Topic: Linux Desktop

[Chris Benson]

I am getting really frustrated with this problem.

I have installed a number of e-smith boxes into clients premises with no hassles whatso ever. Provided they use a Windows Desktop.

What to do about Linux Desktops?

I need a simple solution, that is transparent to the user, that does the following.

Central User authentication. - Some of the Linux desktops log into the head office from 1000 KM away over a sateliite link.

Centralised file sharing. - This I can do, with scripting if required, to provide any user, any where, the same experience. EG I am in head office, my files are under /~/server, or I am in the middle of no where, my files are still under /~/server.

I have attempted this so far with 5.1.2, 5.5 and now 5.6. My preference is to do this without installing NIS and NFS, as surely RH8 or RH7.3 can be made to use LDAP or SMB as the ONLY required source for authentication.

I dont want to have to maintain userlists on 40 desktops around the countryside. They might all be on the WAN, but far to slow..

Any help would be apprecaited

PS - Main reason for RH8 is the stability of OOo in this distros. To move distro at this stage would be to much for the users, who have no real pc skills appart form using apps.

[ryan]

Chris,

Several months ago I set up a RH 7.3 desktop to use my SME 5.1.2 to authenticate.  Under the authentication setup, there are two tabs where you can set your LDAP settings for the SME server.  I recall using the SME internal IP address on these tabs.  

Unfortunately, I had to also create a local user on RH 7.3 with the same username so a profile could be created on the first login.  Without the first LOCAL login, X window and KDE/Gnome settings do not exist for the user.  Once the first login takes place, then set your authentication to use LDAP.   I believe once LDAP is working, you can change the password on the local user account or lock it...this will allow you to have a central SME server for your windows and linux users.  I could prevent user logins by locking the account on SME.

Note that I only played with this at home.....  I would test this throughly before setting up in a work environment.

You can also set RH 7.3 to automount smb shares on the SME box with \etc\fstab...or create shortcuts on the desktop with the kde explorer by entering  smb://server/share in the address line.  If you use kde explorer, you should set your default user/password in the kde setup.  I imagine you could automount the users folder on SME and set up RH to use it as a home folder??  Not sure if RH will like using Samba to access the home folder.  

Good Luck and please report back how it goes.

ryan

[ryan]

Chris,

You might consider setting up vnc for the root user and the local user when you set up the LDAP authentication.  This will allow you to login remotely as either root or the user from anywhere on the internet.

ryan

[Stan]

If you decided to use SMB shares you can make the setup process easier by using LinNeighborhood. LinNeighborhood doesn't come with RH8.0 but it's easy to get from http://rpmfind.net. You'll have to run it as the local root user once and make sure that the box maked "Memorize Mounted Shares / Remount on next Startup" is check in Preferences. Path to box is Edit/Preferences/Miscellaneous. It's even a very fast way to mount network printers. I haven't tried this in a WAN setting only in my local LAN's so it might work a little differently there.

[Chris]

Thanks all,

I will definately report back, as I have also attempted to use the SME LDAP auth rpm from http://members.brabant.chello.nl/~d.evers/e-smith/e-smith-ldap-auth-0.1.0-00.noarch.rpm

Unfortunately this broke root / password as it looks like perl had issues. NOTE, this only tested on 5.6, but it did require --force so I expected some trouble.

I have since built a cutdown RH8 box to build LDAP from source and test schemes, but the LDAP scheme on 5.6 looks like it needs modification to work. Does not seem to include home, shell type fields.

I could be rambling, it is 3am.

Thanks for pointers so far.

CB

[Chris]

Stan, your right about LinNeighborhood, also need to set siud on smbmnt and smbumount if users are going to be able to change shares at a point later on.

Part of my problem is the lack of gui (init 3) for most of the WAN pcs, but when a certain user logs in, like a trainer I need to be able to reset init 3 to init 5.

Secondary problem, but it is one of the drivers for central login. Shares need to then be available "after" login. Since some of these services are across sat services (horrendously slow) I will have to find the best method to deliver those. I am not certain about samba accross slow WANs, but I will give is a go.

CB

[Charlie Brady]

Chris wrote:

> I have since built a cutdown RH8 box to build LDAP from
> source and test schemes, but the LDAP scheme on 5.6 looks
> like it needs modification to work. Does not seem to include
> home, shell type fields.
>
> I could be rambling, it is 3am.

No, you're not rambling. The LDAP schema in 5.6 is very minimal, and doesn't include authentication information.

If you want to develop the LDAP schema and add authentication, I'm sure you'd get plenty of testers. I suggest that you join the devinfo list and discuss your plans there - interest in this area of development has come up quite a few times.

Regards

Charlie

[Brian Read]

Here's an alternative solution to your problem.

Use one of the Linux distros designed to work in a Windows environment.

Examples are Lycoris or Lindows.  I have tried both on an SME server, and found that Lindows works fine with no hacking of smb.conf needed.  Lycoris needed a couple of changes to the smb.conf to work.  I think I got Lindows to logon to the domain.

cheers

Brian

[Chris]

I will be developing the schema, primarily because the power of the the 5 series box lies in it simplicity, and robustness.

I have a couple of remote sites up that havent had a reboot in 3 months and they do everything that the site needs.

But Linux to the desktop is looming as a really viable alternative, especially using a light windows manager, with good samba and authentication built in.

With MS discontinuing 98 support, plus the 2 Wine projects it is more viable than ever, and remote diagnostics to the desktop is a godsend, particularly console access.

One major problem is I am an LDAP newbie, so it is from scratch, and I need to keep in mind the main reason for using e-smith is KISS, or keep it simple stupid....

Apart from this site, are there other sites that can be linked to provide a more accessable information base on e-smith. I have found a number of sites, but few that link to each other. Could a portal be created?

I would be interested in do this, but right now I dont have the bandwidth or power on my e-smith server (thinkpad 166 80mb Ram running myPHPnuke, PHPgroupware, most of the contribs etc).

CB

[Tom Keiser]

And, not only should you add Xandros to this list, it completely outdoes either Lycoris or Lindows. The Xandros file manager shows you a list of SMB servers, expands to show their available resources, and then permits you to make a temporary or permanent connection to one -- all with just a couple of mouse clicks. Even easier to use than Windows. No changes to fstab needed!

[boris]

Take a look at Linux Terminal Server Project or Projects based on it like http://www.k12ltsp.org/ Central server (RH8) with thin clients or X-win client on desktops. You will benefit from central authentication and set of applications. Disks also the same for all the users. Why multiply Linux desktops then you can manage one (bigger) server instead. Not exactly E-Smith solution, but SME still can be your mail/firewall/etc...  server
Just don't fix yourself with one solution.

Boris.