Linux / Unix Nerd Required (for Networking)

[snoopy]

I'm setting up a Linux based network for a school, it's got 20PC's and one server. It doesn't need Windows access.

My way of thinking is I NFS export the /home directory on the server to all clients. The workstations mount this directory under /home.

Is this the right way to do it so that users can logon the local machine under a username set on the server?

 

[barryt]

I'm setting up a Linux based network for a school, it's got 20PC's and one server. It doesn't need Windows access.

My way of thinking is I NFS export the /home directory on the server to all clients. The workstations mount this directory under /home.

Is this the right way to do it so that users can logon the local machine under a username set on the server?

You using SAMBA? If not it gives you interoperability between Windows and LINUX including logon and even better - its free!

Lots of stuff online about it and relatively easy to use

 

[snoopy]

No I was hoping to do with out as I don't require Windows interoperability.

Andrew

 

[askew piste]

Do you require access rights to be setup, are you just simply trying to keep the user space on the server?

What are you trying to achieve?

 

[barryt]

I'm setting up a Linux based network for a school, it's got 20PC's and one server. It doesn't need Windows access.

My way of thinking is I NFS export the /home directory on the server to all clients. The workstations mount this directory under /home.

Is this the right way to do it so that users can logon the local machine under a username set on the server?

I'm guessing this isn't a serious question?? Your website sort of implies that you are a professional consultancy with expertise in LINUX and MS ... and you're asking for advice on networking on a bike website??

 

[askew piste]

Just because its a bike site doesn't mean that no-one can help, even i have to ask others questions now and again, its all part of learning.

 

[askew piste]

But then again, looking at his website? Whats going on here?

 

[ianf]

It's a bit of a step up from webmonkey to sysadmin. You'll need to do three things at a minimum.

1. Setup Ldap so your users can actually authenticate on the network.
http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/s1-ldap-pam.html

2. Setup automounting so you can load their home dirs. You could use NFS, but in (for example RHES 5.0) there's the aforementioned samba too.

3. Setup all the ACLs so that none of the students can 'hack'(loosely) the other students dirs, or anything on the server.
http://www.redhat.com/docs/manuals/enterprise/RHEL-5-manual/Deployment_Guide-en-US/ch-acls.html

This all needs very careful planning, and is not a five minute job.


Or go get some Macs....

 

[snoopy]

My forte has always been single web servers (on Linux) or Windows networking. I've networked in Linux but not the server-workstation environment with user logons.

IanF, that's exactly the information I require. Cheers.

 

[unhinged]

Make sure you use root squash with NFS. Add passwords to the BIOS, disable all but the hard drive for booting. Without these measures, if they've got physical access to the machines and they've got CD or USB ports accessible, gaining root on that one box is trivial and then it's just a short step to root on the server. Might be teaching you to suck eggs.

 

[snoopy]

Yup . As usual it's difficult to do stuff in linux without the magic names; ldap and acl are the two I needed to know about.

Should be a fun day ...

 

[ianf]

No problem. I've done this exactly once with 2 machines as part of a RHCT exam/training class, so can't be any more specific.

There are likely a few other things you need to do to screw down security tightly, they're in the next exam I need.

Bear in mind, and we've had posts about it on here, that the little bastards are likely savvy enough to get past any simple security hoops.

 

[askew piste]

See there is a wealth of knowledge on this forum! Hope you get it sorted.

 

[unhinged]

No problem. I've done this exactly once with 2 machines as part of a RHCT exam/training class, so can't be any more specific.

I'm hoping that administration of LDAP on Red Hat is a lot simpler than it is with Debian because it was a right pain in the arse. Are there tools for adding users right out of the box for example?

 

[snoopy]

I'm a slackware geek, so everything is a pain in the arse!

 

[ianf]

Do it with a commercial grade linux, then you'll be more marketable down the line. Good unix staff are hard to come by.

 

[snoopy]

I've gone for YP instead which seems to be easiest. Well, Samba has a nice KDE interface but might be overkill. I have a bigger problem though...

The network has a Win DHCP server that I want to ignore (the system is dual booting). I've set up the Linux box DHCPD but the clients are going to the win box first.

I want to serve I.P's of a different range on the Linux box. Is there a way of forcing the client computer to go to the Linux box for an address?

 

[unhinged]

You could exclude the MAC addresses of the Linux machines from the Windows DHCP configuration (can you do this under windows?) so that only the Linux DHCP server responds to them but you'll have to do the same for the Linux box otherwise any windows box that's using DHCP might end up on the same network.