[K12OSN] re: smbldap-installer: multiple /home folders possible? (David Whitmer) (Matt Oquist)

Matt Oquist moquist at majen.net
Thu Aug 10 05:54:11 UTC 2006


> Date: Wed, 9 Aug 2006 13:53:39 -0400
> From: Matt Oquist <moquist at majen.net>
> Subject: [K12OSN] smbldap-installer: multiple /home folders possible?
> 	(David	Whitmer)

Oops - the below solution won't get Winders(TM) clients to map the
user home folders from the correct machine; everything in the WAN will
be using the PDC.

I *think* this problem goes away if you create each site's users while
you're on the slave LDAP server (PDC) at that site, but I'm not 100%
confident.

David - this means that you really would want to set up a slave LDAP
server (BDC) if you want Winders(TM) clients to access home folders
stored on server B directly.

--matt

> > Date: Wed, 9 Aug 2006 08:43:13 -0700 (PDT)
> > From: David Whitmer <dwblue02 at yahoo.com>
> > Subject: [K12OSN] smbldap-installer: multiple /home folders possible?
> 
> > If I understand correctly, a primary benefit of this script is that it will automagically configure an Ubuntu or K12LTSP/FC server to be an authentication server for thin clients, standalone Linux computers, and also Windows (such as 2000 or XP Pro).
> > Is my understanding correct so far?
> 
> Yes. It tries to automate more-or-less what's described in ch. 6 of
> "Samba 3 By Example", which is recommended reading.
> 
> > Whether I go with Ubuntu or K12LTSP (for familiarity) on server C,
> > I'm planning on having this server be the smbldap server to
> > authenticate everyone.  However, I'd like to have students' and
> > teachers' Home folders stored on servers A & B (respectively).
> > Is this possible?  If it is, is it relatively "easy" to setup?
> 
> Yes, it is relatively easy given how difficult it would be otherwise.
> 
> I described this at NELS UNH, and we were having network problems so
> I don't remember if we actually got to see it working. (I think we
> did.)
> 
> This same sort of scheme would work for having a district-wide WAN
> where every user can access her home directory from every site.
> 
> In short, what you do is create an LDAP server for each site and
> create subdirectories under /home for each LDAP server and then create
> a mesh of NFS mounts of each site to every other throughout your WAN.
> 
> If you have a large WAN you may wish to have a master LDAP server
> (PDC) that nobody at all logs into directly, and a slave LDAP server
> (BDC) for each site. Otherwise, you may wish to have a master LDAP
> server at your largest site and a slave LDAP server (BDC) at each
> smaller site. See the smbldap-installer doc site for, um, very
> slightly more info about PDC/BDC configuration (which is new and still
> needs documentation such as this).
> 
> I'm going to assume you have three sites in the following example,
> siteA, siteB, and siteC, with LDAP servers named serverA, serverB, and
> serverC. serverA is a master LDAP server (PDC), and serverB and
> serverC are slave LDAP servers (BDCs) to serverA. You'll want to do
> something like this on each of serverA, serverB, and serverC:
> 
> serverA $ mkdir /home/{siteA,siteB,siteC}
> ...
> serverB $ mkdir /home/{siteA,siteB,siteC}
> ...
> serverC $ mkdir /home/{siteA,siteB,siteC}
> 
> serverA /etc/exports:
>   /home/siteA   <network>(rw,sync)
> serverA /etc/fstab entries:
>   serverB:/home/siteB   /home/siteB     nfs     defaults 0       0
>   serverC:/home/siteC   /home/siteC     nfs     defaults 0       0
> 
> serverB /etc/exports:
>   /home/siteB   <serverA/255.255.255.255>(rw,no_root_squash,sync)
>   /home/siteB   <network>(rw,sync)
> serverB /etc/fstab entries:
>   serverA:/home/siteA   /home/siteA     nfs     defaults 0       0
>   serverC:/home/siteC   /home/siteC     nfs     defaults 0       0
> 
> serverC /etc/exports:
>   /home/siteC   <serverA/255.255.255.255>(rw,no_root_squash,sync)
>   /home/siteC   <network>(rw,sync)
> serverC /etc/fstab entries:
>   serverA:/home/siteA   /home/siteA     nfs     defaults 0       0
>   serverB:/home/siteB   /home/siteB     nfs     defaults 0       0
> 
> Then, when you create your users on serverA (assuming you use the
> smbldap-useradd-bulk script included with the smbldap-installer), be
> sure you divide them according to their sites and specify the
> appropriate home directories. Assuming you create files called
> userinfo.start.siteA, userinfo.start.siteB, and userinfo.start.siteC,
> you could run commands such as the following:
> 
> serverA /root/smbldap-installer $ cp userinfo.start.siteA userinfo.start
> serverA /root/smbldap-installer $ ./smbldap users
> ...
> What home directory do you want these users to have by default?
>   (Your answer must contain "USERNAME".)  [/home/USERNAME] /home/siteA/USERNAME
> ...
> serverA /root/smbldap-installer $ cp userinfo.start.siteB userinfo.start
> serverA /root/smbldap-installer $ ./smbldap users
> ...
> What home directory do you want these users to have by default?
>   (Your answer must contain "USERNAME".)  [/home/USERNAME] /home/siteB/USERNAME
> ...
> serverA /root/smbldap-installer $ cp userinfo.start.siteC userinfo.start
> serverA /root/smbldap-installer $ ./smbldap users
> ...
> What home directory do you want these users to have by default?
>   (Your answer must contain "USERNAME".)  [/home/USERNAME] /home/siteC/USERNAME
> ...
> serverA /root/smbldap-installer $
> 
> In your case, David, things are much simpler. :) Don't worry about
> master/slaave LDAP servers, just do the NFS exports and /etc/fstab
> entries for servers A and B (/home/teachers and /home/students), and
> *then* run './smbldap users' each for teachers and students
> respectively (assuming you've already created userinfo.start.teachers
> and userinfo.start.students).
> 
> Make sure serverB exports /home/teachers directly to serverA with the
> no_root_squash option, or serverA won't be able to create the
> teachers' home directories when you run './smbldap users'. Make sure
> serverB doesn't export /home/teachers to anything *more* than serverA
> with the no_root_squash option, or anybody can plug her laptop into
> your network and have root access to the teachers' home directories.
> (Yikes!)
> 
> I hope this helps and is clearer than mud. If anybody wants to write
> it up in the smbldap-installer documentation wiki (linked from
> http://majen.net/smbldap/) that would be great! :)
> 
> --matt
> 
> --
> Open Source Software Engineering Consultant
> http://majen.net/
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 189 bytes
> Desc: Digital signature
> Url : https://www.redhat.com/archives/k12osn/attachments/20060809/16d1db02/attachment.bin
> 
--
Open Source Software Engineering Consultant
http://majen.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/k12osn/attachments/20060810/57c6fdef/attachment.sig>


More information about the K12OSN mailing list