subject:"\[DNG\] Request for comments \- training room"

[DNG] Request for comments - training room

2018-11-24 Thread g4sra

I would appreciate advice on the following situation

I have several hosts of differing architectures or peripherals in a
training room (several training rooms actually but each are independent
of each other) which are supported by a server running the standard *NIX
network services DHCP, BIND etc. The server also has the training
application (which is single install license but multi-user) installed
on it .

How should this training room be best implemented for reliability and
ease of maintenance ?
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-11-29 Thread Carl


On 11/24/18 1:55 PM, g4sra wrote:


I would appreciate advice on the following situation

I have several hosts of differing architectures or peripherals in a
training room (several training rooms actually but each are independent
of each other) which are supported by a server running the standard *NIX
network services DHCP, BIND etc. The server also has the training
application (which is single install license but multi-user) installed
on it .

How should this training room be best implemented for reliability and
ease of maintenance ?
That is a very general question. You'd have to ask more specific ones to 
get


useful answers. How many nodes? Do you get to spec the hardware or just the
software? Is the hosted application Windows-based? Web-based? Linux-based?
Are these rooms used only for training on that one application, or is the
app a Learning Management System that can launch several different courses?
Are you asking only about server implementation, or also client? Etc.
--
Carl Fink
c...@finknetwork.com

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-11-29 Thread Steve Litt

On Sat, 24 Nov 2018 18:55:03 +
g4sra  wrote:


> How should this training room be best implemented for reliability and
> ease of maintenance ?

Be sure to tape every cable to the carpet/floor so nobody trips over
them. Ask the venue for which tape(s) are acceptable.
 
SteveT

Steve Litt
November 2018 featured book: Manager's Guide to Technical
Troubleshooting Brand new, second edition
http://www.troubleshooters.com/mgr
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-11-29 Thread Rowland Penny

On Thu, 29 Nov 2018 16:19:44 -0500
Steve Litt  wrote:

> On Sat, 24 Nov 2018 18:55:03 +
> g4sra  wrote:
> 
> 
> > How should this training room be best implemented for reliability
> > and ease of maintenance ?
> 
> Be sure to tape every cable to the carpet/floor so nobody trips over
> them. Ask the venue for which tape(s) are acceptable.
>  

Do not run cables across the floor (taped down or otherwise), this
would be a trip hazard.

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-01 Thread Steve Litt

On Thu, 29 Nov 2018 21:25:00 +
Rowland Penny  wrote:

> On Thu, 29 Nov 2018 16:19:44 -0500
> Steve Litt  wrote:
> 
> > On Sat, 24 Nov 2018 18:55:03 +
> > g4sra  wrote:
> > 
> >   
> > > How should this training room be best implemented for reliability
> > > and ease of maintenance ?  
> > 
> > Be sure to tape every cable to the carpet/floor so nobody trips over
> > them. Ask the venue for which tape(s) are acceptable.
> >
> 
> Do not run cables across the floor (taped down or otherwise), this
> would be a trip hazard.

What other alternative is there for a temporary installation? Running
temporary conduit would be pretty expensive and a lot of work.

SteveT

Steve Litt
November 2018 featured book: Manager's Guide to Technical
Troubleshooting Brand new, second edition
http://www.troubleshooters.com/mgr
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-01 Thread Simon Hobson

Steve Litt  wrote:

>> 
>> Do not run cables across the floor (taped down or otherwise), this
>> would be a trip hazard.
> 
> What other alternative is there for a temporary installation?

Hung from the ceiling ? How practical that is depends on ceiling height, 
construction (suspended ceilings give easy access to the frame to put loops 
round), etc.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-01 Thread g4sra

It's not an exhibition it's a room for training using simulation
software (permanent classroom), think flight simulator game for 28+
people. Cabling is not my problem, the server and workstation software
configuration is ;).

NFS ? SAMBA ?

Windows domain compatibility is not of consequence as the Linux server
can be set up to authenticate Users.


On 01/12/2018 08:16, Steve Litt wrote:
> On Thu, 29 Nov 2018 21:25:00 +
> Rowland Penny  wrote:
> 
>> On Thu, 29 Nov 2018 16:19:44 -0500
>> Steve Litt  wrote:
>>
>>> On Sat, 24 Nov 2018 18:55:03 +
>>> g4sra  wrote:
>>>
>>>   
 How should this training room be best implemented for reliability
 and ease of maintenance ?  
>>>
>>> Be sure to tape every cable to the carpet/floor so nobody trips over
>>> them. Ask the venue for which tape(s) are acceptable.
>>>
>>
>> Do not run cables across the floor (taped down or otherwise), this
>> would be a trip hazard.
> 
> What other alternative is there for a temporary installation? Running
> temporary conduit would be pretty expensive and a lot of work.
> 
> SteveT
> 
> Steve Litt
> November 2018 featured book: Manager's Guide to Technical
> Troubleshooting Brand new, second edition
> http://www.troubleshooters.com/mgr
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> 

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-01 Thread Rowland Penny

On Sat, 1 Dec 2018 15:21:51 +
g4sra  wrote:

> It's not an exhibition it's a room for training using simulation
> software (permanent classroom), think flight simulator game for 28+
> people. Cabling is not my problem, the server and workstation software
> configuration is ;).
> 
> NFS ? SAMBA ?
> 
> Windows domain compatibility is not of consequence as the Linux server
> can be set up to authenticate Users.

How is the Linux server going to authenticate users, via /etc/passwd or
other ?

A lot depends on this, also the number of users will have a factor as
well.

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-01 Thread g4sra

Which network authentication method would you suggest ?

On 01/12/2018 15:43, Rowland Penny wrote:
> On Sat, 1 Dec 2018 15:21:51 +
> g4sra  wrote:
> 
>> It's not an exhibition it's a room for training using simulation
>> software (permanent classroom), think flight simulator game for 28+
>> people. Cabling is not my problem, the server and workstation software
>> configuration is ;).
>>
>> NFS ? SAMBA ?
>>
>> Windows domain compatibility is not of consequence as the Linux server
>> can be set up to authenticate Users.
> 
> How is the Linux server going to authenticate users, via /etc/passwd or
> other ?
> 
> A lot depends on this, also the number of users will have a factor as
> well.
> 
> Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-01 Thread Rowland Penny

On Sat, 1 Dec 2018 17:49:40 +
g4sra  wrote:

> Which network authentication method would you suggest ?
> 
> On 01/12/2018 15:43, Rowland Penny wrote:
> > On Sat, 1 Dec 2018 15:21:51 +
> > g4sra  wrote:
> > 
> >> It's not an exhibition it's a room for training using simulation
> >> software (permanent classroom), think flight simulator game for 28+
> >> people. Cabling is not my problem, the server and workstation
> >> software configuration is ;).
> >>
> >> NFS ? SAMBA ?
> >>
> >> Windows domain compatibility is not of consequence as the Linux
> >> server can be set up to authenticate Users.
> > 
> > How is the Linux server going to authenticate users,
> > via /etc/passwd or other ?
> > 
> > A lot depends on this, also the number of users will have a factor
> > as well.
> > 
> > Rowland
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

I am just a bit biased ;-)

More would need to be known about your network, how many computers and
what OS's. All Linux or all Windows, or a mixture of the two ?

