?
Solved

Tick tick 500: NFS, LDAP and Linux.....

Posted on 2004-11-13
18
Medium Priority
?
536 Views
Last Modified: 2013-11-15
Hi all,

This is a tough one.... atleast I think it is.

See I am faced with a task of implementing a scalable solution for a college (univ rather) and because I am also a student at that univ my experience is --- i can say, lacking. i have understood the indivisual technologies but I am having difficulties marrying them together.

So here goes....


WE will be obtaining a central file server called (a.k.a NFS server) which will be the place where every one can store their files. This is primarily being done so that students will not face any trouble if they sit on different computers on different lab days (they can retrieve their work.) Also they will have the facility to take backups and all.


So that is one part. I also read abt LDAP authentication possibility in Linux. WE can authenticate users against (say, ldap.ex.edu) but how and why is that system to be used. Suppose a student walks up to a node (say A) and then successfully logs in using his unifies login/password (also used for email, web portal, forum, etc.) then what kind of things he has to do to get his files back from the NFS server. Isnt the local harddisk being totally wasted by this design??? I am not too clear abt this.

Our labs will be totally linux based so I need all the help I can get from the Linux gurus because I have bet that this can be transparently implemented in Linux.... Cant it???

Cheers,

Karan
0
Comment
Question by:kidoman
  • 10
  • 8
18 Comments
 
LVL 38

Expert Comment

by:wesly_chen
ID: 12577416
Hi,

> what kind of things he has to do to get his files back from the NFS server
Use automount, so every machine he login will mount his home dirctory which is on NFS server to the local machine
i.e. /home/<username>.

> LDAP authentication possibility in Linux
LDAP and NIS are similar in providing centralized information for mulitple Linux machines such as username, password,
group, home directory, hostname, IP address, etc. It's server-client base name service mechanism.
OpenLdap is packaged in most of Linux distrubutors such as RedHat, SuSE, Mandrake...
You might want to check the following URL for details and some understanding:
http://www.openldap.org/doc/admin22

> Isnt the local harddisk being totally wasted by this design
Local disk can be used for local applications (Lab), scratch space ( will be clean up periodically ), local data
which have better performance compared through NFS.

> can be transparently implemented in Linux
Yes, but it is not easy and takes time. Besides, you need to have certain degree of understanding first.

There are some more references:
http://ldapman.org/articles/intro_to_ldap.html
http://www.openldap.org/doc/admin22/quickstart.html

Regards,

Wesly
0
 
LVL 2

Author Comment

by:kidoman
ID: 12577691
Can you show me a direct link to your proposed solution....

for example: how to configure Automount to do what you propose?

also, what kind of schema considreation has to made to configure slurpd and where do i get it.....?

because I was aware of most of what you said in ur last comment (i hope u remember me from the last question i asked regd kickstart). i want some detailed answer not simple pointers......

karan
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 12577959
Hi,

   I'm not sure what's your environment, all I can say is a sample.

Automount: One master file (auto.master) and several indirect automount map files (i.e. auto.home)
---auto.master--
/home   auto.home

-- auto.home ---
*   -rw  <NFS server 1>:/home/&
*   -rw  <NFS server 2>:/home/&
...
------------------   Make sure there is no the same username.
Where /home/<username> are the path of users' home directories on NFS server (shared out in /etc/exports).
Example of /etc/exports on NFS server (assume Linux box)
---
/home  *(rw,async)
------

So when user login to one LDAP client machine, in the LDAP server database, there is one entry under
"password" directory (similar to /etc/passwd or "passwd table" in NIS) like
----
cn=username
attributes:
   password= <string>
   home=/home/username
   uid= <number>
   gid= <number>
   stuid= <number>  <=== student id, customized for colloge ^_^
   department= <string>
   startyear=<number>
   fullname= <string>
....
---------
After username/password authenication, the user's atttribute "home" tell the local automountd to mount
/home/username on local Linux box.

In NIS, auto.master and auto.home are the tables. Same to LDAP, those can be the directories.
Ant the content of auto.master is the attribute in LDAP.
So far I haven't figure out how to make auto.master and auto.home into the LDAP directories.
So I use NIS to implement. But I'm sure there is a way to do it.

Regards,

Wesly
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 2

Author Comment

by:kidoman
ID: 12580461
Hi,

please filll in my example values:

I will hv a single NFS server (now atleast) and it will be nfs.ex.edu
LDAP server = ldap.ex.edu
DNS server (local) = dnscache.ex.edu

Also the /home directory on the nfs server will be like: /home/students/, /home/faculty, etc.

User homes will recide inside those main categories. How does automount know which directory to mount, i see no explicit connection being mentioned.

Please clarify.

Karan
0
 
LVL 2

Author Comment

by:kidoman
ID: 12580483
Hi,

I hv been reading so many manuals that I am totally confused  regd NFS. Basically cant anyone just mount the NFS exports and tamper with someone elses files.... what is stopping them. Forgive me I am a n00b in this NFS area. Also since user account info will be stored in the LDAP server and the home directories will exist at the NFS server:

- where do I carry out user creation, modification?
- how does a user modify his profile or password (i guess using a webinterface which will commit the changes to the LDAP server.)
- what happens when the user supplies his credentials on say machine A? Please bear with my questions.

Karan
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 12580983
- where do I carry out user creation, modification?
LDAP server

-how does a user modify his profile or password ?
use "ldappasswd" to change passwd. do "man ldappasswd" for more details.

