[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[K12OSN] Pinch me...



I remember last year, that it was difficult for me to convince the
school to purchase a subscription to Linux Journal... and now...

In a recent unexpected turn of events at my school district, the school
board was overwhelmingly in favor of switching to open-source based
servers.  Amazingly enough, my presentation focused on the money saved,
and the businessmen and businesswomen on the board actually *understood*
linux.  At least enough to like the moneysaving aspect of it. :)

I turn to this group of open-source advocates for some help, as I have
done in the past.  I have been given a one-shot budget for servers,
networking equipment, and even man-hours (mine, I'm actually getting
paid this summer!!!) to implement an entirely new infrastructure.  The
catch is that my reputation, credibility, job, and likely
mortgage-paying-ability are at stake. :o)

I hope that a number of you are willing to answer some of my
implementation questions based on experiences (good and bad) that you've
had.  Keep in mind that only the servers are being changed, workstations
are still going to be a combination of mac, windows, and linux.

I plan to fully document the progress of our district into the foray of
open-source software.  If this year proves to be much smoother than
last, with less money being spent -- I can see even more adoption of
linux, both in lab and classroom settings.  It's a unique experience I
have this summer to completely start from scratch with servers, and not
have to "wedge" linux into an already existing system.

Ok, here's round (1) of my inquiries.  If I start to seem like I'm
overusing the "group" this summer, I apologize ahead of time.

1) Not a question, but a simple description of the hardware that will be
involved.  We have a handful of public IP addresses coming into the
district via a licensed wireless link from our ISD.  I will have a
computer with 2 or 3 NICs acting as the firewall/masquerading box.  This
will most likely run IPCOP.  Connected to that machine, in the DMZ will
be a XEON machine with mirrored-RAID IDE drives for web/internet
services.  Inside the private LAN, I will have 2 other servers.  One
will be a PIII with 9GB SCSI drive running squidgard/dansguardian.  The
other will be a PIII/PIV with RAID5 SCSI drives acting as the fileserver
for the district.  Ok, there's a simplistic picture of the hardware I
have to work with.

2) LDAP.  I can't think of a reason to *not* use LDAP for
authentication.  Everything seems to be able to authenticate via LDAP,
plus the addressbook side-effect you get, it would be silly for me NOT
to use it.  My question:  What has proven to be the best way for users
to change their password?  Usermin?  Does whatever method you fancy
allow for a hierarchy of "who can change what"  ?   It would be
wonderful if I could delegate a small group of users (teachers) that
could change passwords for students, but NOT change the passwords of the
principals...  Any help with the "in use" nuances of LDAP would be
appreciated.  This list has generated a great deal of info regarding
setting up a server, and I thank all involved for that. :)

3) home directory structure.  I know this has much to do with personal
preference, but I wonder if anyone has any pros/cons of different
structures.  My plan is to base it on graduation year, like:

/home/2004/user1
/home/2004/user2
/home/2005/user3
/home/2005/user4
/home/staff/user5
/home/staff/user6

I picture that this will give me an easy way to delete accounts at the
end of a year...  Just change the home directories for those students
that failed, and then with a simple bash script loop -- remove all the
users that graduated.  Does anyone have better ideas for this?

4) Chicken-and-Egg scenario.  I can't think of a perfect order for
setting up servers.  I plan to start with the LDAP server, because
everthing else I set up will need to have user authentication.  The LDAP
server will reside on the "web/internet services" machine mentioned in
question 1.  I should be able to set this up internally on a private IP,
and have the appropriate ports forwarded through the firewall to it. 
The only problem with setting this machine up first, is that I will
eventually want the /home directory mounted from the fileserver via
NFS.  Since that server doesnt' exist yet -- I'm hoping that when the
time comes, I can just empty the /home folder that will exist, and mount
the NFS box.  If I'm offbase in that thought, please slap me
accordingly.

5) I am replacing our current proprietary email/groupware server
(FirstClass) with linux based alternatives.  One feature I have been
unable to pin down is the ability to have multiple email connections to
a single box.  This seems like a silly need, but I can't stand it when
my computer at work disconnects my mutt session by polling for new
mail.  I check mail from many many computers in a day, and I play
"broken IMAP connection" tag all day...  I know the IMAP server isn't
tied directly into the MTA I use -- but a combination that works well
for you would be greatly appreciated.   (BTW, does anyone else have
problems with the "server disconnected" problem with their IMAP server
using multiple machines, or is it just me?)

6) Ok, last question for today. :o)  Since I'm replacing our groupware
server (see #5) -- I need an alternative.  Does anyone have a web based
system that has worked well in their educational situation?  Mind you,
it needs to authenticate from the same LDAP server.  Luckily, the
proprietary system is so poor in design, that I don't have very big
shoes to fill -- and phpBB may suffice if it LDAP authenticates.  I just
wanted to throw the question out there to see if anyone has the "killer
web app" for thier teachers to collaborate with.

THANK YOU all for even reading this far.  I'm very excited about this
summer, but want to make sure I make the best decisions possible.  Thank
you for any advice/experience you are willing to share.  Our district
has influence over a lot of schools (never really thought of myself as
influential, but alas linux geeks shine when the economy turns sour) and
I want to make sure we set a good example. :)

-Shawn

--
Shawn Powers
Inland Lakes Schools
Indian River, MI 49749
231-238-6868
http://techcorner.inland.k12.mi.us




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]