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-01 Thread g4sra

One server and 28+ workstations all to be Linux, the rest of the network
is inconsequential (firewalled off).

On 01/12/2018 18:04, Rowland Penny wrote:
> On Sat, 1 Dec 2018 17:49:40 +
> g4sra  wrote:
> 
>> Which network authentication method would you suggest ?
>>
>> On 01/12/2018 15:43, Rowland Penny wrote:
>>> On Sat, 1 Dec 2018 15:21:51 +
>>> g4sra  wrote:
>>>
 It's not an exhibition it's a room for training using simulation
 software (permanent classroom), think flight simulator game for 28+
 people. Cabling is not my problem, the server and workstation
 software configuration is ;).

 NFS ? SAMBA ?

 Windows domain compatibility is not of consequence as the Linux
 server can be set up to authenticate Users.
>>>
>>> How is the Linux server going to authenticate users,
>>> via /etc/passwd or other ?
>>>
>>> A lot depends on this, also the number of users will have a factor
>>> as well.
>>>
>>> Rowland
>> ___
>> Dng mailing list
>> Dng@lists.dyne.org
>> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> 
> I am just a bit biased ;-)
> 
> More would need to be known about your network, how many computers and
> what OS's. All Linux or all Windows, or a mixture of the two ?
> 
> Rowland
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> 

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-01 Thread Rowland Penny

On Sat, 1 Dec 2018 20:46:58 +
g4sra  wrote:

> One server and 28+ workstations all to be Linux, the rest of the
> network is inconsequential (firewalled off).
> 

OK, I would install the latest Samba I could get, which, as you will be
running Devuan, will be from here:

http://apt.van-belle.nl/

I would then provision Samba as an AD DC and then join the Linux
machines to the AD domain.

This way you only have one place to maintain users & passwords etc

More info here:

https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller

And here:

https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-01 Thread Simon Hobson

g4sra  wrote:

>> How is the Linux server going to authenticate users, via /etc/passwd or
>> other ?
>> 
>> A lot depends on this, also the number of users will have a factor as
>> well.

> Which network authentication method would you suggest ?

I think what Roland was getting at here is the number of users and how they are 
dealt with makes a huge difference.

At one extreme, you have 28 seats, each one of them has a user such as "user1", 
and you can simply use /etc/passwd & /etc/shadow to manage that single user one 
each seat. You could probably build one software image and simply image all 28 
machines with that one image.

At the other extreme, every person has their own login and can use any seat at 
any time (and there are hundreds or even thousands of them) so that 
progress/results can be logged for each person. In this case, you will really 
need a centralised user management such as Roland described using Samba & AD.
You could still image each machine from one common image - but you'll need to 
do some post-imaging setup to give each machine a unique set of identifiers etc 
for the AD to work properly.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-01 Thread Rowland Penny

On Sat, 1 Dec 2018 21:49:41 +
Simon Hobson  wrote:

> g4sra  wrote:
> 
> >> How is the Linux server going to authenticate users,
> >> via /etc/passwd or other ?
> >> 
> >> A lot depends on this, also the number of users will have a factor
> >> as well.
> 
> > Which network authentication method would you suggest ?
> 
> I think what Roland was getting at here is the number of users and
> how they are dealt with makes a huge difference.
> 
> At one extreme, you have 28 seats, each one of them has a user such
> as "user1", and you can simply use /etc/passwd & /etc/shadow to
> manage that single user one each seat. You could probably build one
> software image and simply image all 28 machines with that one image.

This would entail running Samba as a workgroup and, once you get past
about 10 machines, it get unwieldy, you have to create the exact same
users on every machine you want them to connect to and keep their
passwords in sync. This can rapidly become a nightmare, this applies
if you decide to go with NFS instead.

> 
> At the other extreme, every person has their own login and can use
> any seat at any time (and there are hundreds or even thousands of
> them) so that progress/results can be logged for each person. In this
> case, you will really need a centralised user management such as
> Roland described using Samba & AD. You could still image each machine
> from one common image - but you'll need to do some post-imaging setup
> to give each machine a unique set of identifiers etc for the AD to
> work properly.

If you run Samba as an AD DC and join the clients to this, you only
have to create the users & groups once and the password is only stored
in one place, the DC. You just need to use PAM to create the users home
dir the first time they log onto a computer. It basically boils down to
doing the hard work once and then maintaining the domain on the DC.

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-01 Thread Simon Hobson

Rowland Penny  wrote:

>> I think what Roland was getting at here is the number of users and
>> how they are dealt with makes a huge difference.
>> 
>> At one extreme, you have 28 seats, each one of them has a user such
>> as "user1", and you can simply use /etc/passwd & /etc/shadow to
>> manage that single user one each seat. You could probably build one
>> software image and simply image all 28 machines with that one image.
> 
> This would entail running Samba as a workgroup and, once you get past
> about 10 machines, it get unwieldy, you have to create the exact same
> users on every machine you want them to connect to and keep their
> passwords in sync. This can rapidly become a nightmare, this applies
> if you decide to go with NFS instead.

Indeed, but this scenario is for a fixed setup where the users (28 of them) are 
setup once and then there is no further user maintenance going forward. In such 
a scenario, there's little point in going for the complexity of setting up AD - 
as you say, a one-off setup of the users in Samba. The clients could 
potentially be configured to auto-login to the desktop (or training system) on 
boot so the users don't even need to know about users.
Easy for users, no security.

>> At the other extreme, every person has their own login and can use
>> any seat at any time (and there are hundreds or even thousands of
>> them) so that progress/results can be logged for each person. In this
>> case, you will really need a centralised user management such as
>> Roland described using Samba & AD. You could still image each machine
>> from one common image - but you'll need to do some post-imaging setup
>> to give each machine a unique set of identifiers etc for the AD to
>> work properly.
> 
> If you run Samba as an AD DC and join the clients to this, you only
> have to create the users & groups once and the password is only stored
> in one place, the DC.

Exactly - for many users, and especially if the users are dynamic, then it's 
the only sane way to do it.

And it also means that each user has their own personal login & home directory 
so (if it isn't stored in a database that's part of the training system) there 
is somewhere for the system to store each users progress etc.

Which leads to another question ... Does the training system itself have a user 
directory etc ? This also has an impact on the solution chosen.

If the training system has a logon for each user and stores (eg) progress 
information in it's own database, then it makes little sense to also configure 
each user separately to the OS (eg using Samba & AD). Just setup the machines 
as above with a single user and manage users via the training system.
On the other hand, if the database (the schema, not just the DB engine) is 
"open" enough then it may be possible to use that as an authentication source - 
giving each user their own OS level login which is the same as the traingin 
system login, but using just the one database.

