LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 10-09-2008, 03:48 PM   #1
kayasaman
Member
 
Registered: Sep 2008
Location: Under the bridge where proper engineers walkover
Distribution: Various Linux, Solaris, BSD, Cisco
Posts: 443

Rep: Reputation: 32
Network Remote Login needs explaining, client server system


Hi, now I have no idea where this thread belongs since it really isn't specific to anything since I am going to give a scenario of the network we had at uni 4 years ago the best place I thought was here since it isn't server specific or software as that is what i am going to ask about!

To know how it works is the most important thing for a networking student!

Now, we had a few central servers I think 4 all together. One of them contained the student usernames and /home dirs. Whenever we logged in from any machine on the network of course same username and password would be used then our home directory would be that of the main server.

I have ruled out XDMCP login as that is a remote X login which wastes bandwidth as X gets transferred over the network. Also since each machine had an individual operating system first Red Hat then Fedora Core 3 later.

So I'm thinking it is NIS and LDAP but I'm not sure.

Probably to create the UIDs of all the students a script was used as in
Code:
adduser UID+1
where UID=1
sorry for the sudo code here!!

but the mechanism in between I do not know?

I have simulated this on my network by creating the same user on 2 machines ; the main server and my desktop then doing an NFS mount to /home and then chrooting the user to the dir on the /home/... path. However with the insecurity adn short comings of NFS I don't think that this would be used, also to run through this procedure 3000 times would not seem likely.

If anyone knows how to do this or can point me to some links giving an idea of what services where used and how it can be done I would be very greatful!!

Thanks
 
Old 10-10-2008, 04:45 PM   #2
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
I don't think there is enough data here from which to draw definitive conclusions about the underlying mechanisms deployed at the site. You'd have to do some more research and detective work to gain clues. You've mentioned some possibilities. They key functionality is:
  • Shared file system space
    Commonly used options: NFS, Samba, Andrew
  • Directory services
    Commonly used options: replicated passwd/group files, NIS, NIS+, LDAP, Kerberos

The pros and cons in any solution are factors to consider in making a selection, but certainly cannot be used as evidence that any given choice was made.

There are many factors to consider in selecting software. Some important factors for the above services are: performance, reliability, cost, security, budget, organization size, IT competence, and target OS platforms.

Perhaps if you have more specific questions, others might also provide some additional information.
 
Old 10-10-2008, 05:10 PM   #3
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
The other mechanism that is of interest (not suggesting that it was necessarily employed) is automounting of home directories, so the chrooting issues aren't so relevant.
 
Old 10-10-2008, 05:48 PM   #4
kayasaman
Member
 
Registered: Sep 2008
Location: Under the bridge where proper engineers walkover
Distribution: Various Linux, Solaris, BSD, Cisco
Posts: 443

Original Poster
Rep: Reputation: 32
Hmm, as to what they used maybe I'd have to get into contact with them, they still should remember me.

I guess I was after a way to do this and since Linux always gives many ways I am wondering of what the methods or mechanisms are to give this ability. As stated before I have simulated this with an NFS mount of /home of server on workstation then chowning the user to the corresponding /home/user dir on server (hope this makes sense).

But in this case all authentication is local.

Mr C. as I understand Samba is open source version of smb protocol used by windows? And would not be used Linux to Linux. NFS is a possibility although how would an auto mount work with NFS? Not meaning automount in /etc/fstab
Code:
rw,auto,defaults,user
but when logging in?

Also you mentioned Andrew. Is that a linux protocol?

I have heard mainly that NFS isn't used due to security being virtually non existant so I'm a bit lost of how to do something like this in a proffessional context.

I know it's a lot to ask but since I don't have much knowledge in this area, are there any pointers of how to start to learn?

LDAP is used by Scalix for example, which I use, however authentication is local but if one constructed an LDAP server in theory then the network login and other applications requiring authentication could be made to use it? So all that's left would be the /home dir issue.
 
Old 10-10-2008, 05:51 PM   #5
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Read the description of automount here

http://www.linuxhomenetworking.com/w...ccess_with_NFS under section 7.
 
Old 10-10-2008, 06:11 PM   #6
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
Quote:
Originally Posted by kayasaman View Post
... As stated before I have simulated this with an NFS mount of /home of server on workstation then chowning the user to the corresponding /home/user dir on server (hope this makes sense).
Here you've used the term chown, and previous chroot. I think there you are confusing chown and chroot with chdir (aka in shell, cd). These are very important distinctions.

