Re: How to setup effective school network
From: prg (rdgentry1_at_cablelynx.com)
Date: 01/27/05
- Next message: Andy Bolstridge: "Re: What's the best firewall to use for Debian/Linux?"
- Previous message: Noah Roberts: "Re: Peterson's Death Sentence"
- In reply to: upro: "How to setup effective school network"
- Next in thread: upro: "Re: How to setup effective school network"
- Reply: upro: "Re: How to setup effective school network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 27 Jan 2005 10:40:41 -0800
upro wrote:
> I have a problem - so many questions and no one there with whom to
> discuss them:
>
> I have a very nice quality server ...
What are the specs on the server, ie., cpu, ram, hard disks, raid,
nic(s), etc.
> ... and around 50 clients in my
> school. At that moment the setup is quite nothing: All machines are
> connected to hubs/switsches, ...
Hubs and switches are very different beasts when connecting computers.
Use no hubs if possible and if you must use them put the least
used/needed machines on them and as "far away" from the server and
firewall as possible (drop them from "leaf" switches). You need to
preserve as much bandwidth for "good" use as possibe. Check that all
nics are operating at full capabilities (100 Mbps-full duplex?). Could
you provide an ascii art diagram of your network layout. Or a "real"
diagram on a web page?
> ... which are connected to the DSL modem.
What is the connection speed?
> This goes also for the server. User authentication goes by one
> central user account, which is set up on al machines. No networking
> here.
>
> What I want is:
>
> 1) Connect the server only to the DSL modem, and througn my 2nd
> Network card all hubs and switches to my server and serve dhcp.
This is an edge postion suitable for a router/firewall -- something you
_definitely_ need. It is _not_ a good place for an internal server,
especially a dhcp or file server. And think twice about using dhcp
until you get the network design/layout working. 55 static IPs are not
that onerous and will save you initial headaches -- many headaches.
Do you provide any public services, eg., web server? You will need to
set up a dmz from a third nic on the firewall.
> 2) Get dhcp to run. I have tried the following rules:
Which dhcp server are you using? ISC's? Which dhcp client(s)?
Is below the complete contents of the dhcpd.conf file?
> ddns-update-style none;
> default-lease-time 86400;
You might want your default to be shorter -- say the length of a school
day. 8 hours=28800. 86400=24 hours. It forces clients to attempt
renewal at 4 hours. Depends on your needs.
http://www.j51.com/~sshay/tcpip/dhcp/dhcp.htm
> max-lease-time 86400;
> subnet 10.0.1.0 netmask 255.255.255.0 {
> #subnet 192.168.2.0 netmask 255.255.255.0 {
> range 10.0.1.10 10.0.1.220;
> option domain-name "www.waldorf.lu";
This is _not_ a domain name -- it's a DNS entry/name of a host running
httpd on port 80. Its domain is waldorf.lu. Likely not what you want
to do for internal machines. Give them a separate domain name.
You might also want to revert to the 192.168.0.0 addressing -- there is
no magic and some gotchas that might accompany your use
(misconfiguration) of 10.0.0.0/24. The "normal" tools will default to
"classful" netmasks if you forget, eg. 10.0.0.0/8 instead of
10.0.0.0/24 ;(
> option domain-name-servers 194.154.192.101,
194.154.192.102;
Provided by ISP?
> option netbios-name-servers 10.0.1.1;
> option netbios-node-type 8;
Is this a Samba server?
> option subnet-mask 255.255.255.0;
> option broadcast-address 10.0.1.255;
> option routers 10.0.1.3;
> }
>
> But somehow it doesn't work. I'm not sure about any of these
> lines... Especially the "domain-name-servers" line. THe IPs there are
> the ones I use with my ISP.
See, you would not be worrying about this at all with static IPs. From
the listing it appears you are running samba/windows clients. Correct?
Networking _requires_ more exactness/completeness re: your setup to
configure correctly and to avoid problems.
Are your clients set up properly to use dhcp? Not sure? Then probably
not.
> Would the switches/hubs update themselfes?
Huh? Hubs are completely dumb -- think multi-port signal repearters.
Switches "learn" the info (MAC addresses) they need to function
automagically (most of the time).
> And is it problem if I want
> to use the 10.0.0.x range when the switches/hubs use the 192.168.0.x
> range?
Switches/hubs don't have an IP address. Every machine connected to
them is on the same subnet. Switches avoid collisions on the net
medium, hubs don't. Both "provide" a single broadcast domain.
