Koozali.org: home of the SME Server

yeah, i'm a noob

Offline icthos

  • 5
  • +0/-0
yeah, i'm a noob
« on: November 02, 2007, 09:47:10 AM »
here's my situation:

i'm working at a brand new american high school in the balkans in europe with a $0 budget for IT at the moment.  all the IT money was spent before i arrived and could add any input to the situation.  now we have 20 desktops running pirated copies of windows XP Professional and a half dozen different laptops used by teachers running mainly windows XP with a Vista and Win 98 thrown in to shake things up. 

my background in network administration is non existant, but my experience and knowledge base when it comes to computers is more than anyone else in the school, so it falls to me to be the resident computer expert in a country where no one knows anthing.  it's all i can do to keep the students and teachers from loading everything up with worms, trojans, and spyware, etc. 


so here's my issue:

i'm trying to set up a server to control the network behind a linksys router and cable modem that the formerly-communist-government-owned-now-nobody-knows-what-to-do-with-it ISP set up without leaving me any passwords or info. sorry, venting...

SME server looked like a good option and i have so far been able to get it to work as a domain controller with roaming profiles for one computer and setup user accounts for everyone while i figure the whole thing out.

i'm trying to set up an ibay for each class so that a teacher can create a seperate folder for each student so that the student can store work for that class in their own folder.  the teacher in the ibay group will be able to access each students work to check it, but the other students in the ibay will not be able to access it. 

i tried changing the permissions via "my network places" on the windows machine while logged in as the teacher and as the admin, but no go either way.

can anyone help me out with this? 

also, i'd like to be able to put a shortcut on the desktop of the roaming profile directly to the user's network drive and ibay folders, etc.  would i edit something in the netlogon.bat file to do this and if so, how? 

if anyone could point me to the reference sites i need for this type of info, i'd appreciate it!

Offline icthos

  • 5
  • +0/-0
Re: yeah, i'm a noob
« Reply #1 on: November 02, 2007, 09:48:32 AM »
oh yeah, running SME server 7.2

Offline Jáder

  • *
  • 1,099
  • +0/-0
    • LinuxFacil
Re: yeah, i'm a noob
« Reply #2 on: November 02, 2007, 11:06:46 AM »

so here's my issue:
SME server looked like a good option and i have so far been able to get it to work as a domain controller with roaming profiles for one computer and setup user accounts for everyone while i figure the whole thing out.
Indeed it's a wonderful optins for non-admins. Anyone can administrate a SME server. That's include you.

Quote
i'm trying to set up an ibay for each class so that a teacher can create a seperate folder for each student so that the student can store work for that class in their own folder.  the teacher in the ibay group will be able to access each students work to check it, but the other students in the ibay will not be able to access it. 

I don't think this will work. ibays don't work this way. I think you should search for a classroom software (there are a few free and web) and install it on SME server. This way you can control the classroom, assign homework and due dates for delivery, control everything on school with just one program.
You could start searching at: http://www.schoolforge.net/
There are easy to install options (question about Moodle is very common here in these forums) and very complex systems able to adminstrate all schools not just classes!

I was looking for something like that but was a no-go project! :(
I was looking for OpenAdmin and had it installed on my own SME5.6 server (long time ago). So if you need some help, call me on MSN (jader31 **AT*****REMOVE*THIS** terra **DOT***REMOVE*THIS*TOO* com **DOT***REMOVE*THIS*TOO* br  and we can put it working toghether!

Good luck.

Jáder
...

Offline icthos

  • 5
  • +0/-0
Re: yeah, i'm a noob
« Reply #3 on: November 02, 2007, 12:23:35 PM »
jader,

i might shoot you an e-mail later.

right now, my main focus is enabling file and print sharing and controlling access to the computers, since our school building is also becoming an open community center. 

for now, i want to control student access to websites per our school policy (which i am currently using "K-9 content filters on each computer for), keep some antivirus control (Avira Antivir), and enable file sharing so that students can access their saved files no matter which computer they're on (right now it's all bickering about "YOU can't use that computer because MY files are stored on its desktop!").   

i appreciate the links to moogle, but course management is not my focus right now.  it's all i can do to grasp sme server and linux and teach everyone here how to log on and off.  i'm looking for a way to centralize everything so i don't have to log on to each computer seperately to install and configure software, etc. 

i know that i'm going to be limited in centralized content filtering and antivirus until i can get another NIC and use SME Server in the private server and gateway mode so that i can replace the unsupported router that was left for us. 

right now, i've got it in server only mode and am trying to workout the file sharing.

if there's no way to easily control permissions on sme server, (like a gui file sharing admin contrib or something?)  then i can settle for using open ibays if someone can help me with a way to setup consistant desktops once logged in on windows with links to the users files on the server.

