Tick tick 500: NFS, LDAP and Linux.....

Hi all,

This is a tough one.... atleast I think it is.

See I am faced with a task of implementing a scalable solution for a college (univ rather) and because I am also a student at that univ my experience is --- i can say, lacking. i have understood the indivisual technologies but I am having difficulties marrying them together.

So here goes....


WE will be obtaining a central file server called (a.k.a NFS server) which will be the place where every one can store their files. This is primarily being done so that students will not face any trouble if they sit on different computers on different lab days (they can retrieve their work.) Also they will have the facility to take backups and all.


So that is one part. I also read abt LDAP authentication possibility in Linux. WE can authenticate users against (say, ldap.ex.edu) but how and why is that system to be used. Suppose a student walks up to a node (say A) and then successfully logs in using his unifies login/password (also used for email, web portal, forum, etc.) then what kind of things he has to do to get his files back from the NFS server. Isnt the local harddisk being totally wasted by this design??? I am not too clear abt this.

Our labs will be totally linux based so I need all the help I can get from the Linux gurus because I have bet that this can be transparently implemented in Linux.... Cant it???

Cheers,

Karan
LVL 2
kidomanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

wesly_chenCommented:
Hi,

> what kind of things he has to do to get his files back from the NFS server
Use automount, so every machine he login will mount his home dirctory which is on NFS server to the local machine
i.e. /home/<username>.

> LDAP authentication possibility in Linux
LDAP and NIS are similar in providing centralized information for mulitple Linux machines such as username, password,
group, home directory, hostname, IP address, etc. It's server-client base name service mechanism.
OpenLdap is packaged in most of Linux distrubutors such as RedHat, SuSE, Mandrake...
You might want to check the following URL for details and some understanding:
http://www.openldap.org/doc/admin22

> Isnt the local harddisk being totally wasted by this design
Local disk can be used for local applications (Lab), scratch space ( will be clean up periodically ), local data
which have better performance compared through NFS.

> can be transparently implemented in Linux
Yes, but it is not easy and takes time. Besides, you need to have certain degree of understanding first.

There are some more references:
http://ldapman.org/articles/intro_to_ldap.html
http://www.openldap.org/doc/admin22/quickstart.html

Regards,

Wesly
0
kidomanAuthor Commented:
Can you show me a direct link to your proposed solution....

for example: how to configure Automount to do what you propose?

also, what kind of schema considreation has to made to configure slurpd and where do i get it.....?

because I was aware of most of what you said in ur last comment (i hope u remember me from the last question i asked regd kickstart). i want some detailed answer not simple pointers......

karan
0
wesly_chenCommented:
Hi,

   I'm not sure what's your environment, all I can say is a sample.

Automount: One master file (auto.master) and several indirect automount map files (i.e. auto.home)
---auto.master--
/home   auto.home

-- auto.home ---
*   -rw  <NFS server 1>:/home/&
*   -rw  <NFS server 2>:/home/&
...
------------------   Make sure there is no the same username.
Where /home/<username> are the path of users' home directories on NFS server (shared out in /etc/exports).
Example of /etc/exports on NFS server (assume Linux box)
---
/home  *(rw,async)
------

So when user login to one LDAP client machine, in the LDAP server database, there is one entry under
"password" directory (similar to /etc/passwd or "passwd table" in NIS) like
----
cn=username
attributes:
   password= <string>
   home=/home/username
   uid= <number>
   gid= <number>
   stuid= <number>  <=== student id, customized for colloge ^_^
   department= <string>
   startyear=<number>
   fullname= <string>
....
---------
After username/password authenication, the user's atttribute "home" tell the local automountd to mount
/home/username on local Linux box.

In NIS, auto.master and auto.home are the tables. Same to LDAP, those can be the directories.
Ant the content of auto.master is the attribute in LDAP.
So far I haven't figure out how to make auto.master and auto.home into the LDAP directories.
So I use NIS to implement. But I'm sure there is a way to do it.

Regards,

Wesly
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

kidomanAuthor Commented:
Hi,

please filll in my example values:

I will hv a single NFS server (now atleast) and it will be nfs.ex.edu
LDAP server = ldap.ex.edu
DNS server (local) = dnscache.ex.edu

Also the /home directory on the nfs server will be like: /home/students/, /home/faculty, etc.

User homes will recide inside those main categories. How does automount know which directory to mount, i see no explicit connection being mentioned.

Please clarify.

Karan
0
kidomanAuthor Commented:
Hi,

I hv been reading so many manuals that I am totally confused  regd NFS. Basically cant anyone just mount the NFS exports and tamper with someone elses files.... what is stopping them. Forgive me I am a n00b in this NFS area. Also since user account info will be stored in the LDAP server and the home directories will exist at the NFS server:

- where do I carry out user creation, modification?
- how does a user modify his profile or password (i guess using a webinterface which will commit the changes to the LDAP server.)
- what happens when the user supplies his credentials on say machine A? Please bear with my questions.

Karan
0
wesly_chenCommented:
- where do I carry out user creation, modification?
LDAP server

-how does a user modify his profile or password ?
use "ldappasswd" to change passwd. do "man ldappasswd" for more details.

