Hi to all of those running RM out there, can I pick your brains please? I'm about to have 20 PC's surplus as we update hardware before being forced down the CC3 route. Eventually I'll have 60+ PC's that will be redundant. I want to give these machines a new lease of life by installing LINUX and placing them in study rooms, an internet cafe and other 'like' areas. Initially running only open office, FireFox, and Thunderbird. I will probably use the same active equipment, IP range and domain for this trial. I intend to attempt to have these machines locked down until they squeak as they will be in no-go zones. My question is, if anyone uses LINUX w/s in this form, do they authenticate against the RM servers and if so are there any issues with this? (I authenticate against a WIN2000 box at home, but this is a 'safe' environment and we don't really hot-desk!) And, assuming that you do, do you allow access to the "mywork" areas? How do you implement remote w/s builds across the network? I'd considered a duel partition and 'ghosting' across but most of these w/s only have 4GB HDDs. We try not to have CD-ROMs on any PC's as it's just another item to replace every term! If it's a success and easy to administer, then I'd like to be able to move away from the CC3 route altogether. Comments, experience, suggestions welcome. Kind regards Adrian
--- "adrian.wells" <adrian.wells@sidcot.org.uk> wrote:
I want to give these machines a new lease of life by installing LINUX and placing them in study rooms, an internet cafe and other 'like' areas. Initially running only open office, FireFox, and Thunderbird.
I intend to attempt to have these machines locked down until they squeak as they will be in no-go zones. My question is, if anyone uses LINUX w/s in this form, do they authenticate against the RM servers and if so are there any issues with this? (I authenticate against a WIN2000 box at home, but this is a 'safe' environment and we don't really hot-desk!) And, assuming that you do, do you allow access to the "mywork" areas?
Ok, I have a small version of this running in our library. I have 5 debian workstations. One is a beefy job and thus becomes the X terminal server for the other 4. The others automatically start X and display the terminal's gdm login screen. It works a treat. I'm running an after school club on these workstations tonight and plan to thrash them to see if it all grinds to a halt.
How do you implement remote w/s builds across the network? I'd considered a duel partition and 'ghosting' across but most of these w/s only have 4GB HDDs. We try not to have CD-ROMs on any PC's as it's just another item to replace every term!
I have these debian workstations authenticating from an RM Connect 2.4 server (NT4). Winbind and then a pam config - which is very picky but definately works! If you did it with debian I could send you the config. But I know someone on this list offered to send me the config for SuSE when I was doing it with debian, so it's out there...?
If it's a success and easy to administer, then I'd like to be able to move away from the CC3 route altogether.
I've not managed to map MyWork to the linux machines :( The problem seems to me to be that the user's home directory on the RM server is not necessarily their username e.g. Jonathan Smith as a username would have jonatha1 as a homedir! Jonathan Jones (who came to the school later than Master Smith) would have a homedir of jonatha2. So I can't work out how to auto map the homedirs using pam_mount - which would be a breeze if homedir and username were the same. Any help? I'm using gnome, and intend to just rewrite the gnome config files for anything I want to restrict in a nightly cron job. Thus if little jonny breaks his desktop, it'll be fine in the morning... Obviously KDE has the kiosk framework which may be more use in locking down - which I'm not overly concerned about on these linux workstations (as long as they reset nightly to save on my "fix my desktop" admin). -- Matt Johnson ___________________________________________________________ Win a castle for NYE with your mates and Yahoo! Messenger http://uk.messenger.yahoo.com
Ok, I have a small version of this running in our library. I have 5 debian workstations. One is a beefy job and thus becomes the X terminal server for the other 4. The others automatically start X and display the terminal's gdm login screen. It works a treat. Any special reason for using debian? So is this a thin client set up?
I'm running an after school club on these workstations tonight and plan to thrash them to see if it all grinds to a halt. :-)
How do you implement remote w/s builds across the network? I'd considered a duel partition and 'ghosting' across but most of these w/s only have 4GB HDDs. We try not to have CD-ROMs on any PC's as it's just another item to replace every term! I have these debian workstations authenticating from an RM Connect 2.4 server (NT4). Winbind and then a pam config - which is very picky but definitely works! If you did it with debian I could send you the config. But I know someone on this list offered to send me the config for SuSE when I was doing it with debian, so it's out there...?
If it's a success and easy to administer, then I'd like to be able to move away from the CC3 route altogether.
I've not managed to map MyWork to the linux machines :( The problem seems to me to be that the user's home directory on the RM server is not necessarily their username e.g. Jonathan Smith as a username would have jonatha1 as a homedir! Jonathan Jones (who came to the school later than Master Smith) would have a homedir of jonatha2. So I can't work out how to auto map the homedirs using pam_mount - which would be a breeze if homedir and username were the same. Any help? Is it not possible to have the client run a logon script to map drives etc. as one can with a windows client logging on to a NT/2000 server? Although it may be a pain to generate them.