Quote:
Originally Posted by kayasaman View Post
But in this case all authentication is local.
Ok, so then you are talking about an /etc/passwd file most likely.

Quote:
Originally Posted by kayasaman View Post
Mr C. as I understand Samba is open source version of smb protocol used by windows? And would not be used Linux to Linux. NFS is a possibility although how would an auto mount work with NFS? Not meaning automount in /etc/fstab
Code:
rw,auto,defaults,user
but when logging in?
Right. Samba implements the Windows file and print protocols. But it can be used Linux-to-Linux. There are server components and there are client components. Like most *nix services, one or both can be run on any machine, making machines clients, servers, or client-servers.

Let's not confuse how and when a mount is performed with the underlying remote file system technology deployed. Automounting can be used to assist mounting of any file system type. Have a look at Week 4 Notes, "NFS, Automounter" at : http://cis68c2.mikecappella.com/ . This should help give you an overview.
Quote:
Originally Posted by kayasaman View Post
Also you mentioned Andrew. Is that a linux protocol?
http://en.wikipedia.org/wiki/Andrew_File_System
Quote:
Originally Posted by kayasaman View Post
I have heard mainly that NFS isn't used due to security being virtually non existant so I'm a bit lost of how to do something like this in a proffessional context.
Yes, security has been an issue with NFS, yet it still has its place. There are some mechanisms that can help harden NFS' security, and NFSv4 goes further. There are plenty of companies that use it.
Quote:
Originally Posted by kayasaman View Post
I know it's a lot to ask but since I don't have much knowledge in this area, are there any pointers of how to start to learn?
You seem to be asking questions about general concepts and some implementation details. This would be an excellent book for you:

http://www.amazon.com/Linux-Administ...3679911&sr=8-2
Quote:
Originally Posted by kayasaman View Post
LDAP is used by Scalix for example, which I use, however authentication is local but if one constructed an LDAP server in theory then the network login and other applications requiring authentication could be made to use it? So all that's left would be the /home dir issue.
Again, where the LDAP server resides is entirely a matter of choice. The salient point is that there are LDAP query bindings built into the main system authentication components such as PAM. This allows any PAM-aware application to authenticate via LDAP (or other authentication method).
 
Old 10-10-2008, 06:37 PM   #7
kayasaman
Member
 
Registered: Sep 2008
Location: Under the bridge where proper engineers walkover
Distribution: Various Linux, Solaris, BSD, Cisco
Posts: 443

Original Poster
Rep: Reputation: 32
Thanks for the replies guys, billymayday your link was great and exactly what I needed to understand a bit more about this, I just need a few free machines now to play around with it to learn more

Mr C. as always your input is invaluable:

Quote:
Here you've used the term chown, and previous chroot. I think there you are confusing chown and chroot with chdir (aka in shell, cd). These are very important distinctions.
Sorry I confused I meant chroot; as in changing the users root directory from /home/user to /anydir.

Quote:
Ok, so then you are talking about an /etc/passwd file most likely.
Local PAM authentication yes /etc/passwd

Quote:
Right. Samba implements the Windows file and print protocols. But it can be used Linux-to-Linux. There are server components and there are client components. Like most *nix services, one or both can be run on any machine, making machines clients, servers, or client-servers.

Let's not confuse how and when a mount is performed with the underlying remote file system technology deployed. Automounting can be used to assist mounting of any file system type. Have a look at Week 4 Notes, "NFS, Automounter" at : http://cis68c2.mikecappella.com/ . This should help give you an overview.
Thanks for the link! I will look at all your emailed links soon, I'm so greatful as I actually have some propper material Linuxwise to learn from!

; and yes samba is run on most *nix based systems including BSD and OSX as both smbd and nmbd using netbiosns and netbiosds I think was the other one.

Ok ok google.com I know I'm sorry!

Quote:
You seem to be asking questions about general concepts and some implementation details. This would be an excellent book for you:
Again thankyou! You also mentioned some other book guides in another one of my threads which I will check soon to find out the line you mentioned. Also if you have any other suggestions for books as I think you have a handle on where I'm lacking (ok ok in all areas! lol, but still I have managed to get a network going from scratch which says something) and it would be a great source for me to LEARN and hopefully one day be as competent and good as you and billymayday.

