Friday, October 17, 2008

Using NFS to make home directories available centrally

Lets say we have 3 servers and are heading towards an LDAP kind of configuration where we want to have a single sign on our servers. The first step is to export the /home directories from each server that is holding user directories.

This is a work in progress of course and the reason for this setup is because I already have a server with users on it. So, S1 and S2 are servers with existing users on them. LD is the server that we want all home directories on. All these servers have static IPs, S1 has 192.168.0.2, S2 192.168.0.3 and LD 192.168.0.10.

On S1 and S2 we install nfs server and portmap:

sudo apt-get install portmap nfs-kernel-server
Then we edit the /etc/exports:

/home 192.168.0.10(rw,sync,no_subtree_check)
/usr/local 192.168.0.10(rw,sync,no_subtree_check)
The first part (/home) is the directory that you want to share or export to the central server. The IP address (192.168.0.10) is the address that is allowed to access this share. I recommend that you use IPs and not IP ranges with subnets.
And we activate the exports. Every time you edit /etc/exports you need to run this command:
sudo exportfs -ra
Now on the central server (LD) we need to install the nfs client services:

sudo apt-get install portmap nfs-common
Next, create EMPTY directories on LD to use as mount points

sudo mkdir /homeS1
sudo mkdir /homeS2
We will need to mount statically the directories that we are sharing from S1 and S2 so on LD we edit the /etc/fstab file. At the bottom of the file we add these entries:

192.168.0.3:/home /homeS2 nfs rw,hard,intr 0 0
192.168.0.2 /home /homeS1 nfs rw,hard,intr 0 0
We save and exit the file and run the following command.

sudo mount -a
We are all set. If we go to /homeS1 on LD we will see all home directories from S1. Next is the challenge of adding an LDAP configuration that will hopefully come next.

Tuesday, October 7, 2008

Edubuntu LTSP User locked out Issue

Some of the servers I manage are Edubuntu 8.04 servers and for this post I would like to share a very common problem that I encounter almost daily and how to solve it.
We all know that users NEVER do what the server admin tells them. When you have a lot of users that are logged in to an LTSP server from thin client A and then they log in from thin client B, and then try to work with a browser like Firefox, they cannot. To make matters worse, if the server crashes or restarts, that user (or all users logged in) may get locked out of the LTSP environment.
After a lot of trials and errors, I found a nice little script that helps me kill every process of a specific user.
First create a file anywhere
sudo pico test.sh
Then paste this code:

#!/bin/bash
USER=$1
MYNAME=`basename $0`
if [ ! -n "$USER" ]
then
echo "Usage: $MYNAME username" >&2
exit 1
elif ! grep "^$USER:" /etc/passwd >/dev/null
then
echo "User $USER does not exist!" >&2
exit 2
fi
while [ `ps -U$USER | grep -v PID | wc -l` -gt 0 ]
do
PIDS=`ps -U$USER | grep -v PID | awk '{print $1}'`
echo "Killing " `echo $PIDS | wc -w` " processes for user $USER."
for PID in $PIDS
do
kill -9 $PID 2>&1 >/dev/null
done
done
echo "User $USER has 0 processes still running."

Exit and save the file. To run the file

sudo test.sh username
Replace username with the login of the user that is locked out. Of course you need to make this file executable first.

My Blog List