Re: [K12OSN] roaming profiles in Linux

R P Herrold (herrold@owlriver.com)
Thu, 20 Jun 2002 12:49:14 -0400 (EDT)

Messages sorted by: [ date ][ subject ][ author ]
Next message: Stephen Liu "RE: [K12OSN] Pros and Cons of diskless"
Previous message: James "RE: [K12OSN] RE: HDD imaging using Ghost or"

On Thu, 20 Jun 2002, Joseph Morelock wrote:

> 
> To expand upon David's question...
> 
> My school is spread across several buildings, and to reduce the
> amount of traffic across the network, I will be setting up K12LTSP
> servers in several locations. Heavy-use computer labs will have their
> own (or two), and there will be other servers for teachers and for
> support staff. So, the "profiles" would need to be on a different
> (central) server. Also, to complicate things a little further, I would
> like toput all student documents on a different server altogether so I can
> easily back up that server and so they can be reached by all servers
> and by all different types of workstations (Macs, Win9x, Linux). Has
> anyone done this? I know that LDAP is one option, but I am hoping
> that there is a "secret" How-To that someone can point me to.

"secret HOW-TO"
===============

You are basically setting up and ISP without the dialups --
NIS, and Radius, and even ldap each hold parts -- but it may
be quickest to use this schema:

1.  Cron a rsync process (say every 2 minutes) with a common
/etc/passwd /etc/groups, /etc/shadow, and /etc/gshadow all
around, taking great care to retain generationed backups -- do
all (ALL) ***ALL*** adds, changes, locks, and unlocks
centrally on one master server which only admins may access

2.  Track login/logouts with logger and syslog -r centrally;  
set a redundant magic formatted email backup with the same 
logging information, and id/parse with procmail, firing off 
control scripts talking to logger centrally.  This handles 
intermittent links

3.  Based on log ins/log outs, rsync the /home/userid tree 
around when you see the user LEAVE a site, and lock their 
password so they may NOT log in elsewhere until the update 
base been propigated around;  unlock the password when it is 
'safe; again

4.  Maintain a login/logout site/user state table to spot and 
discard stale entries;  Add a status message level layer for 
redundance.

Rough cut estimated time for working draft is 16 to 32 clock
hours.  Let us know if you implement and GPL.

-- Russ Herrold
-- 
end
==================================
 .-- -... ---.. ... -.- -.--
Copyright (C) 2002 R P Herrold
      herrold@owlriver.com  NIC: RPH5 (US)
   My words are not deathless prose, 
      but they are mine.

       Owl River Company  
   "The World is Open to Linux (tm)"
   ... Open Source LINUX solutions ...
      info@owlriver.com 
         Columbus, OH

_______________________________________________
K12OSN mailing list
K12OSN@redhat.com
https://listman.redhat.com/mailman/listinfo/k12osn
For more info see

Next message: Stephen Liu "RE: [K12OSN] Pros and Cons of diskless"
Previous message: James "RE: [K12OSN] RE: HDD imaging using Ghost or"