[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] roaming profiles in Linux



On Thu, 20 Jun 2002, Joseph Morelock wrote:

> 
> To expand upon David's question...
> 
> My school is spread across several buildings, and to reduce the
> amount of traffic across the network, I will be setting up K12LTSP
> servers in several locations. Heavy-use computer labs will have their
> own (or two), and there will be other servers for teachers and for
> support staff. So, the "profiles" would need to be on a different
> (central) server. Also, to complicate things a little further, I would
> like toput all student documents on a different server altogether so I can
> easily back up that server and so they can be reached by all servers
> and by all different types of workstations (Macs, Win9x, Linux). Has
> anyone done this? I know that LDAP is one option, but I am hoping
> that there is a "secret" How-To that someone can point me to.


"secret HOW-TO"
===============

You are basically setting up and ISP without the dialups --
NIS, and Radius, and even ldap each hold parts -- but it may
be quickest to use this schema:

1.  Cron a rsync process (say every 2 minutes) with a common
/etc/passwd /etc/groups, /etc/shadow, and /etc/gshadow all
around, taking great care to retain generationed backups -- do
all (ALL) ***ALL*** adds, changes, locks, and unlocks
centrally on one master server which only admins may access

2.  Track login/logouts with logger and syslog -r centrally;  
set a redundant magic formatted email backup with the same 
logging information, and id/parse with procmail, firing off 
control scripts talking to logger centrally.  This handles 
intermittent links

3.  Based on log ins/log outs, rsync the /home/userid tree 
around when you see the user LEAVE a site, and lock their 
password so they may NOT log in elsewhere until the update 
base been propigated around;  unlock the password when it is 
'safe; again

4.  Maintain a login/logout site/user state table to spot and 
discard stale entries;  Add a status message level layer for 
redundance.

Rough cut estimated time for working draft is 16 to 32 clock
hours.  Let us know if you implement and GPL.

-- Russ Herrold
-- 
end
==================================
 .-- -... ---.. ... -.- -.--
Copyright (C) 2002 R P Herrold
      herrold owlriver com  NIC: RPH5 (US)
   My words are not deathless prose, 
      but they are mine.

       Owl River Company  
   "The World is Open to Linux (tm)"
   ... Open Source LINUX solutions ...
      info owlriver com 
         Columbus, OH





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]