[olug] Linux Lab Setup

Phil Brutsche phil at brutsche.us
Mon Mar 8 06:37:59 UTC 2004 

A long time ago, in a galaxy far, far way, someone said...

> These are my requirements:
>
> 1) A centralized user id/password/enviornment etc. management system.

NIS/NIS+ is an old-school way of doing things, and is a must if you have
"legacy" systems that can't use other directory services for the user &
group lists.

If all the systems have the Name Service Switch functionality (Linux,
Solaris, and FreeBSD 5.2.1, for example), you can use just about anything
you can find libnss and PAM modules for.  LDAP is one of the more common
directory services; winbind from Samba is common to provide Windows ->
UNIX user mapping.  Modules exist for MySQL and PostgreSQL, but I don't
think they're used much as much as LDAP or winbind are.

If you have any Windows clients in there as well (and you're using
Active Directory), you can use Microsoft's freely available Services for
UNIX to make your Windows 2k/2k3 domain controller an NIS + NFS server.

> 2) The ability for a user's home directory to auto-mount at login.

Or just statically mount /home via NFS :)

If you seriously want to have the home directory mounted when the user
logs in, you should look into the automounter.

There is also the pam_mount PAM module that will do what you want.

Alternatively, if you don't like NFS for whatever reason and have Samba
3.0 on your file server you can use the CIFS UNIX extensions to do the
same job.  The client systems will need either 2.4.25 - previous kernels
don't have the smbfs updates, or any 2.6 kernel.

> 3) The ability for the user environment (printer etc) to follow user
> from login to login.

Well, considering most of these settings are saved in dot-files in their
home directory...

You will want to consider CUPS for your printing system.  It uses UDP
broadcasts on (I think) port 631 to make printers known to the clients.
It's a lot better than updating the configuration on multiple clients
whenever you add/remove a printer in the lab :)

> Is LDAP necessary for this, or would this be as simple as setting up a
> server with user home directories and an X server, with the X clients
> connecting remotely?

Basically what you need is either:

a) a thin client setup (Central X "server" with the "clients" connecting
to it)
b) A method of getting your user database from the server to the clients.
See point 1.

But to answer your question, LDAP is not strictly necessary, but is a very
commonly implemented directory service for what you want to do.

> Would just kiosk-type workstations with no logins and local restrictions
> be easier to setup and maintain?

It CAN be, but it depends on what you are trying to accomplish.
Kiosk-type setups are contradictory with point 3.

-- 

Phil Brutsche
phil at brutsche.us

More information about the OLUG mailing list