[K12OSN] OT - what's the easiest route to centralized authentication and home folders?
Chuck Kollars
ckollars9 at yahoo.com
Tue Jul 22 20:39:55 UTC 2008
> ... what's the best way to centralize logins and file serving for a
> mixed group of linux (ubuntu) and Windows XP (home) workstations ...
LDAP (& Samba) is the approach I'd recommend. I've handled logins from a mixture of Linux/Windows/Mac by implementing the list of authorized users in LDAP. My experience was that once I went to a mixed environment, none of the client software worked quite right out of the box and everything had to be tweaked a little. The LDAP database was the part that did _not_ change (except of course you may need to augment the schema a little:-).
I don't have enough experience with the various different LDAP setup tools to recommend one over another. My experience was that although it isn't strictly required, facility with Perl blew right by a multitude of what might otherwise have been significant problems.
The latest versions of Samba provide NFS-like semantics, and can be usefully mounted by Linux as well as Windows (and Macs). And supposedly in both cases file permissions can be manipulated on each client in the native way for that client.
One thing to _not_ do is mix Samba with real NFS, so some clients mount one but that service in turn just mounts the other. The various locking mechanisms are not entirely compatible, so file corruption will be inevitable (especially with some M$ apps). Either do all Samba or all NFS - don't mix them in an attempt to serve mixed clients. It's neither workable nor necessary (if you plan ahead).
> ... This needs to serve about 50 students - 10 staff and volunteers
> 17 workstations mixed Ubuntu / Windows (for now) - possibly all on
> at the same time. ...
I have about 1200 entries in my LDAP database. The response is almost instantaneous, the load on the system is very light, and LDAP weenies consider my database "small" as it's many orders of magnitude smaller than OpenLDAP capabilities. (In fact I had to "tune" it for performance because the default cache size was _too_large_.)
LDAP does run a whole lot faster with plenty of RAM though. Instead of looking for something like a faster CPU, look for more memory. And don't rely too heavily on swapping.
> ... Is this overkill for 50 students? ...
My opinion is "no". The advantages of all applications and uses referencing a single master list of users are HUGE. You'll never have a problem with some obscure application because you forgot to update one of many databases. You'll never have out-of-sync problems. And users will never have multiple passwords.
thanks!
-Chuck Kollars
More information about the K12OSN
mailing list