- what happens when the user supplies his credentials on machine A?
Say the credentials are his username and password, the login daemon will use LDAP to check his username/password.
Since machine A is LDAP client (/etc/ldap.conf) and it send the username/password to LDAP server. The LDAP server verify the username/password. If they match, then LDAP tell machine A that it is ok to let he login and send back the
other information of this username, i.e. UID, GID, home directory, default shell etc.
It's similar to /etc/shadow file. The login daemon just uses LDAP instead of /etc/shadow.

Wesly
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 12581009
> How does automount know which directory to mount?
automountd read auto.master frst by default, and auto.master say it (automountd) should read auto.home for the
mount point /home.

Say for student3 with his home dir <NFS>:/home/students/student3.

When he login to machine A, LDAP passes the home dir information "/home/student3" to automountd.
automountd ask auto.master where is student3's home dir.
Then auto.master (with "/home   auto.home" in it) tell automountd to read auto.home file.

auto.home (has " *  -rw  <NFS>:/home/students/&" in it) tell automountd
to go though all the directories under <NFS>:/home/students/ and
automountd find <NFS>:/home/students/student3 match "student3".

Then automountd run the following mount command automatically:
" mount -o rw <NFS>:/home/students/student3  /home/student3"

That's it.

You might want to check the following URL for automount/autofs:
http://mercury.chem.pitt.edu/~sasha/LinuxFocus/English/January2001/article141.shtml

Wesly
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 12581026
NFS and automount are not very easy for a beginner.
IMHO, you might want to have a senior Unix/Linux administrator to implement it for your campus.
Or you setup a small test environment to play around and get familiar with it before you deploy it.
Or you might want to take a class for NFS/automount.

Besides, LDAP is even more difficult than automount.

Good luck,

Wesly
0
 
LVL 2

Author Comment

by:kidoman
ID: 12581433
3 Words, Rome was not built in a day, .....

Actually It much more that 3 words, thanks Wesley.

BTW on a personal note, I am 20 yrs old, how old are you?
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 12586039
> Rome was not built in one day
Good saying. It took me a couple months to figure out how NFS and automount work cooperatively (through reading).
And start to handle it well when my small network system setup.

> I am 20 yrs old
You has a good potential and bright future.

Regards,

Wesly
0
 
LVL 2

Author Comment

by:kidoman
ID: 12651183
Hi,

I followed ur steps and set up the test environment. I know that you already hv earned the points but please clear these doubts for me:

On my nfs server I hv:

/share/home/students/testuser1
/share/home/students/testuser2

/share/home/faculty/akp, etc.

Now considering a client machine (btw LDAP auth is already working :)!!)
how do i mount (and where do i mount) the home directory. Do i create /share/home/students, and /share/home/faculty and then specify for each user?

Please clarify.

Karan
0
 
LVL 38

Accepted Solution

by:
wesly_chen earned 2000 total points
ID: 12651294
Hi,

1. For NFS server,
-- /etc/exports --
/share/home   *(rw,async)
============
# exportfs -a
or
# /etc/init.d/nfs restart

2. For the client machine:
--- /etc/auto.master---
/homes      auto.homes

--- /etc/auto.homes ---
*   -rw   <nfs server>:/share/home/students/&
*   -rw   <nfs server>:/share/home/faculty/&

3. Create /homes at client machine
# mkdir /homes; chmod 755 /homes

4. Then start autofs as root
# /etc/init.d/autofs restart

5. Test the /homes/testuser1   ( make sure LDAP has entry for homedir=/homes/testuser1 for testuser1)
# cd /homes/testuser1
# df -h .

Wesly
0
 
LVL 2

Author Comment

by:kidoman
ID: 12651882
Thanks a lot man!!! Actually, I hv solved the client part and now I dont need to touch the clients (except to set config option at startup to use ldap.) I hv integrated auto.master and auto.home's into LDAP ;)

I guess rome was build in ... exactly 8 days. I guess fixing the walls will take a little longer.

Cheers,

Karan
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 12656679
> I hv integrated auto.master and auto.home's into LDAP ;)
Great! I haven't done this part yet.

Wesly
0
 
LVL 2

Author Comment

by:kidoman
ID: 12661997
Hii,

Problems again brothers..... please help out. Everything is working like a charm. I really mean it. I hv created a kickstart webserver (say http://kss.cetb.edu) where i hv installed mod_rewrite so that if i request:

http://kss.cetb.edu/lab--xion.lab9.cse--10.104.19.1

then a perl script will be invoked which will return the appropiate kickstart script. So basically i can just get of the system after specifying one line and everything is setup atomatically (i hv ftp.cetb.edu serving Fedora Core 3 files, in the DMZ).

When the install is done, i login into "tempguest" account (present in the ldap/nfs combo, not local) and it logs in like a charm. i hv a cron job running which cleans the tempguest account every mid-night so that until the moment i hv managed to create user accounts for all the user i am safe.

however. the problem comes when i want to logout of gnome. after i click action and then logout, it hangs in that screen for almost a minute. it also emits a message like it was not able to write to file /home/students/tempguest/.gconf or something like that. log out in CLI is instanteneous. please shed some light.

i believe this thread will be of great help for all EE readers. EE rocks!!! thanks wesly.

Karan
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 12662008
Hi,

  This is another problem. Could you open another question so all the EE people can help you. People seldom check the answered
area for open question.

Regards,

Wesly
0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 12662070
By the way, it will be help that you can also post the result of the following comand to http://www.experts-exchange.com/Operating_Systems/Linux/
# ls -al /home/students/tempguest/.gconf

So people can have more information to help you.

Wesly
0
 
LVL 2

Author Comment

by:kidoman
ID: 12667168
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension . This reminded me of questions that come up here at EE along the lines of, "How can I tell the type of file from its cont…
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month12 days, 17 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question