Many possibilities - the "best" for any setup depends on answers to these sorts 
of questions.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-01 Thread Rowland Penny

On Sat, 1 Dec 2018 22:17:58 +
Simon Hobson  wrote:

> Rowland Penny  wrote:
> 
> >> I think what Roland was getting at here is the number of users and
> >> how they are dealt with makes a huge difference.
> >> 
> >> At one extreme, you have 28 seats, each one of them has a user such
> >> as "user1", and you can simply use /etc/passwd & /etc/shadow to
> >> manage that single user one each seat. You could probably build one
> >> software image and simply image all 28 machines with that one
> >> image.
> > 
> > This would entail running Samba as a workgroup and, once you get
> > past about 10 machines, it get unwieldy, you have to create the
> > exact same users on every machine you want them to connect to and
> > keep their passwords in sync. This can rapidly become a nightmare,
> > this applies if you decide to go with NFS instead.
> 
> Indeed, but this scenario is for a fixed setup where the users (28 of
> them) are setup once and then there is no further user maintenance
> going forward. In such a scenario, there's little point in going for
> the complexity of setting up AD - as you say, a one-off setup of the
> users in Samba. The clients could potentially be configured to
> auto-login to the desktop (or training system) on boot so the users
> don't even need to know about users. Easy for users, no security.

Been there, done that, but with that many computers it becomes a
struggle, the users want to use different computers and cannot because
they are not set up on that computer, believe me, if you are setting
something up of this size, a domain is the way to go.
It also helps if a computer decides to turn its toes up and die, you
just wheel a spare machine out and use that instead.

> 
> >> At the other extreme, every person has their own login and can use
> >> any seat at any time (and there are hundreds or even thousands of
> >> them) so that progress/results can be logged for each person. In
> >> this case, you will really need a centralised user management such
> >> as Roland described using Samba & AD. You could still image each
> >> machine from one common image - but you'll need to do some
> >> post-imaging setup to give each machine a unique set of
> >> identifiers etc for the AD to work properly.
> > 
> > If you run Samba as an AD DC and join the clients to this, you only
> > have to create the users & groups once and the password is only
> > stored in one place, the DC.
> 
> Exactly - for many users, and especially if the users are dynamic,
> then it's the only sane way to do it.
> 
> And it also means that each user has their own personal login & home
> directory so (if it isn't stored in a database that's part of the
> training system) there is somewhere for the system to store each
> users progress etc.
> 
> Which leads to another question ... Does the training system itself
> have a user directory etc ? This also has an impact on the solution
> chosen.
> 
> If the training system has a logon for each user and stores (eg)
> progress information in it's own database, then it makes little sense
> to also configure each user separately to the OS (eg using Samba &
> AD). Just setup the machines as above with a single user and manage
> users via the training system. On the other hand, if the database
> (the schema, not just the DB engine) is "open" enough then it may be
> possible to use that as an authentication source - giving each user
> their own OS level login which is the same as the traingin system
> login, but using just the one database.
>

It was my understanding this was to be on a separate network.
 
> Many possibilities - the "best" for any setup depends on answers to
> these sorts of questions.
> 

Personally, (and I repeat, I am biased), I would run 2 Samba AD DC's
and at least one Samba Unix domain member as fileserver.

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-02 Thread Dr. Nikolaus Klepp

Am Samstag, 1. Dezember 2018 schrieb Rowland Penny:
> On Sat, 1 Dec 2018 22:17:58 +
> Simon Hobson  wrote:
> 
> > Rowland Penny  wrote:
> > 
> > >> I think what Roland was getting at here is the number of users and
> > >> how they are dealt with makes a huge difference.
> > >> 
> > >> At one extreme, you have 28 seats, each one of them has a user such
> > >> as "user1", and you can simply use /etc/passwd & /etc/shadow to
> > >> manage that single user one each seat. You could probably build one
> > >> software image and simply image all 28 machines with that one
> > >> image.
> > > 
> > > This would entail running Samba as a workgroup and, once you get
> > > past about 10 machines, it get unwieldy, you have to create the
> > > exact same users on every machine you want them to connect to and
> > > keep their passwords in sync. This can rapidly become a nightmare,
> > > this applies if you decide to go with NFS instead.
> > 
> > Indeed, but this scenario is for a fixed setup where the users (28 of
> > them) are setup once and then there is no further user maintenance
> > going forward. In such a scenario, there's little point in going for
> > the complexity of setting up AD - as you say, a one-off setup of the
> > users in Samba. The clients could potentially be configured to
> > auto-login to the desktop (or training system) on boot so the users
> > don't even need to know about users. Easy for users, no security.
> 
> Been there, done that, but with that many computers it becomes a
> struggle, the users want to use different computers and cannot because
> they are not set up on that computer, believe me, if you are setting
> something up of this size, a domain is the way to go.
> It also helps if a computer decides to turn its toes up and die, you
> just wheel a spare machine out and use that instead.

I usally use a custom "installer" that pulls a disk image on the new machines 
and a little script that syncs the users/groups on boot, and that's it. No  
NFS, no AD, just rsync over ssh. In my scenarios the users shut down theit 
maschines after logout or the sync script is run fron xdm.

> 
> > 
> > >> At the other extreme, every person has their own login and can use
> > >> any seat at any time (and there are hundreds or even thousands of
> > >> them) so that progress/results can be logged for each person. In
> > >> this case, you will really need a centralised user management such
> > >> as Roland described using Samba & AD. You could still image each
> > >> machine from one common image - but you'll need to do some
> > >> post-imaging setup to give each machine a unique set of
> > >> identifiers etc for the AD to work properly.
> > > 
> > > If you run Samba as an AD DC and join the clients to this, you only
> > > have to create the users & groups once and the password is only
> > > stored in one place, the DC.
> > 
> > Exactly - for many users, and especially if the users are dynamic,
> > then it's the only sane way to do it.
> > 
> > And it also means that each user has their own personal login & home
> > directory so (if it isn't stored in a database that's part of the
> > training system) there is somewhere for the system to store each
> > users progress etc.
> > 
> > Which leads to another question ... Does the training system itself
> > have a user directory etc ? This also has an impact on the solution
> > chosen.
> > 
> > If the training system has a logon for each user and stores (eg)
> > progress information in it's own database, then it makes little sense
> > to also configure each user separately to the OS (eg using Samba &
> > AD). Just setup the machines as above with a single user and manage
> > users via the training system. On the other hand, if the database
> > (the schema, not just the DB engine) is "open" enough then it may be
> > possible to use that as an authentication source - giving each user
> > their own OS level login which is the same as the traingin system
> > login, but using just the one database.
> >
> 
> It was my understanding this was to be on a separate network.
>  
> > Many possibilities - the "best" for any setup depends on answers to
> > these sorts of questions.
> > 
> 
> Personally, (and I repeat, I am biased), I would run 2 Samba AD DC's
> and at least one Samba Unix domain member as fileserver.
> 
> Rowland
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> 



-- 
Please do not email me anything that you are not comfortable also sharing with 
the NSA, CIA ...
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-02 Thread Simon Hobson

Rowland Penny  wrote:

>> Indeed, but this scenario is for a fixed setup where the users (28 of
>> them) are setup once and then there is no further user maintenance
>> going forward. In such a scenario, there's little point in going for
>> the complexity of setting up AD - as you say, a one-off setup of the
>> users in Samba. The clients could potentially be configured to
>> auto-login to the desktop (or training system) on boot so the users
>> don't even need to know about users. Easy for users, no security.
> 
> Been there, done that, but with that many computers it becomes a
> struggle, the users want to use different computers and cannot because
> they are not set up on that computer, believe me, if you are setting
> something up of this size, a domain is the way to go.

