Wednesday, January 28, 2009

Ubuntu 8.04 LDAP Server with Edubuntu 8.04 LTSP servers as clients

In one of my previous posts,I tried to explain how I would setup an LDAP server on ubuntu 8.04 32Bit and two Edubuntu 8.04 Servers. After a month of testing and setup, I believe it is working almost perfectly. Following is the way I set everything up.

First, the LDAP server is installed on a DELL Poweredge 2500 with 6 SCSI 36GB drives on a RAID-5 array. The OS was install with the LAMP package and webmin was added later. The next item on the list was the LDAP server. After a lot of research, I stumbled upon this
site. I would like to extend my thanks to the author of this package. Following the instructions on that site, I installed the server which was OpenLDAP 2.4.9. I run into an issue getting the sambaID of the machine but after a search on Google, the issue was resolved.

Second, I built 2 servers for my Edubuntu installations, which are used as LDP clients. Specs are:
RAM 8GB Reg
CPU XEON Quadcore 2.33 12M
RAID 3Ware 9650 S
HD 4 500GB Seagate 32M Cache
MB Asus DSBV-DX

On the first I installed Edubuntu 8.04 32bit and on the second Edubuntu 8.04 64bit. Why? Well I am a masochist and like to run into as many problems as possible.

Third, I realized that I needed a central storage solution for all my users (about 1000 users). The 1.5TB on each server is sufficient for this amount and for the current usage which is web browsing and word processing. For other uses though, like video downloads, and video editing, I needed more storage space. The Dell Powervault MD1000 was perfect for the job. I placed 15 SATA Seagates 500GB in it and created a RAID 5 array. The total is ~6TB of storage. Some will argue that it is better to have a RAID 10 or 0+1 or 1+0 but I had a drive fail on it already and there is almost no down time. The MD1000 was attached on the 64bit box with a PERC5.

The drive was shared as an NFS export. This is a line in /etc/exports
/ldaphomes 192.168.xxx.xxx(rw,sync,no_subtree_check,no_root_squash) 192.168.xxx.xxx(rw,sync,no_subtree_check)


Make sure that you have the option no_root_squash there for the LDAP server in order to get root permissions. You will need those when you are creating users. On each of "clients", I modified /etc/fstab to include the following:
192.168.xxx.xxx:/ldaphomes /ldaphomes nfs rw,hard,intr 0 0

Make sure that you have an empty directory on each client of course at /ldaphomes

Next, I run the install script from the link above (majen.net) to configure the LDAP clients. Also, there is a perfect guide here. Webmin was installed on both LDAP clients. This does not complete the job though. I had to go to the webmin interface on all the server (including the LDAP server) and go to "System"->"LDAP Client". On that page, click "Validate Configuration" or "Configure as LDAP client".

Now, we need to create the users. On the LDAP server, open a terminal. The scripts are located in /usr/sbin
/usr/sbin/smbldap-groupadd
/usr/sbin/smbldap-groupdel
/usr/sbin/smbldap-groupmod
/usr/sbin/smbldap-groupshow
/usr/sbin/smbldap-passwd
/usr/sbin/smbldap-populate
/usr/sbin/smbldap-useradd
/usr/sbin/smbldap-userdel
/usr/sbin/smbldap-userinfo
/usr/sbin/smbldap-userlist
/usr/sbin/smbldap-usermod
/usr/sbin/smbldap-usershow
/usr/share/smbldap-configure

Each of these scripts has a vary detailed man page. Ex:
man smbldap-useradd

To add a user type the following:
sudo smbldap-useradd -d /ldaphomes/<username> -m -a -g -P

You can view the arguments in the man page.

Finally, attach up to 30-35 thin clients on each server, fire them up and everything should work. In this setup I have about 70 users working concurrently with only a few issues. The most frequent issue is when the user turns off the thin client without logging off. This does not kill the running processes and when the user logs back in some applications like Firefox are already running. To resolve this, read on of my previous posts and use the script there to logoof the user from the command line.

The next problem that I wish to solve, and I would appreciate any comments, is that I cannot add any Windows clients on the LDAP server. I run sudo smbldap-useradd -w and the workstation is added. When I try to add the windows box to the domain, it fails.

My Blog List