This is why I was unsure about shares and maybe I'd get the users to email files to the RM system for now and authenticate against another server that i'm not so worried about if it gets trashed. And let's face it, if they're in the study areas, it'll be mini-clips et al all day long anyway, so not much work will need saving!
I'm using gnome, and intend to just rewrite the gnome config files for anything I want to restrict in a nightly cron job. Thus if little jonny breaks his desktop, it'll be fine in the morning... Obviously KDE has the kiosk framework which may be more use in locking down - which I'm not overly concerned about on these linux workstations (as long as they reset nightly to save on my "fix my desktop" admin). Why gnome? What are the advantages of KDE for example?
I'm getting to the position where I think that PC's should only be for hobbyists! For school/work the user should have a tool to do a job and nothing else - Unless you have a particular handicap, there is no reason for changing every minute detail of the box! It'll keep working longer if you leave it alone! Thanks
--- "adrian.wells" <adrian.wells@sidcot.org.uk> wrote:
I've not managed to map MyWork to the linux machines :( The problem seems to me to be that the user's home directory on the RM server is not necessarily their username e.g. Jonathan Smith as a username would have jonatha1 as a homedir! Jonathan Jones (who came to the school later than Master Smith) would have a homedir of jonatha2. So I can't work out how to auto map the homedirs using pam_mount - which would be a breeze if homedir and username were the same. Any help?
Is it not possible to have the client run a logon script to map drives etc. as one can with a windows client logging on to a NT/2000 server? Although it may be a pain to generate them.
Yes, I'm sure, but I'm a teacher with 600 pupils in the school. I can't (or rather, won't) tailor a script for each kid. It's got to run itself just by creating an RM user on the server. I can't give one reason why I choose Gnome. I used to use KDE. I find Gnome easy to configure and copy the configs but I dare say KDE is just as easy. Gnome looks very slick - 2.6 is the business. Haven't tried 2.8. -- Matt ___________________________________________________________ Moving house? Beach bar in Thailand? New Wardrobe? Win £10k with Yahoo! Mail to make your dream a reality. Get Yahoo! Mail www.yahoo.co.uk/10k
On 16 Nov 2004 at 12:02, adrian.wells wrote:
How do you implement remote w/s builds across the network? I'd considered a duel partition and 'ghosting' across but most of these w/s only have 4GB HDDs. We try not to have CD-ROMs on any PC's as it's just another item to replace every term!
I can't help with many of your questions, but I might be able to make a suggestion here.. g4u http://www.feyrer.de/g4u/ that's a nice boot floppy that'll allow you to image to / from an FTP server, which you could set up on your Debian box. I do this with my test-bed box at home, uploading to an FTP server running on my WinXP box. The FTP server is set for anonymous to point at a specific image directory, though I guess in a live environment I'd set that up so anonymous had read-only to the directory, and have a separate secure account setup for uploading. This way you can boot the end w/s from a floppy disk and then back up / restore whenever you have the need. ----- Paul Graydon Network Technician Haywards Heath College http://www.hhc.ac.uk (01444) 456281 "Joy is not in things; it is in us." Richard Wagner
On Tue, 2004-11-16 at 15:18 +0000, Paul Graydon wrote:
On 16 Nov 2004 at 12:02, adrian.wells wrote:
How do you implement remote w/s builds across the network? I'd considered a duel partition and 'ghosting' across but most of these w/s only have 4GB HDDs. We try not to have CD-ROMs on any PC's as it's just another item to replace every term!
I can't help with many of your questions, but I might be able to make a suggestion here.. g4u http://www.feyrer.de/g4u/ that's a nice boot floppy that'll allow you to image to / from an FTP server, which you could set up on your Debian box. I do this with my test-bed box at home, uploading to an FTP server running on my WinXP box. The FTP server is set for anonymous to point at a specific image directory, though I guess in a live environment I'd set that up so anonymous had read-only to the directory, and have a separate secure account setup for uploading. This way you can boot the end w/s from a floppy disk and then back up / restore whenever you have the need. ----- Paul Graydon Network Technician Haywards Heath College http://www.hhc.ac.uk (01444) 456281 "Joy is not in things; it is in us." Richard Wagner
There is also systemimager (http://www.systemimager.org/) which I use here to recreate a system. It can do a lot more but will work well as a rebuild mechanism. It uses an rsync server to hold the master data and will work with network boot - I use it that way to automate the install of servers which have no removable disks. HTH -- ---------------------------- Giles Nunn - ISP Officer Carms ICT Development Centre +44 1267 228277 ----------------------------
I might of meationed it before and it is a slight angle away from the discussion but at the Karoshi project we are at the moment, creating a Linux Client (Fat) that auths with Samba, running on a Linux Server. Basically the same concept...lol At the moment its all working locked down etc but so far the users have to type in thier password twice. Once for the login and again for thier samba shares. If anyone knows of a solution for this I would be grateful if not we will just try and make it look a bit prettier!!! Also interested in anyone who could test the system on SuSe as at the moment it is a Mandrake based piece of software. We should be testing the system with a few weeks in two school as dual boot first and then once everything seems ok, maybe we could start to take it a little bit further!! Jo
--- linuxgirlie <linuxgirlie@gmail.com> wrote:
If anyone knows of a solution for this I would be grateful if not we will just try and make it look a bit prettier!!!