Sorry, I think you missed the point of the scenario I was talking about. This 
one is where the users don't have their own login - they all use just the same 
login, so can sit down at any machine and use the single login that's 
configured on the machine, and there's no need for any user management on each 
machine other than setting up the one user login. That might be appropriate if 
the training system handles user management etc.

Otherwise, I agree with you.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-02 Thread Rowland Penny

On Sun, 2 Dec 2018 10:07:23 +
Simon Hobson  wrote:

> Rowland Penny  wrote:
> 
> >> Indeed, but this scenario is for a fixed setup where the users (28
> >> of them) are setup once and then there is no further user
> >> maintenance going forward. In such a scenario, there's little
> >> point in going for the complexity of setting up AD - as you say, a
> >> one-off setup of the users in Samba. The clients could potentially
> >> be configured to auto-login to the desktop (or training system) on
> >> boot so the users don't even need to know about users. Easy for
> >> users, no security.
> > 
> > Been there, done that, but with that many computers it becomes a
> > struggle, the users want to use different computers and cannot
> > because they are not set up on that computer, believe me, if you
> > are setting something up of this size, a domain is the way to go.
> 
> Sorry, I think you missed the point of the scenario I was talking
> about. This one is where the users don't have their own login - they
> all use just the same login, so can sit down at any machine and use
> the single login that's configured on the machine, and there's no
> need for any user management on each machine other than setting up
> the one user login. That might be appropriate if the training system
> handles user management etc.
> 
> Otherwise, I agree with you.
> 

If you could set up such a scenario, then yes, your way could be used,
but there was a mention of a server. If you have a server, you usually
get files saved and read, so how do you differentiate between user
'fred' from computer18 and 'fred' from computer23 ?

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-02 Thread Tomasz Kundera

You can still use NIS if you don't need the power (and complexity) of samba.

On Thu, Nov 29, 2018 at 9:40 PM Carl  wrote:

> On 11/24/18 1:55 PM, g4sra wrote:
>
> > I would appreciate advice on the following situation
> >
> > I have several hosts of differing architectures or peripherals in a
> > training room (several training rooms actually but each are independent
> > of each other) which are supported by a server running the standard *NIX
> > network services DHCP, BIND etc. The server also has the training
> > application (which is single install license but multi-user) installed
> > on it .
> >
> > How should this training room be best implemented for reliability and
> > ease of maintenance ?
> That is a very general question. You'd have to ask more specific ones to
> get
>
> useful answers. How many nodes? Do you get to spec the hardware or just the
> software? Is the hosted application Windows-based? Web-based? Linux-based?
> Are these rooms used only for training on that one application, or is the
> app a Learning Management System that can launch several different courses?
> Are you asking only about server implementation, or also client? Etc.
> --
> Carl Fink
> c...@finknetwork.com
>
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>


-- 
Tomasz Kundera
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-02 Thread Alessandro Selli

On 02/12/18 at 14:28, Tomasz Kundera wrote:
> You can still use NIS if you don't need the power (and complexity) of
> samba.


  As if NIS was simple...



Alessandro


> On Thu, Nov 29, 2018 at 9:40 PM Carl  > wrote:
>
> On 11/24/18 1:55 PM, g4sra wrote:
>
> > I would appreciate advice on the following situation
> >
> > I have several hosts of differing architectures or peripherals in a
> > training room (several training rooms actually but each are
> independent
> > of each other) which are supported by a server running the
> standard *NIX
> > network services DHCP, BIND etc. The server also has the training
> > application (which is single install license but multi-user)
> installed
> > on it .
> >
> > How should this training room be best implemented for
> reliability and
> > ease of maintenance ?
> That is a very general question. You'd have to ask more specific
> ones to
> get
>
> useful answers. How many nodes? Do you get to spec the hardware or
> just the
> software? Is the hosted application Windows-based? Web-based?
> Linux-based?
> Are these rooms used only for training on that one application, or
> is the
> app a Learning Management System that can launch several different
> courses?
> Are you asking only about server implementation, or also client? Etc.
> -- 
> Carl Fink
> c...@finknetwork.com 
>
> ___
> Dng mailing list
> Dng@lists.dyne.org 
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>
>
>
> -- 
> Tomasz Kundera
>
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

-- 
Alessandro Selli 
VOIP SIP: dhatarat...@ekiga.net
Chiave firma e cifratura PGP/GPG signing and encoding key:
  BA651E4050DDFC31E17384BABCE7BD1A1B0DF2AE



signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-02 Thread Rowland Penny

On Sun, 2 Dec 2018 14:28:25 +0100
Tomasz Kundera  wrote:

> You can still use NIS if you don't need the power (and complexity) of
> samba.
> 

NIS is a bit outdated and Samba isn't that complex from a Linux point
of view.

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-02 Thread Simon Hobson

Rowland Penny  wrote:

> If you could set up such a scenario, then yes, your way could be used,
> but there was a mention of a server. If you have a server, you usually
> get files saved and read, so how do you differentiate between user
> 'fred' from computer18 and 'fred' from computer23 ?

I did include the proviso that the training system handles recording progress 
etc. As I read it, each station loads the training system from the server - 
which could be just serving read-ony files, or it could be serving read-only 
files plus a database, or it could be serving the files plus running a database 
and a central management program that co-ordinates the training.

If there's a need to store user-specific files, then you are correct that 
having just the one user across all the seats won't work.

But I don't think we've been given enough detail to say where on the spectrum 
this system sits.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-02 Thread g4sra

Some very useful feedback from you guys already, thanks.

Don't forget standard best practices, backups of system and user's data,
selective updates and security patches must be manually applied
following proper change control procedures.

The server is RAIDed, the workstations have just a single HDD.


To clarify some points raised.

1) Approx 200 trainees each year, the full course is three years long
(but class size will be 30 maximum at any one session).
By year 3... 600 Users. After year 3 the trainees details may be purged
and resources reclaimed so the server will never have to support more
than 600 accounts.

2) The trainees progress is stored in a .subdirectory of their home
directory by the (annoyingly) proprietary closed source training software.

