
for simple solutions such as this i use a distro that is designed for this purpose. Three coe into my mind sme server e-box and clearos
of these i have found e-box to the the most reliable and easiest to use. Now i have not used them in a purely Linux environment but they should work well..:)
-
Alexander Georgiev -
Carel Lubbe -
Eduardo Grosclaude -
Les Mikesell -
Michael Klinosky -
Niki Kovacs -
Rajagopal Swaminathan -
Robert Heller -
Ross Walker -
William Warren