Remove the authentication in Samba [1] -- if the user has logged into the system once, then make the assumption it is valid. Of course you'll have the perms all valid on the Samba server such that should something go wrong the only thing that the $USER can damage are their own files. -- Thomas Adam [1] This depends entirely on what you meant by "lock down". I can't be anymore specific as I am not familiar how you have Samba setup. ===== "The Linux Weekend Mechanic" -- http://linuxgazette.net "TAG Editor" -- http://linuxgazette.net "<shrug> We'll just save up your sins, Thomas, and punish you for all of them at once when you get better. The experience will probably kill you. :)" -- Benjamin A. Okopnik (Linux Gazette Technical Editor) ___________________________________________________________ Win a castle for NYE with your mates and Yahoo! Messenger http://uk.messenger.yahoo.com
----- Original Message ----- From: "Giles Nunn" <giles@satproj.org.uk> To: <suse-linux-uk-schools@suse.com> Sent: Wednesday, November 17, 2004 11:14 AM Subject: Re: [suse-linux-uk-schools] New Clothes
On Tue, 2004-11-16 at 15:18 +0000, Paul Graydon wrote:
On 16 Nov 2004 at 12:02, adrian.wells wrote:
How do you implement remote w/s builds across the network? I'd considered a duel partition and 'ghosting' across but most of these w/s only have 4GB HDDs. We try not to have CD-ROMs on any PC's as it's just another item to replace every term!
I can't help with many of your questions, but I might be able to make a suggestion here.. g4u http://www.feyrer.de/g4u/ that's a nice boot floppy that'll allow you to image to / from an FTP server, which you could set up on your Debian box. I do this with my test-bed box at home, uploading to an FTP server running on my WinXP box. The FTP server is set for anonymous to point at a specific image directory, though I guess in a live environment I'd set that up so anonymous had read-only to the directory, and have a separate secure account setup for uploading. This way you can boot the end w/s from a floppy disk and then back up / restore whenever you have the need. ----- Paul Graydon Network Technician Haywards Heath College http://www.hhc.ac.uk (01444) 456281 "Joy is not in things; it is in us." Richard Wagner
There is also systemimager (http://www.systemimager.org/) which I use here to recreate a system. It can do a lot more but will work well as a rebuild mechanism. It uses an rsync server to hold the master data and will work with network boot - I use it that way to automate the install of servers which have no removable disks. Thanks, I'll take a look at this too.
I suppose that if the update software were kept on a tiny partition on the HDD then users could request their own station rebuild if the box became unstable by having grub/lilo provide access to the required partition, that's assuming that the system runs in ram I imagine. Just a thought - off to read :-)
HTH
-- ---------------------------- Giles Nunn - ISP Officer Carms ICT Development Centre +44 1267 228277 ----------------------------
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
Many thanks to everyone that responded to my new clothes line - I'm in a spin now! :-) Some very useful information and comments. Started playing and I'll let you know how I get on. Kind regards Adrian
----- Original Message ----- From: "Paul Graydon" <graydpau@hhc.ac.uk> To: "SuSe" <suse-linux-uk-schools@suse.com> Sent: Tuesday, November 16, 2004 3:18 PM Subject: Re: [suse-linux-uk-schools] New Clothes
On 16 Nov 2004 at 12:02, adrian.wells wrote:
How do you implement remote w/s builds across the network? I'd considered a duel partition and 'ghosting' across but most of these w/s only have 4GB HDDs. We try not to have CD-ROMs on any PC's as it's just another item to replace every term!
I can't help with many of your questions, but I might be able to make a suggestion here.. g4u http://www.feyrer.de/g4u/ that's a nice boot floppy that'll allow you to image to / from an FTP server, which you could set up on your Debian box. I do this with my test-bed box at home, uploading to an FTP server running on my WinXP box. The FTP server is set for anonymous to point at a specific image directory, though I guess in a live environment I'd set that up so anonymous had read-only to the directory, and have a separate secure account setup for uploading. This way you can boot the end w/s from a floppy disk and then back up / restore whenever you have the need. Thanks, this looks good, have you used it?
----- Paul Graydon Network Technician Haywards Heath College http://www.hhc.ac.uk (01444) 456281 "Joy is not in things; it is in us." Richard Wagner
-- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe@suse.com For additional commands, e-mail: suse-linux-uk-schools-help@suse.com
participants (7)
-
Adrian Wells -
adrian.wells -
Giles Nunn -
linuxgirlie -
Matt Johnson -
Paul Graydon -
Thomas Adam