3) The trainees cannot be guaranteed to be sat in the same seat at every
training session. In fact, must move to one of the few workstations with
a joystick\graphical tablet for specific lessons.

4) A downed workstation must be easily replaced without loss of trainees
work.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Dr. Nikolaus Klepp

Am Montag, 3. Dezember 2018 schrieb g4sra:
> Some very useful feedback from you guys already, thanks.
> 
> Don't forget standard best practices, backups of system and user's data,
> selective updates and security patches must be manually applied
> following proper change control procedures.
> 
> The server is RAIDed, the workstations have just a single HDD.
> 
> 
> To clarify some points raised.
> 
> 1) Approx 200 trainees each year, the full course is three years long
> (but class size will be 30 maximum at any one session).
> By year 3... 600 Users. After year 3 the trainees details may be purged
> and resources reclaimed so the server will never have to support more
> than 600 accounts.
> 
> 2) The trainees progress is stored in a .subdirectory of their home
> directory by the (annoyingly) proprietary closed source training software.
> 
> 3) The trainees cannot be guaranteed to be sat in the same seat at every
> training session. In fact, must move to one of the few workstations with
> a joystick\graphical tablet for specific lessons.
> 
> 4) A downed workstation must be easily replaced without loss of trainees
> work.

Hi!

This might be a stupid question, but what kind of solution are you after? Dumb 
terminals and users home mounted via network is something that worked decades 
ago. Maybe you know skolelinux (well, it's indected my you-know-what), that 
could fit the bill right out of the box.

Nik



-- 
Please do not email me anything that you are not comfortable also sharing with 
the NSA, CIA ...
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Simon Hobson

g4sra  wrote:

> To clarify some points raised.
> 
> 1) Approx 200 trainees each year, the full course is three years long (but 
> class size will be 30 maximum at any one session). By year 3... 600 Users. 
> After year 3 the trainees details may be purged and resources reclaimed so 
> the server will never have to support more than 600 accounts.
> 
> 2) The trainees progress is stored in a .subdirectory of their home directory 
> by the (annoyingly) proprietary closed source training software.
> 
> 3) The trainees cannot be guaranteed to be sat in the same seat at every 
> training session. In fact, must move to one of the few workstations with a 
> joystick\graphical tablet for specific lessons.

OK those 3 pretty well mandate centralised user management - Samba AD, NIS, 
whatever. Items 2&3 pretty well mandates using a central file server mounted at 
each user workstation for the users' files.
For file sharing, there are pros and cons for different methods. NFS has the 
advantage of allowing a single mount that works for all users - the 
security/permissions management is done by the client system which in this case 
is a machine you manage and can trust (as long as it's been reasonably well 
secured against "inquisitive" users. Samba needs a mount/user and 
security/permissions is handled by the server. A bit of "6 of one, half a dozen 
of the other".

> 4) A downed workstation must be easily replaced without loss of trainees work.

Home directory & files in server, plus automatic rebuild for workstations - box 
ticked.

Would have saved a bit of speculation and discussion had these details been 
provided earlier :-/

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread g4sra

From my perspective, this topic has had some very interesting
contributions. Thank you all whom have contributed.

To pick out just one as an example, I had considered NIS\YP to be (or
rather didn't consider because) all but defunct, and not taken it's
simplicity and reliability over other methods into consideration.

> Would have saved a bit of speculation and discussion had these details been 
> provided earlier :-/
Intentional, only the available hardware and purpose is set in stone.
Too many details too early stifles creativity, the 'speculation'
promoted 'discussion' and raised some points that would probably not
have been made otherwise. ;)


So far I am getting

Active Directory, supported by PAM or SSSD on the Client workstation to
control console login.

Either /home mounted from the sever over NFS, or individual User [home]
shares over SMB. Sever directory of Training Software mounted\shared
similarly.

Which yields

Single point of User account management on the server.
Server resources restricted to 30 max simultaneous Users.
Regular backup of the sever provides protection against all User data loss.
Single point (well subdirectories, easy to script) for review of Trainee
progress by management.

Hmm, can AD prevent simultaneous single User login on multiple clients ?
Somehow I have never needed AD, so lack experience with it.

Interestingly little mention of workstation BOOTP, NFS Root, Cloning On
Boot. Manually applying CCR's in each training room of 28+ workstations
is going to be a pita. No one mentioned the likes of Puppet, Ansible,
ClusterSSH etc.


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Rowland Penny

On Mon, 3 Dec 2018 13:22:40 +
g4sra  wrote:

> From my perspective, this topic has had some very interesting
> contributions. Thank you all whom have contributed.
> 
> To pick out just one as an example, I had considered NIS\YP to be (or
> rather didn't consider because) all but defunct, and not taken it's
> simplicity and reliability over other methods into consideration.

NIS is, to all intents and purposes, defunct
 
> 
> > Would have saved a bit of speculation and discussion had these
> > details been provided earlier :-/
> Intentional, only the available hardware and purpose is set in stone.
> Too many details too early stifles creativity, the 'speculation'
> promoted 'discussion' and raised some points that would probably not
> have been made otherwise. ;)
> 
> 
> So far I am getting
> 
> Active Directory, supported by PAM or SSSD on the Client workstation
> to control console login.

You do not need sssd, it only really duplicates winbind (it even uses
some winbind code) and what winbind doesn't do that sssd does is easily
done by other methods e.g. Sudo

> 
> Either /home mounted from the sever over NFS, or individual User
> [home] shares over SMB. Sever directory of Training Software
> mounted\shared similarly.
> 
> Which yields
> 
> Single point of User account management on the server.
> Server resources restricted to 30 max simultaneous Users.
> Regular backup of the sever provides protection against all User data
> loss. Single point (well subdirectories, easy to script) for review
> of Trainee progress by management.
> 
> Hmm, can AD prevent simultaneous single User login on multiple
> clients ? Somehow I have never needed AD, so lack experience with it.

No it doesn't, but then neither does Linux ;-)
If you really wanted this, I am sure it is scriptable
As for which to use, an NFS or SMB mounted /home , most people seem to
use NFS.

> 
> Interestingly little mention of workstation BOOTP, NFS Root, Cloning
> On Boot. Manually applying CCR's in each training room of 28+
> workstations is going to be a pita. No one mentioned the likes of
> Puppet, Ansible, ClusterSSH etc.
> 

This is probably down to the very little information you provided, I
also have no idea what 'Creedence Clearwater Revival' has to do with
anything we are discussing ;-)

Just what do you require ?
Just what hardware will you have ?

Rowland


___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Bruce Ferrell


On 12/3/18 5:22 AM, g4sra wrote:

>From my perspective, this topic has had some very interesting
contributions. Thank you all whom have contributed.

To pick out just one as an example, I had considered NIS\YP to be (or
rather didn't consider because) all but defunct, and not taken it's
simplicity and reliability over other methods into consideration.


NIS/YP is especially interesting for me as something long unused.

At one point in my career I had to restore a plant that use a semi centralized NIS/YP.  I got the bright idea of putting a YP slave on the all the hosts and syncing those to the 
master.