Offline Jáder

  • *
  • 1,099
  • +0/-0
    • LinuxFacil
Re: yeah, i'm a noob
« Reply #4 on: November 02, 2007, 01:18:10 PM »
Quote
for now, i want to control student access to websites per our school policy (which i am currently using "K-9 content filters on each computer for), keep some antivirus control (Avira Antivir), and enable file sharing so that students can access their saved files no matter which computer they're on (right now it's all bickering about "YOU can't use that computer because MY files are stored on its desktop!").   

You could create an account to each student on SME and store all student data there. There are a personal space for them (Z: drive by default). That's easy because is out of box.
There are tools (Lazy admin tools) to create massive accounts by reading a file (CSV file).

I never use roaming profiles because they put a lot o traffic on network. Just change MyDocument link (using right click and proprierties) to point to your server drive (Z:) and anyone will store data on server!

Quote
i appreciate the links to moogle, but course management is not my focus right now.  it's all i can do to grasp sme server and linux and teach everyone here how to log on and off.  i'm looking for a way to centralize everything so i don't have to log on to each computer seperately to install and configure software, etc.
After teaching how to login/logoff/access his data (Z: drive) you should think about that another NIC on server to enable server-gateway mode and allow you to put squidguard on SME (google for it, there are an script!).

As today is a holiday here in Brazil, I spend two hours searching for a SIS (student information system) for you. ;)
I found http://www.focus-sis.org/ and I'm installing a test site to myself (www.abandonemicrosoft.net/escola). If you'd like I can create an account and a school for you there.
When you have time, you can see/try what a SIS like this can do for you!

Quote
if there's no way to easily control permissions on sme server, (like a gui file sharing admin contrib or something?)  then i can settle for using open ibays if someone can help me with a way to setup consistant desktops once logged in on windows with links to the users files on the server.
Again, just my 2c but consistent desktops is equal to roaming profiles... and that willput a LOT OF pressure on your network infrastructure.
Use ibays with free access to public data and Z: (personal) drive to private data.
You also can use ibays to groups to limit access to teachers or admin staff.

Good luck... and write when you need (BTW, here is GMT-0300 but we're in DST till Feb, so GMT-0200 now).

Jáder
...

Offline raem

  • *
  • 3,972
  • +4/-0
Re: yeah, i'm a noob
« Reply #5 on: November 02, 2007, 01:29:07 PM »
icthos

You should read all the Howtos & Contribs, you'll find lot's of useful stuff.
http://wiki.contribs.org/Category:Howto
http://wiki.contribs.org/Category:Contrib

You can control folder or subfolder access using the tips in this Howto
http://wiki.contribs.org/Htaccess
and in particular this section
http://wiki.contribs.org/Htaccess#Procedure_-_authentication_against_specified_sme_users
In your case add the user teacher to all folders but only add the user student to their particualar folder.

Depending how many students there are it may take a while, but hey, it's free
ie create & configure a different template fragment for each folder/student
eg
50AddSecureIbayStudent1Folder
50AddSecureIbayStudent2Folder
see these lines
eg1 for student folder1
<Directory /home/e-smith/files/ibays/ibayname/html/student1foldername>
require user teacher1 student1
eg2 for student folder2
<Directory /home/e-smith/files/ibays/ibayname/html/student2foldername>
require user teacher1 student2
...

Offline raem

  • *
  • 3,972
  • +4/-0
Re: yeah, i'm a noob
« Reply #6 on: November 02, 2007, 01:48:24 PM »
icthos

Sorry, my earlier advice was for Internet access control.

You are after samba file sharing access control
Using the Home folder idea for each student, you could then use this Howto to allow the teacher (as admin user) to access student home folders, it's still OK for sme7.
You may have ownership problems though if the teacher writes to the folders.
http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/rmitchell/smeserver/howto/User%20Home%20directories%20access%20by%20Administrator%20HOWTO%20for%20sme%20server.htm
...

