[K12OSN] re: smbldap-installer: multiple /home folders possible? (David Whitmer) (Matt Oquist)
Matt Oquist
moquist at majen.net
Thu Aug 10 05:54:11 UTC 2006
> Date: Wed, 9 Aug 2006 13:53:39 -0400
> From: Matt Oquist <moquist at majen.net>
> Subject: [K12OSN] smbldap-installer: multiple /home folders possible?
> (David Whitmer)
Oops - the below solution won't get Winders(TM) clients to map the
user home folders from the correct machine; everything in the WAN will
be using the PDC.
I *think* this problem goes away if you create each site's users while
you're on the slave LDAP server (PDC) at that site, but I'm not 100%
confident.
David - this means that you really would want to set up a slave LDAP
server (BDC) if you want Winders(TM) clients to access home folders
stored on server B directly.
--matt
> > Date: Wed, 9 Aug 2006 08:43:13 -0700 (PDT)
> > From: David Whitmer <dwblue02 at yahoo.com>
> > Subject: [K12OSN] smbldap-installer: multiple /home folders possible?
>
> > If I understand correctly, a primary benefit of this script is that it will automagically configure an Ubuntu or K12LTSP/FC server to be an authentication server for thin clients, standalone Linux computers, and also Windows (such as 2000 or XP Pro).
> > Is my understanding correct so far?
>
> Yes. It tries to automate more-or-less what's described in ch. 6 of
> "Samba 3 By Example", which is recommended reading.
>
> > Whether I go with Ubuntu or K12LTSP (for familiarity) on server C,
> > I'm planning on having this server be the smbldap server to
> > authenticate everyone. However, I'd like to have students' and
> > teachers' Home folders stored on servers A & B (respectively).
> > Is this possible? If it is, is it relatively "easy" to setup?
>
> Yes, it is relatively easy given how difficult it would be otherwise.
>
> I described this at NELS UNH, and we were having network problems so
> I don't remember if we actually got to see it working. (I think we
> did.)
>
> This same sort of scheme would work for having a district-wide WAN
> where every user can access her home directory from every site.
>
> In short, what you do is create an LDAP server for each site and
> create subdirectories under /home for each LDAP server and then create
> a mesh of NFS mounts of each site to every other throughout your WAN.
>
> If you have a large WAN you may wish to have a master LDAP server
> (PDC) that nobody at all logs into directly, and a slave LDAP server
> (BDC) for each site. Otherwise, you may wish to have a master LDAP
> server at your largest site and a slave LDAP server (BDC) at each
> smaller site. See the smbldap-installer doc site for, um, very
> slightly more info about PDC/BDC configuration (which is new and still
> needs documentation such as this).
>
> I'm going to assume you have three sites in the following example,
> siteA, siteB, and siteC, with LDAP servers named serverA, serverB, and
> serverC. serverA is a master LDAP server (PDC), and serverB and
> serverC are slave LDAP servers (BDCs) to serverA. You'll want to do
> something like this on each of serverA, serverB, and serverC:
>
> serverA $ mkdir /home/{siteA,siteB,siteC}
> ...
> serverB $ mkdir /home/{siteA,siteB,siteC}
> ...
> serverC $ mkdir /home/{siteA,siteB,siteC}
>
> serverA /etc/exports:
> /home/siteA <network>(rw,sync)
> serverA /etc/fstab entries:
> serverB:/home/siteB /home/siteB nfs defaults 0 0
> serverC:/home/siteC /home/siteC nfs defaults 0 0
>
> serverB /etc/exports:
> /home/siteB <serverA/255.255.255.255>(rw,no_root_squash,sync)
> /home/siteB <network>(rw,sync)
> serverB /etc/fstab entries:
> serverA:/home/siteA /home/siteA nfs defaults 0 0
> serverC:/home/siteC /home/siteC nfs defaults 0 0
>
> serverC /etc/exports:
> /home/siteC <serverA/255.255.255.255>(rw,no_root_squash,sync)
> /home/siteC <network>(rw,sync)
> serverC /etc/fstab entries:
> serverA:/home/siteA /home/siteA nfs defaults 0 0
> serverB:/home/siteB /home/siteB nfs defaults 0 0
>
> Then, when you create your users on serverA (assuming you use the
> smbldap-useradd-bulk script included with the smbldap-installer), be
> sure you divide them according to their sites and specify the
> appropriate home directories. Assuming you create files called
> userinfo.start.siteA, userinfo.start.siteB, and userinfo.start.siteC,
> you could run commands such as the following:
>
> serverA /root/smbldap-installer $ cp userinfo.start.siteA userinfo.start
> serverA /root/smbldap-installer $ ./smbldap users
> ...
> What home directory do you want these users to have by default?
> (Your answer must contain "USERNAME".) [/home/USERNAME] /home/siteA/USERNAME
> ...
> serverA /root/smbldap-installer $ cp userinfo.start.siteB userinfo.start
> serverA /root/smbldap-installer $ ./smbldap users
> ...
> What home directory do you want these users to have by default?
> (Your answer must contain "USERNAME".) [/home/USERNAME] /home/siteB/USERNAME
> ...
> serverA /root/smbldap-installer $ cp userinfo.start.siteC userinfo.start
> serverA /root/smbldap-installer $ ./smbldap users
> ...
> What home directory do you want these users to have by default?
> (Your answer must contain "USERNAME".) [/home/USERNAME] /home/siteC/USERNAME
> ...
> serverA /root/smbldap-installer $
>
> In your case, David, things are much simpler. :) Don't worry about
> master/slaave LDAP servers, just do the NFS exports and /etc/fstab
> entries for servers A and B (/home/teachers and /home/students), and
> *then* run './smbldap users' each for teachers and students
> respectively (assuming you've already created userinfo.start.teachers
> and userinfo.start.students).
>
> Make sure serverB exports /home/teachers directly to serverA with the
> no_root_squash option, or serverA won't be able to create the
> teachers' home directories when you run './smbldap users'. Make sure
> serverB doesn't export /home/teachers to anything *more* than serverA
> with the no_root_squash option, or anybody can plug her laptop into
> your network and have root access to the teachers' home directories.
> (Yikes!)
>
> I hope this helps and is clearer than mud. If anybody wants to write
> it up in the smbldap-installer documentation wiki (linked from
> http://majen.net/smbldap/) that would be great! :)
>
> --matt
>
> --
> Open Source Software Engineering Consultant
> http://majen.net/
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: not available
> Type: application/pgp-signature
> Size: 189 bytes
> Desc: Digital signature
> Url : https://www.redhat.com/archives/k12osn/attachments/20060809/16d1db02/attachment.bin
>
--
Open Source Software Engineering Consultant
http://majen.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/k12osn/attachments/20060810/57c6fdef/attachment.sig>
More information about the K12OSN
mailing list