multi-server/single source authenticaton was Re: [K12OSN] Networking a new school for K12LTSP?

john lists.john at gmail.com
Tue Jan 30 22:40:29 UTC 2007


This has been an interesting thread. It makes me want to raise my own
question.

Is it possible to do multi-server/single source authenticaton using Active
Directory rather than LDAP? Right now, we're not able to drop active
directory for students, but will probably need to add servers as our LTSP
experiment moves forward. The sticking point has been the way winbind/samba
creates and maps unix passwords to windows passwords. Essentially each
installation of Linux that uses Active Directory for authenticaton ends up
with their own local user/pass db that makes centralized NFS homes
semi-impossible. Has anyone figured out how to scale Linux and AD?

John

On 1/26/07, Burke Almquist <balmquist at mindfirestudios.com> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> For installations that need 3 or more servers, I'd have one server
> with SCSI drives that has /home exported over NFS and centralized
> login and a different LTSP servers for each area. This makes backup
> easier (all the important data is on the one server) and it also
> allows you to put cheep disks on your LTSP servers. Put the expensive
> SCSI RAID all on the one server that does NFS and login(with
> redundant power supplies, UPS, etc). This lets you build relatively
> cheep LTSP servers using dual core CPUS with lots of RAM and cheep
> low capacity IDE drives. All the servers should use gigabit ethernet
> though. Two servers seems to be a bad number. I'd either try to keep
> it all on one server, or divorce your /home and LDAP server from your
> LTSP servers.
>
> On Jan 26, 2007, at 10:54 AM, Joseph Bishay wrote:
>
> > Hello,
> >
> > Thanks once again for all the insight! I'm going to be going back to
> > the building committee with much of this in mind.
> >
> > I'm hoping this isn't a very silly question, but I am a bit confused.
> >
> > I have a question about the MDF and the IDFs -- where all the network
> > cabling will be running back to.  Now I know from various setups I've
> > seen that often where all these cables terminate there is a rack with
> > the hardware that connects to the switches and the patch panel.  In
> > our case while we will have a patch panel where the various Cat6
> > cables will come in and terminate.  Assuming 4+ drops / room, we'll
> > have many, many terminations.  Now, due to the cost of rack-mounted
> > equipment, and what we can afford/is donated to us, it is nearly 99%
> > sure we won't have rack mounted units for the servers.  Is this not a
> > problem if they can't fit into that distribution centre (which seems
> > to be not much larger than a big closet)?  Is there a problem to have
> > the servers (full size towers) in another room in the building and
> > running cables to the distribution centre? Or will there be some sort
> > of bottleneck?
> >
> > My apologies if this is an obvious thing.
> >
> > The second question relates to the server setup. Currently we have 12
> > computers running on 1 server.  In the future building would it be
> > better to set up different k12ltsp servers serving up everything  (IE:
> > clones) spread around the building (IE: 1 for school, 1 for daycare, 1
> > for youth lounge) or would it be better to have 1 k12ltsp server for
> > the whole building, 1 for NFS mount /home, 1 application server for
> > the whole building,etc.
> >
> > Looking forward to your answer
> > Joseph
> >
> > _______________________________________________
> > K12OSN mailing list
> > K12OSN at redhat.com
> > https://www.redhat.com/mailman/listinfo/k12osn
> > For more info see <http://www.k12os.org>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (Darwin)
>
> iEYEARECAAYFAkW6TsEACgkQfqZR3ThMfXTfcwCfbhH4b08uZn4Kqg76kZwpHslG
> rgQAn1LWlw/IHQJL82aycNN3QmIauo41
> =7Wpd
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/k12osn/attachments/20070130/f04fa665/attachment.htm>


More information about the K12OSN mailing list