> I also want to run a nameserver on my server and have no idea which
> one to choose.
http://www.thekelleys.org.uk/dnsmasq/doc.html
You will have to download the source to get the complete documentation.
This will also make using static client IPs for your _private_ subnet
easier while providing a "safer" dns forwarder for public dns lookups.
It will also cache dns lookups, thus saving bandwidth. Don't even try
to set up bind/named properly. You have enough headaches you will have
to deal with.
If you need a firewall and can use a "dedicated" solution you might
look at IPCop (or something similar):
http://www.ipcop.org/ << includes dnsmasq
> 3) I would like to set user accounts in a way that no matter on which
> machine a user sits he gets his home directory on the server,
This is called "single sign on" or SSO. Don't even attempt it till the
basic network is laid out and confirmed working properly. Don't try to
implement everything at once -- it will go much quicker and with fewer
hassles to set up one thing at a time. That way the number of
variables/configs caught up in the additions/changes are kept to a
minimum. Do SSO for just a few hosts initially to get some experience.
> possibly as an icon on the desktop (clients run Aurox Linux 10.0,
> some few run Windows 2000 or XP).
When SSO is working properly, this is not necessary. Logging in will
automagically mount the home dir of the user. Logging out unmounts it.
Till then you don't have what you want.
> 4) I want to filter content. I guess squid or safesquid would work
> once I'd have solved problems 1) and 2).
Not entirely sure what you mean by "content". WWW content? Try here:
http://dansguardian.org/?page=whatisdg
> Believe me, I have consulted the O'Reilly networking bookshelf, but
> somehow it doesn't help me. Could someone out there, plase?
>
> Btw, I run Slackware 10.0 on my server.
If you're comfortable with slack this is OK. Generally I prefer to
keep to a single distro base -- eases
administration/maintenance/updating and keeps down possible
compatibilty glitches resulting from updates/upgrades.
With only 50 machines I would give up on dhcp for now. You have enough
to do getting the rest working properly/reliably. You also make it
more difficult to do other tasks that you may (should?) undertake --
SSO, logging, accounting, auditing? It also uses bandwidth. Save it
for later ;)
When you have more experience with/confidence in your basic network
functioning -- local dns, SSO, Samba file server, firewall and web
filter -- then you can tackle dhcp. DHCP is not _really_ that
difficult, but it has many implications/gotchas and rather scattered
documentation. Takes a while to understand _what_ you need from it and
_how_ to implement your needs. You will probably want host
declarations and fixed-address entries, eg. Makes monitoring the
clients easier even if the initial setup is more tedious.
You do not mention if the Linux clients will also be using Samba to
access their home dirs or if you intend to use nfs for them. It will
be easier to adopt a single set up since you also want SSO. You will
have to try out Linux Samba client software to make sure you get the
one you want. May depend on the desktop you use, eg., KDE vs Gnome.
For general Linux use in schools (K-12 here in US) you might want to
check with these is you haven't already:
http://www.k12ltsp.org/ << many good links
http://www.lfsp.org/ << good example info
May be useful, single reference to have handy (together with the tldp
how-tos):
http://www.linuxhomenetworking.com/#Linux
http://www.tldp.org/HOWTO/HOWTO-INDEX/howtos.html << on-line
http://www.tldp.org/docs.html#howto << download all
For SSO check:
Google this search string:
linux samba sso + "single sign on"
or click this:
http://www.google.com/search?num=50&hl=en&lr=lang_en&ie=ISO-8859-1&q=linux+samba+sso+%2B+%22single+sign+on%22
http://www.zytrax.com/tech/howtos/samba.html
and many other links ...
And check your Samba docs -- you have them all, don't you?
http://samba.org/~samba-bugs/docs/samba-docs-latest.tar.bz2
http://www.samba.org/samba/docs/
You will need a "central repository" of user account info using LDAP.
It's not easy/intuitive to set up, but once you understand what's going
on, it's not that bad ;)
http://www.openldap.org/
It will be easier to implement/test with fewer clients now than with
more clients later ;-)
hth,
prg
email above disabled
- Next message: Andy Bolstridge: "Re: What's the best firewall to use for Debian/Linux?"
- Previous message: Noah Roberts: "Re: Peterson's Death Sentence"
- In reply to: upro: "How to setup effective school network"
- Next in thread: upro: "Re: How to setup effective school network"
- Reply: upro: "Re: How to setup effective school network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
