[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: debian-lanserver Custom Debian Distribution (CDD)

On Mar 26, 2006, at 16:44, Petter Reinholdtsen wrote:
[Bjørn Stabell]
A very good start.  Are all of the above services set up to pull
user data from the LDAP server?

Yes, and all machines in the network use DNS to locate the services,
to make it easier to relocate services and spread the load across
several machines.  We choose the DNS solution as the service location
protocols were not ready for prime time when we started.  These days I
suspect zeroconf or similar could be used instead.

You were using DNS SRV records or DNS name conventions? I agree Zeroconf is cool and should work fine with commercial clients (Windows and Mac OS X) out-of-the-box (I'm assuming your Linux client machines were more customized).

Right.  Using such system is a question of policy, I guess, if
IP-addresses should be handed out by those authorized to allow
machines on the net, or if any machine connected should be allowed to
use the net.  Skolelinux currenly expect the administrator to manage
the IP addresses and the DNS, and let machines pick names based on
their assigned DNS name.  Not sure if that is the best approach.

I'm not sure I understand what you mean here.  DNS name => IP address?

Would be interesting to know how this work in practice.  I suspect a
lot of schools just allow any machine to hook up, and only control
which machines are allowed to NFS-mount the home directories.

I think the policy of letting clients chose their own name has a few benefits:

* This is the default behavior of Windows and Mac OS X servers, and their client machines expect this.

* It makes it easier to plug in a new machine. For small offices (3-100 people) it is probably okay to trust (to some extent) computers that connect to the (wired) net. Ease-of-use and - maintenance is top priority.

* Compared to schools, the users of the machines at work are long- term users and would appreciate being in control of their machines name. (In any case, a naming convention can be implemented outside the IT realm.)

That said, though, if it's easy to implement and use, and works out- of-the-box across client platforms, a more secure and controlled policy would of course be useful as well.

Bigger offices have IT departments and more custom needs, probably can't easily be served by the same CDD, and definitely need stringent security policies and enforced naming systems.

-- Bjorn

Reply to: