[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Pinch me...

A couple quick suggestions:


Read everything you can.  Lots of good articles out there (start googling!)
but it's also a lot to absorb.  I will be attempting my first
implementation myself here shortly.  (Why are you putting your LDAP server
in the DMZ?)

This looks very useful--

Good luck to you Shawn, it's a victory in itself to even get a shot like
this, here's hoping you win the battle!

James Jensen

--- Shawn Powers <spowers inland k12 mi us> wrote:
> I remember last year, that it was difficult for me to convince the
> school to purchase a subscription to Linux Journal... and now...
> In a recent unexpected turn of events at my school district, the school
> board was overwhelmingly in favor of switching to open-source based
> servers.  Amazingly enough, my presentation focused on the money saved,
> and the businessmen and businesswomen on the board actually *understood*
> linux.  At least enough to like the moneysaving aspect of it. :)
> I turn to this group of open-source advocates for some help, as I have
> done in the past.  I have been given a one-shot budget for servers,
> networking equipment, and even man-hours (mine, I'm actually getting
> paid this summer!!!) to implement an entirely new infrastructure.  The
> catch is that my reputation, credibility, job, and likely
> mortgage-paying-ability are at stake. :o)
> I hope that a number of you are willing to answer some of my
> implementation questions based on experiences (good and bad) that you've
> had.  Keep in mind that only the servers are being changed, workstations
> are still going to be a combination of mac, windows, and linux.
> I plan to fully document the progress of our district into the foray of
> open-source software.  If this year proves to be much smoother than
> last, with less money being spent -- I can see even more adoption of
> linux, both in lab and classroom settings.  It's a unique experience I
> have this summer to completely start from scratch with servers, and not
> have to "wedge" linux into an already existing system.
> Ok, here's round (1) of my inquiries.  If I start to seem like I'm
> overusing the "group" this summer, I apologize ahead of time.
> 1) Not a question, but a simple description of the hardware that will be
> involved.  We have a handful of public IP addresses coming into the
> district via a licensed wireless link from our ISD.  I will have a
> computer with 2 or 3 NICs acting as the firewall/masquerading box.  This
> will most likely run IPCOP.  Connected to that machine, in the DMZ will
> be a XEON machine with mirrored-RAID IDE drives for web/internet
> services.  Inside the private LAN, I will have 2 other servers.  One
> will be a PIII with 9GB SCSI drive running squidgard/dansguardian.  The
> other will be a PIII/PIV with RAID5 SCSI drives acting as the fileserver
> for the district.  Ok, there's a simplistic picture of the hardware I
> have to work with.
> 2) LDAP.  I can't think of a reason to *not* use LDAP for
> authentication.  Everything seems to be able to authenticate via LDAP,
> plus the addressbook side-effect you get, it would be silly for me NOT
> to use it.  My question:  What has proven to be the best way for users
> to change their password?  Usermin?  Does whatever method you fancy
> allow for a hierarchy of "who can change what"  ?   It would be
> wonderful if I could delegate a small group of users (teachers) that
> could change passwords for students, but NOT change the passwords of the
> principals...  Any help with the "in use" nuances of LDAP would be
> appreciated.  This list has generated a great deal of info regarding
> setting up a server, and I thank all involved for that. :)
> 3) home directory structure.  I know this has much to do with personal
> preference, but I wonder if anyone has any pros/cons of different
> structures.  My plan is to base it on graduation year, like:
> /home/2004/user1
> /home/2004/user2
> /home/2005/user3
> /home/2005/user4
> /home/staff/user5
> /home/staff/user6
> I picture that this will give me an easy way to delete accounts at the
> end of a year...  Just change the home directories for those students
> that failed, and then with a simple bash script loop -- remove all the
> users that graduated.  Does anyone have better ideas for this?
> 4) Chicken-and-Egg scenario.  I can't think of a perfect order for
> setting up servers.  I plan to start with the LDAP server, because
> everthing else I set up will need to have user authentication.  The LDAP
> server will reside on the "web/internet services" machine mentioned in
> question 1.  I should be able to set this up internally on a private IP,
> and have the appropriate ports forwarded through the firewall to it. 
> The only problem with setting this machine up first, is that I will
> eventually want the /home directory mounted from the fileserver via
> NFS.  Since that server doesnt' exist yet -- I'm hoping that when the
> time comes, I can just empty the /home folder that will exist, and mount
> the NFS box.  If I'm offbase in that thought, please slap me
> accordingly.
> 5) I am replacing our current proprietary email/groupware server
> (FirstClass) with linux based alternatives.  One feature I have been
> unable to pin down is the ability to have multiple email connections to
> a single box.  This seems like a silly need, but I can't stand it when
> my computer at work disconnects my mutt session by polling for new
> mail.  I check mail from many many computers in a day, and I play
> "broken IMAP connection" tag all day...  I know the IMAP server isn't
> tied directly into the MTA I use -- but a combination that works well
> for you would be greatly appreciated.   (BTW, does anyone else have
> problems with the "server disconnected" problem with their IMAP server
> using multiple machines, or is it just me?)
> 6) Ok, last question for today. :o)  Since I'm replacing our groupware
> server (see #5) -- I need an alternative.  Does anyone have a web based
> system that has worked well in their educational situation?  Mind you,
> it needs to authenticate from the same LDAP server.  Luckily, the
> proprietary system is so poor in design, that I don't have very big
> shoes to fill -- and phpBB may suffice if it LDAP authenticates.  I just
> wanted to throw the question out there to see if anyone has the "killer
> web app" for thier teachers to collaborate with.
> THANK YOU all for even reading this far.  I'm very excited about this
> summer, but want to make sure I make the best decisions possible.  Thank
> you for any advice/experience you are willing to share.  Our district
> has influence over a lot of schools (never really thought of myself as
> influential, but alas linux geeks shine when the economy turns sour) and
> I want to make sure we set a good example. :)
> -Shawn
> --
> Shawn Powers
> Inland Lakes Schools
> Indian River, MI 49749
> 231-238-6868
> http://techcorner.inland.k12.mi.us
> _______________________________________________
> K12OSN mailing list
> K12OSN redhat com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>

Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]