Link to home
Start Free TrialLog in
Avatar of kidoman
kidoman

asked on

Tick tick 500: NFS, LDAP and Linux.....

Hi all,

This is a tough one.... atleast I think it is.

See I am faced with a task of implementing a scalable solution for a college (univ rather) and because I am also a student at that univ my experience is --- i can say, lacking. i have understood the indivisual technologies but I am having difficulties marrying them together.

So here goes....


WE will be obtaining a central file server called (a.k.a NFS server) which will be the place where every one can store their files. This is primarily being done so that students will not face any trouble if they sit on different computers on different lab days (they can retrieve their work.) Also they will have the facility to take backups and all.


So that is one part. I also read abt LDAP authentication possibility in Linux. WE can authenticate users against (say, ldap.ex.edu) but how and why is that system to be used. Suppose a student walks up to a node (say A) and then successfully logs in using his unifies login/password (also used for email, web portal, forum, etc.) then what kind of things he has to do to get his files back from the NFS server. Isnt the local harddisk being totally wasted by this design??? I am not too clear abt this.

Our labs will be totally linux based so I need all the help I can get from the Linux gurus because I have bet that this can be transparently implemented in Linux.... Cant it???

Cheers,

Karan
Avatar of wesly_chen
wesly_chen
Flag of United States of America image

Hi,

> what kind of things he has to do to get his files back from the NFS server
Use automount, so every machine he login will mount his home dirctory which is on NFS server to the local machine
i.e. /home/<username>.

> LDAP authentication possibility in Linux
LDAP and NIS are similar in providing centralized information for mulitple Linux machines such as username, password,
group, home directory, hostname, IP address, etc. It's server-client base name service mechanism.
OpenLdap is packaged in most of Linux distrubutors such as RedHat, SuSE, Mandrake...
You might want to check the following URL for details and some understanding:
http://www.openldap.org/doc/admin22

> Isnt the local harddisk being totally wasted by this design
Local disk can be used for local applications (Lab), scratch space ( will be clean up periodically ), local data
which have better performance compared through NFS.

> can be transparently implemented in Linux
Yes, but it is not easy and takes time. Besides, you need to have certain degree of understanding first.

There are some more references:
http://ldapman.org/articles/intro_to_ldap.html
http://www.openldap.org/doc/admin22/quickstart.html

Regards,

Wesly
Avatar of kidoman
kidoman

ASKER

Can you show me a direct link to your proposed solution....

for example: how to configure Automount to do what you propose?

also, what kind of schema considreation has to made to configure slurpd and where do i get it.....?

because I was aware of most of what you said in ur last comment (i hope u remember me from the last question i asked regd kickstart). i want some detailed answer not simple pointers......

karan
Hi,

   I'm not sure what's your environment, all I can say is a sample.

Automount: One master file (auto.master) and several indirect automount map files (i.e. auto.home)
---auto.master--
/home   auto.home

-- auto.home ---
*   -rw  <NFS server 1>:/home/&
*   -rw  <NFS server 2>:/home/&
...
------------------   Make sure there is no the same username.
Where /home/<username> are the path of users' home directories on NFS server (shared out in /etc/exports).
Example of /etc/exports on NFS server (assume Linux box)
---
/home  *(rw,async)
------

So when user login to one LDAP client machine, in the LDAP server database, there is one entry under
"password" directory (similar to /etc/passwd or "passwd table" in NIS) like
----
cn=username
attributes:
   password= <string>
   home=/home/username
   uid= <number>
   gid= <number>
   stuid= <number>  <=== student id, customized for colloge ^_^
   department= <string>
   startyear=<number>
   fullname= <string>
....
---------
After username/password authenication, the user's atttribute "home" tell the local automountd to mount
/home/username on local Linux box.

In NIS, auto.master and auto.home are the tables. Same to LDAP, those can be the directories.
Ant the content of auto.master is the attribute in LDAP.
So far I haven't figure out how to make auto.master and auto.home into the LDAP directories.
So I use NIS to implement. But I'm sure there is a way to do it.

Regards,

Wesly
Avatar of kidoman

ASKER

Hi,

please filll in my example values:

I will hv a single NFS server (now atleast) and it will be nfs.ex.edu
LDAP server = ldap.ex.edu
DNS server (local) = dnscache.ex.edu

Also the /home directory on the nfs server will be like: /home/students/, /home/faculty, etc.

User homes will recide inside those main categories. How does automount know which directory to mount, i see no explicit connection being mentioned.

Please clarify.

Karan
Avatar of kidoman

ASKER

Hi,

I hv been reading so many manuals that I am totally confused  regd NFS. Basically cant anyone just mount the NFS exports and tamper with someone elses files.... what is stopping them. Forgive me I am a n00b in this NFS area. Also since user account info will be stored in the LDAP server and the home directories will exist at the NFS server:

- where do I carry out user creation, modification?
- how does a user modify his profile or password (i guess using a webinterface which will commit the changes to the LDAP server.)
- what happens when the user supplies his credentials on say machine A? Please bear with my questions.

Karan
- where do I carry out user creation, modification?
LDAP server

-how does a user modify his profile or password ?
use "ldappasswd" to change passwd. do "man ldappasswd" for more details.

- what happens when the user supplies his credentials on machine A?
Say the credentials are his username and password, the login daemon will use LDAP to check his username/password.
Since machine A is LDAP client (/etc/ldap.conf) and it send the username/password to LDAP server. The LDAP server verify the username/password. If they match, then LDAP tell machine A that it is ok to let he login and send back the
other information of this username, i.e. UID, GID, home directory, default shell etc.
It's similar to /etc/shadow file. The login daemon just uses LDAP instead of /etc/shadow.

Wesly
> How does automount know which directory to mount?
automountd read auto.master frst by default, and auto.master say it (automountd) should read auto.home for the
mount point /home.

Say for student3 with his home dir <NFS>:/home/students/student3.

When he login to machine A, LDAP passes the home dir information "/home/student3" to automountd.
automountd ask auto.master where is student3's home dir.
Then auto.master (with "/home   auto.home" in it) tell automountd to read auto.home file.

auto.home (has " *  -rw  <NFS>:/home/students/&" in it) tell automountd
to go though all the directories under <NFS>:/home/students/ and
automountd find <NFS>:/home/students/student3 match "student3".

Then automountd run the following mount command automatically:
" mount -o rw <NFS>:/home/students/student3  /home/student3"

That's it.

You might want to check the following URL for automount/autofs:
http://mercury.chem.pitt.edu/~sasha/LinuxFocus/English/January2001/article141.shtml

Wesly
NFS and automount are not very easy for a beginner.
IMHO, you might want to have a senior Unix/Linux administrator to implement it for your campus.
Or you setup a small test environment to play around and get familiar with it before you deploy it.
Or you might want to take a class for NFS/automount.

Besides, LDAP is even more difficult than automount.

Good luck,

Wesly
Avatar of kidoman

ASKER

3 Words, Rome was not built in a day, .....

Actually It much more that 3 words, thanks Wesley.

BTW on a personal note, I am 20 yrs old, how old are you?
> Rome was not built in one day
Good saying. It took me a couple months to figure out how NFS and automount work cooperatively (through reading).
And start to handle it well when my small network system setup.

> I am 20 yrs old
You has a good potential and bright future.

Regards,

Wesly
Avatar of kidoman

ASKER

Hi,

I followed ur steps and set up the test environment. I know that you already hv earned the points but please clear these doubts for me:

On my nfs server I hv:

/share/home/students/testuser1
/share/home/students/testuser2

/share/home/faculty/akp, etc.

Now considering a client machine (btw LDAP auth is already working :)!!)
how do i mount (and where do i mount) the home directory. Do i create /share/home/students, and /share/home/faculty and then specify for each user?

Please clarify.

Karan
ASKER CERTIFIED SOLUTION
Avatar of wesly_chen
wesly_chen
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of kidoman

ASKER

Thanks a lot man!!! Actually, I hv solved the client part and now I dont need to touch the clients (except to set config option at startup to use ldap.) I hv integrated auto.master and auto.home's into LDAP ;)

I guess rome was build in ... exactly 8 days. I guess fixing the walls will take a little longer.

Cheers,

Karan
> I hv integrated auto.master and auto.home's into LDAP ;)
Great! I haven't done this part yet.

Wesly
Avatar of kidoman

ASKER

Hii,

Problems again brothers..... please help out. Everything is working like a charm. I really mean it. I hv created a kickstart webserver (say http://kss.cetb.edu) where i hv installed mod_rewrite so that if i request:

http://kss.cetb.edu/lab--xion.lab9.cse--10.104.19.1

then a perl script will be invoked which will return the appropiate kickstart script. So basically i can just get of the system after specifying one line and everything is setup atomatically (i hv ftp.cetb.edu serving Fedora Core 3 files, in the DMZ).

When the install is done, i login into "tempguest" account (present in the ldap/nfs combo, not local) and it logs in like a charm. i hv a cron job running which cleans the tempguest account every mid-night so that until the moment i hv managed to create user accounts for all the user i am safe.

however. the problem comes when i want to logout of gnome. after i click action and then logout, it hangs in that screen for almost a minute. it also emits a message like it was not able to write to file /home/students/tempguest/.gconf or something like that. log out in CLI is instanteneous. please shed some light.

i believe this thread will be of great help for all EE readers. EE rocks!!! thanks wesly.

Karan
Hi,

  This is another problem. Could you open another question so all the EE people can help you. People seldom check the answered
area for open question.

Regards,

Wesly
By the way, it will be help that you can also post the result of the following comand to https://www.experts-exchange.com/Operating_Systems/Linux/
# ls -al /home/students/tempguest/.gconf

So people can have more information to help you.

Wesly