[K12OSN] need help scaling LTSP: setting up Winbind and LDAP
john
lists.john at gmail.com
Fri Apr 6 22:26:27 UTC 2007
Ok,
After some further research it looks do-able. I am looking at two
ways to standardize RID⇒UID/GID mapping either via IDMAP_RID or
IDMAP Storage in LDAP. Anyone else doing using either of these
approaches? How are other folks scaling?
Here's the documents I am working from right now:
http://thelazyadmin.com/files/Linux_Ad_Authentication_Using_Winbind.pdf
http://us4.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html#id339794
On 4/5/07, john <lists.john at gmail.com> wrote:
>
>
> Hi Steven thanks for your interest.
>
> On 4/5/07, Steven Santos <steven at simplycircus.com> wrote:
> >
> >
> > Lots of ways to go with this question. Lets start by gathering more info;
> >
> > Can you tell us more about the current computing enviornment on campus?
> > - How many, and of what type (mac, win, unix, other) are the computers you have?
>
> We run a mix of WinSP clients, Mac OSX clients, and ltsp based thin clients.
>
>
> >
> >
> > - Do you have a managed or unmanaged network? Can you do vLANS?
>
> I am not sure what you mean by a managed network, you'll have to enlighten me. We do have managed switches and routers. We do make extensive use of VLANS and in fact that's how I push the LTSP environment from building to building.
>
>
> >
> >
> > - Do you currently spread your servers out, or are they centralized?
>
> Our AD based infrastructure is centralized and our LTSP based servers are local to each school.
>
>
> >
> >
> > Can you tell us more about where your planning to go?
> > - Do you plan a mass migration to an all or mostly linux enviornment?
>
>
>
>
> We're looking toward a time when Linux based thin clients are in the majority for students, with the only remaining Windows or OSX based clients handling special duties like heavy duty graphics rendering (Illustrator, Studio 4d, etc)
>
>
> >
> >
> > - Are you planning on having multi-media (Mac/Lin/Win fat clients?)
>
> The multimedia stuff will most likely be handled by dedicated fat clients.
>
> Thanks. I look forward to hearing your ideas.
>
> As I get farther into the SAMBA documentation it seems like I might be looking at at least two possible solutions:
>
> IDMAP_RID with Winbind
> IDMAP Storage in LDAP Using Winbind
>
> which I found explained by John H. Terpstra here: http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/idmapper.html
>
> Boy to I feel in over my head!
>
> John
>
>
>
> >
> >
> > ________________________________
> > Steven Santos
> > Director, Simply Circus, Inc.
> > Email: Steven at SimplyCircus.com
> > Mail: 14 Pierrepont Road
> > Newton, MA 02462
> > Phone: 617-527-0667
> > Web: www.SimplyCircus.com
> >
> >
> >
> > -----Original Message-----
> > From: k12osn-bounces at redhat.com [mailto:k12osn-bounces at redhat.com]On Behalf Of john
> > Sent: Thursday, April 05, 2007 5:20 PM
> > To: Support list for open source software in schools.
> > Subject: [K12OSN] need help scaling LTSP: setting up Winbind and LDAP
> >
> > Hi all,
> >
> > I really need advice on scaling our LTSP installation. I hope you'll bear with me as I ask this rather lengthy question. Your advice and comments will be invaluable to me!
> >
> > Here's some background:
> >
> > I've installed three LTSP test servers, at three different schools in our district. These schools are all located on a square mile campus and connected via a multi-mode fiber back-haul. Together the LTSP servers support 30 thin clients, which are available to the 1600 kids across our small school district. The response has been very positive. I've been given the go-ahead to scale the project up, replacing as many as 20or 30 additional aging fat clients per school.
> >
> > Our authentication is provided via Active Directory on Windows 2003 and currently we provide storage for students on a windows based file-server. My intention is to keep student account management on AD since we'll continue to support a certain segment of windows fat clients which need to authenticate to AD. Because we use group policies to manage our windows clients, it doesn't' seem feasible to create a new student domain on a linux box running samba.
> >
> > My goal is to move our students away from windows based file storage completely and to centralize the winbind.tdb so that it can handle linux to windows uid/gid mapping for all students in the district. I think these goals go hand in hand, since its my understanding that multiple linux file servers, require a single winbind database in order to keep the uid/gid mapping consistent.
> >
> > I am pretty sure that I want to do this by storing my winbind user/pass data on a central ldap server since I see that winbind/SAMBA can use a LDAP backend. I am trying to figure out where and how to start thinking about this. I am not even sure if this is incredibly complex or really straight-forward.
> >
> >
> > 1) Has anyone on this list done something similar
> >
> > 2) If so how successfully? Using what resources etc?
> >
> > 3) I DO need to migrate the current windows directory tree holding student work to a new linux file server. Perhaps it would be as easy as using xcopy or robocopy? But how would I automagically make my linux/samba users own the contents of their migrated directories?
> >
> > 4) I've seen http://wiki.ltsp.org/twiki/bin/view/Ltsp/LDAP
> > http://www.majen.net/smbldap/ and http://www.vcsvikings.org/docuwiki/cgi-bin/moin.cgi/
> > am I on the right track?
> >
> > Many thanks in advance. I await your replies with bated breath!
> >
> > John
> >
> >
> >
>
>
More information about the K12OSN
mailing list