Re: How to setup effective school network
From: upro (upro_at_gmx.net)
Date: 01/27/05
- Next message: ray: "Re: broadband network at home"
- Previous message: arniefufkin: "Re: HELP: Debian PCMCIA DHCP configuration"
- In reply to: prg: "Re: How to setup effective school network"
- Next in thread: prg: "Re: How to setup effective school network"
- Reply: prg: "Re: How to setup effective school network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 27 Jan 2005 23:38:30 +0100
"prg" <rdgentry1@cablelynx.com> writes:
> upro wrote:
>> I have a problem - so many questions and no one there with whom to
>> discuss them:
>>
>> I have a very nice quality server ...
>
> What are the specs on the server, ie., cpu, ram, hard disks, raid,
> nic(s), etc.
>
>> ... and around 50 clients in my
>> school. At that moment the setup is quite nothing: All machines are
>> connected to hubs/switsches, ...
>
> Hubs and switches are very different beasts when connecting computers.
> Use no hubs if possible and if you must use them put the least
> used/needed machines on them and as "far away" from the server and
> firewall as possible (drop them from "leaf" switches). You need to
> preserve as much bandwidth for "good" use as possibe. Check that all
> nics are operating at full capabilities (100 Mbps-full duplex?). Could
> you provide an ascii art diagram of your network layout. Or a "real"
> diagram on a web page?
>
>> ... which are connected to the DSL modem.
>
> What is the connection speed?
>
>> This goes also for the server. User authentication goes by one
>> central user account, which is set up on al machines. No networking
>> here.
>>
>> What I want is:
>>
>> 1) Connect the server only to the DSL modem, and througn my 2nd
>> Network card all hubs and switches to my server and serve dhcp.
>
> This is an edge postion suitable for a router/firewall -- something you
> _definitely_ need. It is _not_ a good place for an internal server,
> especially a dhcp or file server. And think twice about using dhcp
> until you get the network design/layout working. 55 static IPs are not
> that onerous and will save you initial headaches -- many headaches.
>
> Do you provide any public services, eg., web server? You will need to
> set up a dmz from a third nic on the firewall.
>
>> 2) Get dhcp to run. I have tried the following rules:
>
> Which dhcp server are you using? ISC's? Which dhcp client(s)?
>
> Is below the complete contents of the dhcpd.conf file?
>
>> ddns-update-style none;
>> default-lease-time 86400;
>
> You might want your default to be shorter -- say the length of a school
> day. 8 hours=28800. 86400=24 hours. It forces clients to attempt
> renewal at 4 hours. Depends on your needs.
> http://www.j51.com/~sshay/tcpip/dhcp/dhcp.htm
>
>> max-lease-time 86400;
>> subnet 10.0.1.0 netmask 255.255.255.0 {
>> #subnet 192.168.2.0 netmask 255.255.255.0 {
>> range 10.0.1.10 10.0.1.220;
>> option domain-name "www.waldorf.lu";
>
> This is _not_ a domain name -- it's a DNS entry/name of a host running
> httpd on port 80. Its domain is waldorf.lu. Likely not what you want
> to do for internal machines. Give them a separate domain name.
>
> You might also want to revert to the 192.168.0.0 addressing -- there is
> no magic and some gotchas that might accompany your use
> (misconfiguration) of 10.0.0.0/24. The "normal" tools will default to
> "classful" netmasks if you forget, eg. 10.0.0.0/8 instead of
> 10.0.0.0/24 ;(
>
>> option domain-name-servers 194.154.192.101,
> 194.154.192.102;
>
> Provided by ISP?
>
>> option netbios-name-servers 10.0.1.1;
>> option netbios-node-type 8;
>
> Is this a Samba server?
>
>> option subnet-mask 255.255.255.0;
>> option broadcast-address 10.0.1.255;
>> option routers 10.0.1.3;
>> }
>>
>> But somehow it doesn't work. I'm not sure about any of these
>> lines... Especially the "domain-name-servers" line. THe IPs there are
>> the ones I use with my ISP.
>
> See, you would not be worrying about this at all with static IPs. From
> the listing it appears you are running samba/windows clients. Correct?
> Networking _requires_ more exactness/completeness re: your setup to
> configure correctly and to avoid problems.
>
> Are your clients set up properly to use dhcp? Not sure? Then probably
> not.
>
>> Would the switches/hubs update themselfes?
>
> Huh? Hubs are completely dumb -- think multi-port signal repearters.
>
> Switches "learn" the info (MAC addresses) they need to function
> automagically (most of the time).
>
>> And is it problem if I want
>> to use the 10.0.0.x range when the switches/hubs use the 192.168.0.x
>> range?
>
> Switches/hubs don't have an IP address. Every machine connected to
> them is on the same subnet. Switches avoid collisions on the net
> medium, hubs don't. Both "provide" a single broadcast domain.
>
>> I also want to run a nameserver on my server and have no idea which
>> one to choose.
>
> http://www.thekelleys.org.uk/dnsmasq/doc.html
>
> You will have to download the source to get the complete documentation.
>
> This will also make using static client IPs for your _private_ subnet
> easier while providing a "safer" dns forwarder for public dns lookups.
> It will also cache dns lookups, thus saving bandwidth. Don't even try
> to set up bind/named properly. You have enough headaches you will have
> to deal with.
>
> If you need a firewall and can use a "dedicated" solution you might
> look at IPCop (or something similar):
> http://www.ipcop.org/ << includes dnsmasq
>
>> 3) I would like to set user accounts in a way that no matter on which
>> machine a user sits he gets his home directory on the server,
>
> This is called "single sign on" or SSO. Don't even attempt it till the
> basic network is laid out and confirmed working properly. Don't try to
> implement everything at once -- it will go much quicker and with fewer
> hassles to set up one thing at a time. That way the number of
> variables/configs caught up in the additions/changes are kept to a
> minimum. Do SSO for just a few hosts initially to get some experience.
>
>> possibly as an icon on the desktop (clients run Aurox Linux 10.0,
>> some few run Windows 2000 or XP).
>
> When SSO is working properly, this is not necessary. Logging in will
> automagically mount the home dir of the user. Logging out unmounts it.
> Till then you don't have what you want.
>
>> 4) I want to filter content. I guess squid or safesquid would work
>> once I'd have solved problems 1) and 2).
>
> Not entirely sure what you mean by "content". WWW content? Try here:
> http://dansguardian.org/?page=whatisdg
>
>> Believe me, I have consulted the O'Reilly networking bookshelf, but
>> somehow it doesn't help me. Could someone out there, plase?
>>
>> Btw, I run Slackware 10.0 on my server.
>
> If you're comfortable with slack this is OK. Generally I prefer to
> keep to a single distro base -- eases
> administration/maintenance/updating and keeps down possible
> compatibilty glitches resulting from updates/upgrades.
>
> With only 50 machines I would give up on dhcp for now. You have enough
> to do getting the rest working properly/reliably. You also make it
> more difficult to do other tasks that you may (should?) undertake --
> SSO, logging, accounting, auditing? It also uses bandwidth. Save it
> for later ;)
>
> When you have more experience with/confidence in your basic network
> functioning -- local dns, SSO, Samba file server, firewall and web
> filter -- then you can tackle dhcp. DHCP is not _really_ that
> difficult, but it has many implications/gotchas and rather scattered
> documentation. Takes a while to understand _what_ you need from it and
> _how_ to implement your needs. You will probably want host
> declarations and fixed-address entries, eg. Makes monitoring the
> clients easier even if the initial setup is more tedious.
>
> You do not mention if the Linux clients will also be using Samba to
> access their home dirs or if you intend to use nfs for them. It will
> be easier to adopt a single set up since you also want SSO. You will
> have to try out Linux Samba client software to make sure you get the
> one you want. May depend on the desktop you use, eg., KDE vs Gnome.
>
> For general Linux use in schools (K-12 here in US) you might want to
> check with these is you haven't already:
>
> http://www.k12ltsp.org/ << many good links
> http://www.lfsp.org/ << good example info
>
> May be useful, single reference to have handy (together with the tldp
> how-tos):
> http://www.linuxhomenetworking.com/#Linux
> http://www.tldp.org/HOWTO/HOWTO-INDEX/howtos.html << on-line
> http://www.tldp.org/docs.html#howto << download all
>
> For SSO check:
> Google this search string:
> linux samba sso + "single sign on"
> or click this:
> http://www.google.com/search?num=50&hl=en&lr=lang_en&ie=ISO-8859-1&q=linux+samba+sso+%2B+%22single+sign+on%22
> http://www.zytrax.com/tech/howtos/samba.html
> and many other links ...
>
> And check your Samba docs -- you have them all, don't you?
> http://samba.org/~samba-bugs/docs/samba-docs-latest.tar.bz2
> http://www.samba.org/samba/docs/
>
> You will need a "central repository" of user account info using LDAP.
> It's not easy/intuitive to set up, but once you understand what's going
> on, it's not that bad ;)
> http://www.openldap.org/
>
> It will be easier to implement/test with fewer clients now than with
> more clients later ;-)
>
> hth,
> prg
> email above disabled
>
Wow, that's really an answer that let's nothing open! THanks a lot for
your time and considerateness. You helped me a lot and I appreciate
very much the amount of time and thought you put into your reponse!
I'll do as you suggest: Assign fix IPs to the clients - especially
since their number will not be increasing.
And I'll try to get into SSU as soon as I got my point 1) to run!
That's all I can say for now. I'll post again under the same issue
when new questions arise!
Thanks again!
-- Michael r-znvy: zvpunry.wryqra jro.qr (chg gur "@" jurer vg svgf...) ab fcnz cyrnfr
- Next message: ray: "Re: broadband network at home"
- Previous message: arniefufkin: "Re: HELP: Debian PCMCIA DHCP configuration"
- In reply to: prg: "Re: How to setup effective school network"
- Next in thread: prg: "Re: How to setup effective school network"
- Reply: prg: "Re: How to setup effective school network"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