It took me a week but I found that upstream had a bug in the slave scripts such 
that they would never sync.  The bug didn't exist in sunos or solaris so it was 
unique to Linux.

I've found that AD is VERY sensitive to time differences, even in a pure 
windows environment.  How Windows admins tolerate it I have yet to figure out.

The pam module, oddjob makes it somewhat better, but a bit weird.

The stated use of AD for resource access might be better served by full on 
Samba 4, but AD and GPOs can perform that kind of limiting

PXE boot is well known for the type of lab/classroom environment... Long ago, I used bootp for doing mass installs/reinstalls of OS/2.  It was pretty well documented in the IBM 
Redbooks.




___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Dr. Nikolaus Klepp

Am Montag, 3. Dezember 2018 schrieb Rowland Penny:
> On Mon, 3 Dec 2018 13:22:40 +
> g4sra  wrote:
> 
> > From my perspective, this topic has had some very interesting
> > contributions. Thank you all whom have contributed.
> > 
> > To pick out just one as an example, I had considered NIS\YP to be (or
> > rather didn't consider because) all but defunct, and not taken it's
> > simplicity and reliability over other methods into consideration.
> 
> NIS is, to all intents and purposes, defunct
>  
> > 
> > > Would have saved a bit of speculation and discussion had these
> > > details been provided earlier :-/
> > Intentional, only the available hardware and purpose is set in stone.
> > Too many details too early stifles creativity, the 'speculation'
> > promoted 'discussion' and raised some points that would probably not
> > have been made otherwise. ;)
> > 
> > 
> > So far I am getting
> > 
> > Active Directory, supported by PAM or SSSD on the Client workstation
> > to control console login.
> 
> You do not need sssd, it only really duplicates winbind (it even uses
> some winbind code) and what winbind doesn't do that sssd does is easily
> done by other methods e.g. Sudo
> 
> > 
> > Either /home mounted from the sever over NFS, or individual User
> > [home] shares over SMB. Sever directory of Training Software
> > mounted\shared similarly.
> > 
> > Which yields
> > 
> > Single point of User account management on the server.
> > Server resources restricted to 30 max simultaneous Users.
> > Regular backup of the sever provides protection against all User data
> > loss. Single point (well subdirectories, easy to script) for review
> > of Trainee progress by management.
> > 
> > Hmm, can AD prevent simultaneous single User login on multiple
> > clients ? Somehow I have never needed AD, so lack experience with it.
> 
> No it doesn't, but then neither does Linux ;-)
> If you really wanted this, I am sure it is scriptable
> As for which to use, an NFS or SMB mounted /home , most people seem to
> use NFS.

You can do it with sshd on the server side :-)


> 
> > 
> > Interestingly little mention of workstation BOOTP, NFS Root, Cloning
> > On Boot. Manually applying CCR's in each training room of 28+
> > workstations is going to be a pita. No one mentioned the likes of
> > Puppet, Ansible, ClusterSSH etc.
> > 
> 
> This is probably down to the very little information you provided, I
> also have no idea what 'Creedence Clearwater Revival' has to do with
> anything we are discussing ;-)
> 
> Just what do you require ?
> Just what hardware will you have ?
> 
> Rowland
> 
> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> 



-- 
Please do not email me anything that you are not comfortable also sharing with 
the NSA, CIA ...
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread wirelessduck

> On 4 Dec 2018, at 00:51, Bruce Ferrell  wrote:
> 
> I've found that AD is VERY sensitive to time differences, even in a pure 
> windows environment.  How Windows admins tolerate it I have yet to figure out.

That would be from Kerberos? That’s a requirement regardless of using AD or MIT 
Kerberos. The solution is NTP everywhere, talking back to the Domain 
Controllers as local time servers.

—Tom
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Rowland Penny

On Mon, 3 Dec 2018 05:51:30 -0800
Bruce Ferrell  wrote:

> On 12/3/18 5:22 AM, g4sra wrote:
> > >From my perspective, this topic has had some very interesting
> > contributions. Thank you all whom have contributed.
> >
> > To pick out just one as an example, I had considered NIS\YP to be
> > (or rather didn't consider because) all but defunct, and not taken
> > it's simplicity and reliability over other methods into
> > consideration.
> 
> NIS/YP is especially interesting for me as something long unused.
> 
> At one point in my career I had to restore a plant that use a semi
> centralized NIS/YP.  I got the bright idea of putting a YP slave on
> the all the hosts and syncing those to the master.
> 
> It took me a week but I found that upstream had a bug in the slave
> scripts such that they would never sync.  The bug didn't exist in
> sunos or solaris so it was unique to Linux.
> 
> I've found that AD is VERY sensitive to time differences, even in a
> pure windows environment.  How Windows admins tolerate it I have yet
> to figure out.

They don't, they run time servers.

> 
> The pam module, oddjob makes it somewhat better, but a bit weird.

I think you mean the red-hat pam module oddjob, its pam-mkhomedir on
Devuan

> 
> The stated use of AD for resource access might be better served by
> full on Samba 4, but AD and GPOs can perform that kind of limiting

No, sorry, but I don't understand that last statement.
If you mean you can do most of them via GPO's, well no, you cannot, not
on Linux anyway.

> 
> PXE boot is well known for the type of lab/classroom environment...
> Long ago, I used bootp for doing mass installs/reinstalls of OS/2.
> It was pretty well documented in the IBM Redbooks.

Ah, the good old days ;-)

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Rowland Penny

On Mon, 3 Dec 2018 14:58:24 +0100
"Dr. Nikolaus Klepp"  wrote:

> Am Montag, 3. Dezember 2018 schrieb Rowland Penny:
> > On Mon, 3 Dec 2018 13:22:40 +
> > g4sra  wrote:
> > 
> > > From my perspective, this topic has had some very interesting
> > > contributions. Thank you all whom have contributed.
> > > 
> > > To pick out just one as an example, I had considered NIS\YP to be
> > > (or rather didn't consider because) all but defunct, and not
> > > taken it's simplicity and reliability over other methods into
> > > consideration.
> > 
> > NIS is, to all intents and purposes, defunct
> >  
> > > 
> > > > Would have saved a bit of speculation and discussion had these
> > > > details been provided earlier :-/
> > > Intentional, only the available hardware and purpose is set in
> > > stone. Too many details too early stifles creativity, the
> > > 'speculation' promoted 'discussion' and raised some points that
> > > would probably not have been made otherwise. ;)
> > > 
> > > 
> > > So far I am getting
> > > 
> > > Active Directory, supported by PAM or SSSD on the Client
> > > workstation to control console login.
> > 
> > You do not need sssd, it only really duplicates winbind (it even
> > uses some winbind code) and what winbind doesn't do that sssd does
> > is easily done by other methods e.g. Sudo
> > 
> > > 
> > > Either /home mounted from the sever over NFS, or individual User
> > > [home] shares over SMB. Sever directory of Training Software
> > > mounted\shared similarly.
> > > 
> > > Which yields
> > > 
> > > Single point of User account management on the server.
> > > Server resources restricted to 30 max simultaneous Users.
> > > Regular backup of the sever provides protection against all User
> > > data loss. Single point (well subdirectories, easy to script) for
> > > review of Trainee progress by management.
> > > 
> > > Hmm, can AD prevent simultaneous single User login on multiple
> > > clients ? Somehow I have never needed AD, so lack experience with
> > > it.
> > 
> > No it doesn't, but then neither does Linux ;-)
> > If you really wanted this, I am sure it is scriptable
> > As for which to use, an NFS or SMB mounted /home , most people seem
> > to use NFS.
> 
> You can do it with sshd on the server side :-)
> 

I get the distinct feeling we are talking GUI desktops here.