Offline icthos

  • 5
  • +0/-0
Re: yeah, i'm a noob
« Reply #7 on: November 02, 2007, 03:09:37 PM »
i used the home folder idea and the Howto provided (thanx :-D) to setup the admin access to the students home folders.  this is what happened:

logged into my teacher account on WinXP, i could see the userhomes directory on the network server, but when i tried to access it, i got a pop up login screen and no account name and password would work on it.

logged into the "admin" account on WinXP, i can see the userhomes directory and access it without a login screen popping up,

however...

i can see and access a folder for EVERY user, not just the usernames i listed on the template !!!

should i list this on the bugs forum (BTW, does the bugs forum use the same account info as this one or do i have to make a new account?) or is there something i'm missing?

in addition, would there be a way to write the template so that it uses all the users in an existing group instead of individually listing all the users that the admin or power user would have access to, and having to modify the template each time there is a new user added (which i'm assuming i can do)?

BTW, i had assigned all teacher accounts to a group with the description "Power Users" per the manual (http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter9#Setting_admin_rights) and would have thought this would do the trick for allowing the teacher account to look at the userhome directories.  is there an easy way to check and see what privledges (admin, power user, etc) each user has been granted?

Offline stephen noble

  • *
  • 607
  • +1/-0
    • Dungog
Re: yeah, i'm a noob
« Reply #8 on: November 02, 2007, 11:04:03 PM »
BTW, i had assigned all teacher accounts to a group with the description "Power Users" per the manual (http://wiki.contribs.org/SME_Server:Documentation:Administration_Manual:Chapter9#Setting_admin_rights) and would have thought this would do the trick for allowing the teacher account to look at the userhome directories.  is there an easy way to check and see what privledges (admin, power user, etc) each user has been granted?

Follow the link given to see what rights it gives
The easy way to check is to log on as that user

We want to help but these things are reasonably self evident

Also put a computer aside to install and learn http://wiki.contribs.org/Mepis, it will do file and print sharing and most everything else a lab user would expect. Then each time an XP PC is compromised reinstall mepis
« Last Edit: November 02, 2007, 11:37:49 PM by snoble »

Offline raem

  • *
  • 3,972
  • +4/-0
Re: yeah, i'm a noob
« Reply #9 on: November 03, 2007, 04:44:22 AM »
icthos

Quote
logged into the "admin" account on WinXP, i can see the userhomes directory and access it without a login screen popping up...i can see and access a folder for EVERY user, not just the usernames i listed on the template !!!

I think you misunderstand the concept.
The names you add in the template fragment are the logged in users who are allowed to have access to the userhomes folder ie teacher1, teacher2, admin etc. The "users sections" of the fragment is NOT where you add students names or folder names you want to access.

The userhomes concept (as implemented in the Howto), allows an admin user or other specified users to have access to ALL users directories (which include the home folders).

The student users can only write to their own home folder, but the admin or teacher user can access and read ALL students home folders.

If the teacher or admin users writes files to the students home folders, the student will not be able to read them as the teacher or admin owns those files.
So this is suitable for the situation where the teacher wants to read the students files.

You may be able to change setting values in the template fragment to allow different functionality regarding permissions, but unless done correctly, these will be overwitten with defaults when you make system changes using server manager etc.

You could also create many copies of the template fragment (with a different name) for each user home folder you want to allow access for, but this may be unwieldly for a lot of students ie

50student1home-admin

[student1home]
comment = student1 home directory
path = /home/e-smith/files/users/student1/home
valid users = admin root teacher1
admin users = admin root teacher1
write list = admin root teacher1
browseable = yes
guest ok = no
public = no
read only = no
writable = yes
printable = no
create mode = 0660
force create mode = 0660
directory mode = 0770
force directory mode = 0770



50student2home-admin

[student2home]
comment = student2 home directory
path = /home/e-smith/files/users/student2/home
valid users = admin root teacher1
admin users = admin root teacher1
write list = admin root teacher1
browseable = yes
guest ok = no
public = no
read only = no
writable = yes
printable = no
create mode = 0660
force create mode = 0660
directory mode = 0770
force directory mode = 0770

and so on...

You were insistent on wanting a free solution, and the above method will do that.
I'm sure there are other (free) solutions that would do the job much better, and you have been given some links to those.

« Last Edit: November 03, 2007, 04:53:54 AM by RayMitchell »
...

Offline raem

  • *
  • 3,972
  • +4/-0
Re: yeah, i'm a noob
« Reply #10 on: November 06, 2007, 07:48:24 AM »
icthos

Just wondering, what approach have you taken ?

...

Offline icthos

  • 5
  • +0/-0
Re: yeah, i'm a noob
« Reply #11 on: November 06, 2007, 02:21:35 PM »
Hey RayMitchell

i ended up making a template for each student for the moment.  there's only 10 of them.  that should last until i can figure out something better.

thanx for setting me straight with which user name to put in the template! (teacher's not student's)  helped alot.

icthos