[K12OSN] smbldap-installer: multiple /home folders possible? (David Whitmer)

Matt Oquist moquist at majen.net
Wed Aug 9 17:53:39 UTC 2006 

> Date: Wed, 9 Aug 2006 08:43:13 -0700 (PDT)
> From: David Whitmer <dwblue02 at yahoo.com>
> Subject: [K12OSN] smbldap-installer: multiple /home folders possible?

> If I understand correctly, a primary benefit of this script is that it will automagically configure an Ubuntu or K12LTSP/FC server to be an authentication server for thin clients, standalone Linux computers, and also Windows (such as 2000 or XP Pro).
> Is my understanding correct so far?

Yes. It tries to automate more-or-less what's described in ch. 6 of
"Samba 3 By Example", which is recommended reading.

> Whether I go with Ubuntu or K12LTSP (for familiarity) on server C,
> I'm planning on having this server be the smbldap server to
> authenticate everyone.  However, I'd like to have students' and
> teachers' Home folders stored on servers A & B (respectively).
> Is this possible?  If it is, is it relatively "easy" to setup?

Yes, it is relatively easy given how difficult it would be otherwise.

I described this at NELS UNH, and we were having network problems so
I don't remember if we actually got to see it working. (I think we
did.)

This same sort of scheme would work for having a district-wide WAN
where every user can access her home directory from every site.

In short, what you do is create an LDAP server for each site and
create subdirectories under /home for each LDAP server and then create
a mesh of NFS mounts of each site to every other throughout your WAN.

If you have a large WAN you may wish to have a master LDAP server
(PDC) that nobody at all logs into directly, and a slave LDAP server
(BDC) for each site. Otherwise, you may wish to have a master LDAP
server at your largest site and a slave LDAP server (BDC) at each
smaller site. See the smbldap-installer doc site for, um, very
slightly more info about PDC/BDC configuration (which is new and still
needs documentation such as this).

I'm going to assume you have three sites in the following example,
siteA, siteB, and siteC, with LDAP servers named serverA, serverB, and
serverC. serverA is a master LDAP server (PDC), and serverB and
serverC are slave LDAP servers (BDCs) to serverA. You'll want to do
something like this on each of serverA, serverB, and serverC:

serverA $ mkdir /home/{siteA,siteB,siteC}
...
serverB $ mkdir /home/{siteA,siteB,siteC}
...
serverC $ mkdir /home/{siteA,siteB,siteC}

serverA /etc/exports:
  /home/siteA   <network>(rw,sync)
serverA /etc/fstab entries:
  serverB:/home/siteB   /home/siteB     nfs     defaults 0       0
  serverC:/home/siteC   /home/siteC     nfs     defaults 0       0

serverB /etc/exports:
  /home/siteB   <serverA/255.255.255.255>(rw,no_root_squash,sync)
  /home/siteB   <network>(rw,sync)
serverB /etc/fstab entries:
  serverA:/home/siteA   /home/siteA     nfs     defaults 0       0
  serverC:/home/siteC   /home/siteC     nfs     defaults 0       0

serverC /etc/exports:
  /home/siteC   <serverA/255.255.255.255>(rw,no_root_squash,sync)
  /home/siteC   <network>(rw,sync)
serverC /etc/fstab entries:
  serverA:/home/siteA   /home/siteA     nfs     defaults 0       0
  serverB:/home/siteB   /home/siteB     nfs     defaults 0       0

Then, when you create your users on serverA (assuming you use the
smbldap-useradd-bulk script included with the smbldap-installer), be
sure you divide them according to their sites and specify the
appropriate home directories. Assuming you create files called
userinfo.start.siteA, userinfo.start.siteB, and userinfo.start.siteC,
you could run commands such as the following:

serverA /root/smbldap-installer $ cp userinfo.start.siteA userinfo.start
serverA /root/smbldap-installer $ ./smbldap users
...
What home directory do you want these users to have by default?
  (Your answer must contain "USERNAME".)  [/home/USERNAME] /home/siteA/USERNAME
...
serverA /root/smbldap-installer $ cp userinfo.start.siteB userinfo.start
serverA /root/smbldap-installer $ ./smbldap users
...
What home directory do you want these users to have by default?
  (Your answer must contain "USERNAME".)  [/home/USERNAME] /home/siteB/USERNAME
...
serverA /root/smbldap-installer $ cp userinfo.start.siteC userinfo.start
serverA /root/smbldap-installer $ ./smbldap users
...
What home directory do you want these users to have by default?
  (Your answer must contain "USERNAME".)  [/home/USERNAME] /home/siteC/USERNAME
...
serverA /root/smbldap-installer $

In your case, David, things are much simpler. :) Don't worry about
master/slaave LDAP servers, just do the NFS exports and /etc/fstab
entries for servers A and B (/home/teachers and /home/students), and
*then* run './smbldap users' each for teachers and students
respectively (assuming you've already created userinfo.start.teachers
and userinfo.start.students).

Make sure serverB exports /home/teachers directly to serverA with the
no_root_squash option, or serverA won't be able to create the
teachers' home directories when you run './smbldap users'. Make sure
serverB doesn't export /home/teachers to anything *more* than serverA
with the no_root_squash option, or anybody can plug her laptop into
your network and have root access to the teachers' home directories.
(Yikes!)

I hope this helps and is clearer than mud. If anybody wants to write
it up in the smbldap-installer documentation wiki (linked from
http://majen.net/smbldap/) that would be great! :)

--matt

--
Open Source Software Engineering Consultant
http://majen.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/k12osn/attachments/20060809/16d1db02/attachment.sig>

More information about the K12OSN mailing list