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Dr. Nikolaus Klepp

Am Montag, 3. Dezember 2018 schrieb Rowland Penny:
> On Mon, 3 Dec 2018 14:58:24 +0100
> [...]
> > > No it doesn't, but then neither does Linux ;-)
> > > If you really wanted this, I am sure it is scriptable
> > > As for which to use, an NFS or SMB mounted /home , most people seem
> > > to use NFS.
> > 
> > You can do it with sshd on the server side :-)
> > 
> 
> I get the distinct feeling we are talking GUI desktops here.

Hm ... on devuan mailinglist asking for trainingroom setup for 600 active user? 
I don't think server nor clients are M$-based, but I could be wrong here :-)

> 
> Rowland
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> 



-- 
Please do not email me anything that you are not comfortable also sharing with 
the NSA, CIA ...
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Simon Hobson

Bruce Ferrell  wrote:

> I've found that AD is VERY sensitive to time differences, even in a pure 
> windows environment.  How Windows admins tolerate it I have yet to figure out.

AIUI the DEFAULT in a Windoze network is that all the Domain Controllers are 
also time servers (not NTP, MS's own creation) and the master DC takes on the 
role of root time server. Domain joined PCs will sync their time from the DCs. 
That way, the whole domain *should* normally stay in sync - ie it will be 
internally consistent but not necessarily correct wrt real wallclock time. For 
the times to stay correct, the master DC needs to be configured to use an 
external time reference.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Simon Hobson

Dr. Nikolaus Klepp  wrote:

> Hm ... on devuan mailinglist asking for trainingroom setup for 600 active 
> user? I don't think server nor clients are M$-based, but I could be wrong 
> here :-)

Windoze isn't the only GUI desktop around ;-)

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Dr. Nikolaus Klepp

Am Montag, 3. Dezember 2018 schrieb Simon Hobson:
> Dr. Nikolaus Klepp  wrote:
> 
> > Hm ... on devuan mailinglist asking for trainingroom setup for 600 active 
> > user? I don't think server nor clients are M$-based, but I could be wrong 
> > here :-)
> 
> Windoze isn't the only GUI desktop around ;-)

Is user mangement a desktop problem or a OS problem?

> 
> ___
> Dng mailing list
> Dng@lists.dyne.org
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> 



-- 
Please do not email me anything that you are not comfortable also sharing with 
the NSA, CIA ...
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Rowland Penny

On Mon, 3 Dec 2018 15:25:14 +0100
"Dr. Nikolaus Klepp"  wrote:

> Am Montag, 3. Dezember 2018 schrieb Rowland Penny:
> > On Mon, 3 Dec 2018 14:58:24 +0100
> > [...]
> > > > No it doesn't, but then neither does Linux ;-)
> > > > If you really wanted this, I am sure it is scriptable
> > > > As for which to use, an NFS or SMB mounted /home , most people
> > > > seem to use NFS.
> > > 
> > > You can do it with sshd on the server side :-)
> > > 
> > 
> > I get the distinct feeling we are talking GUI desktops here.
> 
> Hm ... on devuan mailinglist asking for trainingroom setup for 600
> active user? I don't think server nor clients are M$-based, but I
> could be wrong here :-)
>

The clients do not have to be M$-based, I am typing this on a Unix
Domain Member ;-)

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Rowland Penny

On Mon, 3 Dec 2018 15:35:12 +0100
"Dr. Nikolaus Klepp"  wrote:

> Am Montag, 3. Dezember 2018 schrieb Simon Hobson:
> > Dr. Nikolaus Klepp  wrote:
> > 
> > > Hm ... on devuan mailinglist asking for trainingroom setup for
> > > 600 active user? I don't think server nor clients are M$-based,
> > > but I could be wrong here :-)
> > 
> > Windoze isn't the only GUI desktop around ;-)
> 
> Is user mangement a desktop problem or a OS problem?
> 

Neither, it isn't really a problem, but if it is a problem, it is a
server problem.

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Tomasz Kundera

On Sun, Dec 2, 2018 at 2:40 PM Rowland Penny  wrote:

> On Sun, 2 Dec 2018 14:28:25 +0100
> Tomasz Kundera  wrote:
>
> > You can still use NIS if you don't need the power (and complexity) of
> > samba.
> >
>
> NIS is a bit outdated and Samba isn't that complex from a Linux point
> of view.
>

It is outdated because? It works, at least in simple cases. The choice
depends on your needs. Samba is not needed everywhere and yes, it is more
complex then a simple NIS installation.
I do not suggest that samba is a bad choice. It depends on the needs as I
have written above.

-- 
Tomasz Kundera
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Rowland Penny

On Mon, 3 Dec 2018 18:19:04 +0100
Tomasz Kundera  wrote:

> On Sun, Dec 2, 2018 at 2:40 PM Rowland Penny  wrote:
> 
> > On Sun, 2 Dec 2018 14:28:25 +0100
> > Tomasz Kundera  wrote:
> >
> > > You can still use NIS if you don't need the power (and
> > > complexity) of samba.
> > >
> >
> > NIS is a bit outdated and Samba isn't that complex from a Linux
> > point of view.
> >
> 
> It is outdated because? It works, at least in simple cases. The choice
> depends on your needs. Samba is not needed everywhere and yes, it is
> more complex then a simple NIS installation.
> I do not suggest that samba is a bad choice. It depends on the needs
> as I have written above.
> 

I did say I am biased, but from my point of view, NIS, whilst it works,
is limited to what Samba provides, mainly because it can include what
is virtually a NIS server.

Rowland
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Alessandro Selli

On 03/12/18 at 18:19, Tomasz Kundera wrote:
> On Sun, Dec 2, 2018 at 2:40 PM Rowland Penny  > wrote:
>
> On Sun, 2 Dec 2018 14:28:25 +0100
> Tomasz Kundera mailto:tnkund...@gmail.com>>
> wrote:
>
> > You can still use NIS if you don't need the power (and
> complexity) of
> > samba.
> >
>
> NIS is a bit outdated and Samba isn't that complex from a Linux point
> of view.
>
>
> It is outdated because?

  It's unencrypted, hard to firewall, unsecure by design.

