Re: RFC: debian-lanserver Custom Debian Distribution (CDD)

To: debian-custom@lists.debian.org
Cc: Petter Reinholdtsen <pere@hungry.com>, Petter Reinholdtsen <petter.reinholdtsen@usit.uio.no>
Subject: Re: RFC: debian-lanserver Custom Debian Distribution (CDD)
From: Bjørn Stabell <bjorn@exoweb.net>
Date: Sun, 26 Mar 2006 17:18:34 +0800
Message-id: <52D21294-C767-4C74-9A44-132EACCC6B8A@exoweb.net>
In-reply-to: <20060326084421.GC4532@saruman.uio.no>
References: <05E5A76A-60C9-4620-876F-252928236BEC@exoweb.net> <20060326082011.GB4532@saruman.uio.no> <F361DD3F-5CCC-4B17-BA44-7BC1326A0C40@exoweb.net> <20060326084421.GC4532@saruman.uio.no>

On Mar 26, 2006, at 16:44, Petter Reinholdtsen wrote:

[Bjørn Stabell]

A very good start.  Are all of the above services set up to pull
user data from the LDAP server?


Yes, and all machines in the network use DNS to locate the services,
to make it easier to relocate services and spread the load across
several machines.  We choose the DNS solution as the service location
protocols were not ready for prime time when we started.  These days I
suspect zeroconf or similar could be used instead.

You were using DNS SRV records or DNS name conventions? I agreeZeroconf is cool and should work fine with commercial clients(Windows and Mac OS X) out-of-the-box (I'm assuming your Linux clientmachines were more customized).

[...]
Right.  Using such system is a question of policy, I guess, if
IP-addresses should be handed out by those authorized to allow
machines on the net, or if any machine connected should be allowed to
use the net.  Skolelinux currenly expect the administrator to manage
the IP addresses and the DNS, and let machines pick names based on
their assigned DNS name.  Not sure if that is the best approach.


I'm not sure I understand what you mean here.  DNS name => IP address?

Would be interesting to know how this work in practice.  I suspect a
lot of schools just allow any machine to hook up, and only control
which machines are allowed to NFS-mount the home directories.

I think the policy of letting clients chose their own name has a fewbenefits:

* This is the default behavior of Windows and Mac OS X servers, andtheir client machines expect this.

* It makes it easier to plug in a new machine. For small offices(3-100 people) it is probably okay to trust (to some extent)computers that connect to the (wired) net. Ease-of-use and -maintenance is top priority.

* Compared to schools, the users of the machines at work are long-term users and would appreciate being in control of their machinesname. (In any case, a naming convention can be implemented outsidethe IT realm.)

That said, though, if it's easy to implement and use, and works out-of-the-box across client platforms, a more secure and controlledpolicy would of course be useful as well.

Bigger offices have IT departments and more custom needs, probablycan't easily be served by the same CDD, and definitely need stringentsecurity policies and enforced naming systems.



Rgds,
-- Bjorn

Reply to:

References:
- RFC: debian-lanserver Custom Debian Distribution (CDD)
  - From: Bjørn Stabell <bjorn@exoweb.net>
- Re: RFC: debian-lanserver Custom Debian Distribution (CDD)
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: RFC: debian-lanserver Custom Debian Distribution (CDD)
  - From: Bjørn Stabell <bjorn@exoweb.net>
- Re: RFC: debian-lanserver Custom Debian Distribution (CDD)
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Re: RFC: debian-lanserver Custom Debian Distribution (CDD)
Next by Date: Re: RFC: debian-lanserver Custom Debian Distribution (CDD)
Previous by thread: Re: RFC: debian-lanserver Custom Debian Distribution (CDD)
Next by thread: Re: RFC: debian-lanserver Custom Debian Distribution (CDD)
Index(es):
- Date
- Thread