- what happens when the user supplies his credentials on machine A?
Say the credentials are his username and password, the login daemon will use LDAP to check his username/password.
Since machine A is LDAP client (/etc/ldap.conf) and it send the username/password to LDAP server. The LDAP server verify the username/password. If they match, then LDAP tell machine A that it is ok to let he login and send back the
other information of this username, i.e. UID, GID, home directory, default shell etc.
It's similar to /etc/shadow file. The login daemon just uses LDAP instead of /etc/shadow.

Wesly
0
wesly_chenCommented:
> How does automount know which directory to mount?
automountd read auto.master frst by default, and auto.master say it (automountd) should read auto.home for the
mount point /home.

Say for student3 with his home dir <NFS>:/home/students/student3.

When he login to machine A, LDAP passes the home dir information "/home/student3" to automountd.
automountd ask auto.master where is student3's home dir.
Then auto.master (with "/home   auto.home" in it) tell automountd to read auto.home file.

auto.home (has " *  -rw  <NFS>:/home/students/&" in it) tell automountd
to go though all the directories under <NFS>:/home/students/ and
automountd find <NFS>:/home/students/student3 match "student3".

Then automountd run the following mount command automatically:
" mount -o rw <NFS>:/home/students/student3  /home/student3"

That's it.

You might want to check the following URL for automount/autofs:
http://mercury.chem.pitt.edu/~sasha/LinuxFocus/English/January2001/article141.shtml

Wesly
0
wesly_chenCommented:
NFS and automount are not very easy for a beginner.
IMHO, you might want to have a senior Unix/Linux administrator to implement it for your campus.
Or you setup a small test environment to play around and get familiar with it before you deploy it.
Or you might want to take a class for NFS/automount.

Besides, LDAP is even more difficult than automount.

Good luck,

Wesly
0
kidomanAuthor Commented:
3 Words, Rome was not built in a day, .....

Actually It much more that 3 words, thanks Wesley.

BTW on a personal note, I am 20 yrs old, how old are you?
0
wesly_chenCommented:
> Rome was not built in one day
Good saying. It took me a couple months to figure out how NFS and automount work cooperatively (through reading).
And start to handle it well when my small network system setup.

> I am 20 yrs old
You has a good potential and bright future.

Regards,

Wesly
0
kidomanAuthor Commented:
Hi,

I followed ur steps and set up the test environment. I know that you already hv earned the points but please clear these doubts for me:

On my nfs server I hv:

/share/home/students/testuser1
/share/home/students/testuser2

/share/home/faculty/akp, etc.

Now considering a client machine (btw LDAP auth is already working :)!!)
how do i mount (and where do i mount) the home directory. Do i create /share/home/students, and /share/home/faculty and then specify for each user?

Please clarify.

Karan
0
wesly_chenCommented:
Hi,

1. For NFS server,
-- /etc/exports --
/share/home   *(rw,async)
============
# exportfs -a
or
# /etc/init.d/nfs restart

2. For the client machine:
--- /etc/auto.master---
/homes      auto.homes

--- /etc/auto.homes ---
*   -rw   <nfs server>:/share/home/students/&
*   -rw   <nfs server>:/share/home/faculty/&

3. Create /homes at client machine
# mkdir /homes; chmod 755 /homes

4. Then start autofs as root
# /etc/init.d/autofs restart

5. Test the /homes/testuser1   ( make sure LDAP has entry for homedir=/homes/testuser1 for testuser1)
# cd /homes/testuser1
# df -h .

Wesly
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kidomanAuthor Commented:
Thanks a lot man!!! Actually, I hv solved the client part and now I dont need to touch the clients (except to set config option at startup to use ldap.) I hv integrated auto.master and auto.home's into LDAP ;)

I guess rome was build in ... exactly 8 days. I guess fixing the walls will take a little longer.

Cheers,

Karan
0
wesly_chenCommented:
> I hv integrated auto.master and auto.home's into LDAP ;)
Great! I haven't done this part yet.

Wesly
0
kidomanAuthor Commented:
Hii,

Problems again brothers..... please help out. Everything is working like a charm. I really mean it. I hv created a kickstart webserver (say http://kss.cetb.edu) where i hv installed mod_rewrite so that if i request:

http://kss.cetb.edu/lab--xion.lab9.cse--10.104.19.1

then a perl script will be invoked which will return the appropiate kickstart script. So basically i can just get of the system after specifying one line and everything is setup atomatically (i hv ftp.cetb.edu serving Fedora Core 3 files, in the DMZ).

When the install is done, i login into "tempguest" account (present in the ldap/nfs combo, not local) and it logs in like a charm. i hv a cron job running which cleans the tempguest account every mid-night so that until the moment i hv managed to create user accounts for all the user i am safe.

however. the problem comes when i want to logout of gnome. after i click action and then logout, it hangs in that screen for almost a minute. it also emits a message like it was not able to write to file /home/students/tempguest/.gconf or something like that. log out in CLI is instanteneous. please shed some light.

i believe this thread will be of great help for all EE readers. EE rocks!!! thanks wesly.

Karan
0
wesly_chenCommented:
Hi,

  This is another problem. Could you open another question so all the EE people can help you. People seldom check the answered
area for open question.

Regards,

Wesly
0
wesly_chenCommented:
By the way, it will be help that you can also post the result of the following comand to http://www.experts-exchange.com/Operating_Systems/Linux/
# ls -al /home/students/tempguest/.gconf

So people can have more information to help you.

Wesly
0
kidomanAuthor Commented:
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.