> It works, at least in simple cases.

  Yeah, sure, even rsh works (sometimes), still it's a very outdated
protocol.

> The choice depends on your needs. Samba is not needed everywhere and
> yes, it is more complex then a simple NIS installation.

  My experience differs.  NIS relies on a number of RPC services, local
and netwide settings (nisdomainname vs. fqdn), server- and client-side
commands, files and related DBs that the first time I could get it to
work I uncorked the finest sparkling wine I had and rushed to set
everything I had done in virtual stone:

http://alessandro.route-add.net/Unixalia/configurare_NIS.html (in
Italian, sorry).

  A few years later, my first Samba installations were not as painful
and time-consuming, it's all in one config file (well, two with
smbpasswd), but maybe that's because I was not using it from Windows PCs.

> I do not suggest that samba is a bad choice. It depends on the needs
> as I have written above.

  I suggest to stay away from NIS except in a few cases:

 1. it was already setup and configured by someone else and it's working;
 2. it's operating in a secure, non critical environment;
 3. people in the organization are already familiar with it (ie, they're
all grey-haired or bald and gray-bearded or look like Yoda);
 4. long-term support is not an issue.

  In all other instances, run LDAP and/or Samba instead.

-- 
Alessandro Selli 
VOIP SIP: dhatarat...@ekiga.net
Chiave firma e cifratura PGP/GPG signing and encoding key:
  BA651E4050DDFC31E17384BABCE7BD1A1B0DF2AE

signature.asc
Description: OpenPGP digital signature
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-03 Thread Rowland Penny

On Mon, 3 Dec 2018 18:46:13 +0100
Alessandro Selli  wrote:

> On 03/12/18 at 18:19, Tomasz Kundera wrote:
> > On Sun, Dec 2, 2018 at 2:40 PM Rowland Penny  > > wrote:
> >
> > On Sun, 2 Dec 2018 14:28:25 +0100
> > Tomasz Kundera  > > wrote:
> >
> > > You can still use NIS if you don't need the power (and
> > complexity) of
> > > samba.
> > >
> >
> > NIS is a bit outdated and Samba isn't that complex from a Linux
> > point of view.
> >
> >
> > It is outdated because?
> 
> 
>   It's unencrypted, hard to firewall, unsecure by design.
> 
> 
> > It works, at least in simple cases.
> 
> 
>   Yeah, sure, even rsh works (sometimes), still it's a very outdated
> protocol.
> 
> 
> > The choice depends on your needs. Samba is not needed everywhere and
> > yes, it is more complex then a simple NIS installation.
> 
> 
>   My experience differs.  NIS relies on a number of RPC services,
> local and netwide settings (nisdomainname vs. fqdn), server- and
> client-side commands, files and related DBs that the first time I
> could get it to work I uncorked the finest sparkling wine I had and
> rushed to set everything I had done in virtual stone:
> 
> http://alessandro.route-add.net/Unixalia/configurare_NIS.html (in
> Italian, sorry).
> 
> 
>   A few years later, my first Samba installations were not as painful
> and time-consuming, it's all in one config file (well, two with
> smbpasswd), but maybe that's because I was not using it from Windows
> PCs.
> 
> 
> > I do not suggest that samba is a bad choice. It depends on the needs
> > as I have written above.
> 
> 
>   I suggest to stay away from NIS except in a few cases:
> 
>  1. it was already setup and configured by someone else and it's
> working; 2. it's operating in a secure, non critical environment;
>  3. people in the organization are already familiar with it (ie,
> they're all grey-haired or bald and gray-bearded or look like Yoda);
>  4. long-term support is not an issue.
> 
> 
>   In all other instances, run LDAP and/or Samba instead.

To be honest (did I say I was biased ?) I would go with a Samba AD
domain, the provision does it all for you. You end up with a
centralised server that runs a KDC, dns server and LDAP, all you have
to provide is users & groups. It provide native authentication for
Windows PCs and can very easily be used for Unix clients.

Rowland

> 
> 

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-04 Thread Steve Litt

On Mon, 3 Dec 2018 13:42:36 +
Rowland Penny  wrote:

> On Mon, 3 Dec 2018 13:22:40 +
> g4sra  wrote:

> > 
> > Interestingly little mention of workstation BOOTP, NFS Root, Cloning
> > On Boot. Manually applying CCR's in each training room of 28+
> > workstations is going to be a pita. No one mentioned the likes of
> > Puppet, Ansible, ClusterSSH etc.
> >   
> 
> This is probably down to the very little information you provided, I
> also have no idea what 'Creedence Clearwater Revival' has to do with
> anything we are discussing ;-)

I can answer that. We all figure that someday people won't spout
uncommon and unagreed upon acronyms. But someday never comes.
 
SteveT

Steve Litt 
December 2018 featured book: Rapid Learning for the 21st Century
http://www.troubleshooters.com/rl21
___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-08 Thread Carl Fink


On 12/2/18 5:19 AM, Rowland Penny wrote:

On Sun, 2 Dec 2018 10:07:23 +
Simon Hobson  wrote:

Snipped excessive quoting.

Sorry, I think you missed the point of the scenario I was talking
about. This one is where the users don't have their own login - they
all use just the same login, so can sit down at any machine and use
the single login that's configured on the machine, and there's no
need for any user management on each machine other than setting up
the one user login. That might be appropriate if the training system
handles user management etc.

Otherwise, I agree with you.


If you could set up such a scenario, then yes, your way could be used,
but there was a mention of a server. If you have a server, you usually
get files saved and read, so how do you differentiate between user
'fred' from computer18 and 'fred' from computer23 ?

With e-learning taken from a Learning Management System, the LMS will
have its own, generally independent, user authentication system. In
principle they could use the same directory server as network/
workstation authentication, but in practice they often do not and
certainly don't need to.

--
Carl Fink  c...@finknetwork.com
Thinking and logic and stuff at Reasonably Literate
http://reasonablyliterate.com

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

Re: [DNG] Request for comments - training room

2018-12-08 Thread Simon Hobson

g4sra  wrote:

>> How is the Linux server going to authenticate users, via /etc/passwd or
>> other ?
>> 
>> A lot depends on this, also the number of users will have a factor as
>> well.

> Which network authentication method would you suggest ?

I think what Roland was getting at here is the number of users and how they are 
dealt with makes a huge difference.

At one extreme, you have 28 seats, each one of them has a user such as "user1", 
and you can simply use /etc/passwd & /etc/shadow to manage that single user one 
each seat. You could probably build one software image and simply image all 28 
machines with that one image.

At the other extreme, every person has their own login and can use any seat at 
any time (and there are hundreds or even thousands of them) so that 
progress/results can be logged for each person. In this case, you will really 
need a centralised user management such as Roland described using Samba & AD.
You could still image each machine from one common image - but you'll need to 
do some post-imaging setup to give each machine a unique set of identifiers etc 
for the AD to work properly.

___
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng

46 matches

Mail list logo