Kerberos requires every client to know where the server is located. This can be done either by using /etc/krb5.conf file or using DNS to distribute the information. Using DNS makes it easier to do changes in the network settings as not every client needs to be updated. Next we aim to minimize the amount of configuration needed for every client so configuring DNS properly is a logical first step.

After getting OpenLDAP running properly and the schemas in place, the next step is to get Kerberos and AutoFS running on top of it to enable centrally managed automatic NFSv4+kerberos mounts to user home directories. Here we setup kerberos using OpenLDAP as the backend to store the principals. This allows one to easily replicate the data to slave servers.

In this part I'm setting up ldap schemas for samba, autofs and kerberos. This is needed before the actual configuration for these can be done. Unfortunately I could not find ldif files for OpenLDAP for these, so the schema files need to be converted to ldif files. The tutorial at help.ubuntu.com instructs to use the slaptest tool for this.

After getting OpenLDAP running, the next step is to get TLS authentication working. This continues the first part.

The OpenLDAP packages in Ubuntu have seen quite a bit of changes over the past few years. The packaging has changed the configuration file format to the new config backend and there's no directory initialization in the package scripts anymore. This means that when the slapd package is installed, it doesn't ask for basic directory information anymore, but one needs to do full configuration himself.

A quick search on Freshmeat.net returns tens of user management systems for linux. Quite a few of them are based on ldap and many manage the old /etc/passwd -file, some are built on completely different principles. Many of these tools seem to have one thing in common - they are built around the underlying data storage and managing users with them requires one to know how the data gets stored and distributed. As we are dealing with schools many schools where none of the teachers know what /etc/passwd or ldap are, explaining the user management concepts needs a new approach. Often user accounts are modified only a few times a year so using the tools is close to once-in-a-lifetime event.

Laptops are now getting to be the norm when buying a new computer for home usage and also we here at Opinsys are getting a lot of questions about laptops and how to run linux on them. Although the schools' ltsp environments are running great, thin clients are not the solution for every problem.

A common problem with ltsp thin clients seems to be getting them to shutdown automatically for the night. There are various methods that include shutdown commands run from cron and daemons listening for remote commands. Both of the methods do work, but purely time based solutions can be annoying for the users. Having the thin client shutdown while writing an essay is really not optimal user experience.