But in general thankyou so much guys for everything; I just whish I had someone around me that would be able to help out like this and give me the constant kick up the butt when I get things wrong or half way. But at least this kind of guidence is making me realize a lot, mainly the fact that I need to do much more work in the linux department as the home grown network has many limitations.

Kaya :-)

Last edited by kayasaman; 10-10-2008 at 06:38 PM.
 
Old 10-10-2008, 09:06 PM   #8
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 59
Quote:
Originally Posted by billymayday View Post
Read the description of automount here

http://www.linuxhomenetworking.com/w...ccess_with_NFS under section 7.
Nice site.
 
Old 10-10-2008, 09:17 PM   #9
billymayday
Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
It is good. The name belies a much more professional product than one would expect. Very useful reference on a lot of topics (not just the step by step howtos one tends to see).
 
Old 10-11-2008, 07:28 AM   #10
kayasaman
Member
 
Registered: Sep 2008
Location: Under the bridge where proper engineers walkover
Distribution: Various Linux, Solaris, BSD, Cisco
Posts: 443

Original Poster
Rep: Reputation: 32
Yes I read through the NFS automount and found a nice NIS tutorial:

http://www.linuxhomenetworking.com/w...onfiguring_NIS

adn also one for LDAP and RADIUS, which is good as it will enable me to hookup routers and switches to LDAP by using RADIUS. It even gives the Cisco commands for that which is a big advantage as Cisco support both RADIUS and TACACS+. Defintely something to try at home :-)

http://www.linuxhomenetworking.com/w...DAP_and_RADIUS

I think I need more research thuogh in the basic technologies of how they work and I'm sure I can find alot through Google. As the fundimentals are the most important thing before continueing to more advanced stages.

I don't mean to be negative but I lost a bit of confidence last night with all of this; I know I'm at the begining of the road unlike you guys who are way down and hence are experts in your fields. But when you guys reply sometimes I feel like a real juniour even with a few years linux experiance under me. As I said before I look up and respect you guys for being so good and knowing so much but still it feels like I'm battling with things on occasion. I guess because I wana be an equal and not a say a beginner.

I guess only solution is read and time/experiance, but still it doesn't make it any easier!
 
Old 10-12-2008, 08:16 PM   #11
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,225

Rep: Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021Reputation: 2021
Well, you sound like you'll pick it up ok.

I reckon (unless you're up against a deadline) you just need to chill out, lean back and do a lot of reading until you've got your head around all the options/protocols. If you take your time it'll sink in better.
Then, when you've got it (sufficiently) straight, come up with a design and start a new thread for us to comment on it.
If you rush it you'll end up with a mess..

In the meantime, feel free to ask more qns if you don't get something.
 
Old 10-13-2008, 08:34 AM   #12
kayasaman
Member
 
Registered: Sep 2008
Location: Under the bridge where proper engineers walkover
Distribution: Various Linux, Solaris, BSD, Cisco
Posts: 443

Original Poster
Rep: Reputation: 32
Thanks for the vote of confidence chrism01

Maybe I am too hard on myself as a student, and I know I have little patience when it comes down to things as I expect to have all the core material locked in my brain before I get to industry.

Taking a step back to read and query first is probably a good idea, since I have no one around me who knows anything about Linux as is; chilling should be the way forward ironically. I guess it would make it easier to have someone patting you on the back when you've done a good job or exceeded expectations. However I have only had my servers up and running since Feburary of this year so I guess that was my starting point at server design.

I guess now I am happy and proud to be part of this community that looks after each other from Senior level to Jouniour level and back again.

Anyhow I have to get ready for an exam now for my Cisco CCNA, I'm trying to complete the course which is 12 months in 5 months and it seems like I'm doing ok so far judging by my results and the fact that my lecturer is letting me teach the students a few concepts aswell.

hmm... who knows maybe one day I'll be helping people on this forum too at the advanced level?

Thanks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to login as root in the remote machine with NX client tanveer Linux - Software 5 11-18-2007 11:27 AM
LXer: Network File System (NFS) Server and Client Configuration in Debian LXer Syndicated Linux News 0 03-12-2007 11:01 AM
Login from Web to allow remote control of client computer. kzf817 Linux - Networking 6 02-04-2007 08:06 AM
NFS server - client cannot mount remote file system mikemrh9 Linux - Networking 6 10-12-2006 11:05 PM
Refresh client user list at autentication client/server network. robertoneto123 Linux - Networking 0 11-11-2003 10:38 AM


All times are GMT -5. The time now is 07:29 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration