Peer-to-Peer Network of LINUX Workstations, IS IT POSSIBLE?

Peer-to-Peer Network of LINUX Workstations, IS IT POSSIBLE?

Post by Panchal » Sat, 09 Feb 2002 07:57:20



IS IT possible to create a PEER-TO-PEER network of Linux Boxes.
(We have 30 systems running in WinNT Domain and want to replace WinOS
with Linux on all the systems.)

And how can I create user accounts, so that any user can logon to any
machine in the lab (roaming profile under NT)? IS IT POSSIBLE in LINUX
to administer User A/c's on a SERVER instead of managing User A/C's
locally on each LINUX BOX.

Detailed help highly appreciated!!!
Thanks!

From :

Trainee Software Engineer,
Daffodil Software (P) Ltd.
<http://www.daffodilwoods.com>

 
 
 

Peer-to-Peer Network of LINUX Workstations, IS IT POSSIBLE?

Post by domi » Sat, 09 Feb 2002 08:53:32



> IS IT possible to create a PEER-TO-PEER network of Linux Boxes.
> (We have 30 systems running in WinNT Domain and want to replace WinOS
> with Linux on all the systems.)

of course, unix is where networking is invented, winOS made a bad impression of
the unix way

Quote:> And how can I create user accounts, so that any user can logon to any
> machine in the lab (roaming profile under NT)? IS IT POSSIBLE in LINUX
> to administer User A/c's on a SERVER instead of managing User A/C's
> locally on each LINUX BOX.

what you want is an ldap-server holding the users, and the clients' pam stuff
using that server,
i'd say: check linuxdoc.org for a ldap-howto
domi

 
 
 

Peer-to-Peer Network of LINUX Workstations, IS IT POSSIBLE?

Post by Ben Russ » Sat, 09 Feb 2002 09:30:25


Sounds like you need NIS+, NFS, and automount.
I've never used NIS, however I've used NFS and automounter they are good.

> IS IT possible to create a PEER-TO-PEER network of Linux Boxes.
> (We have 30 systems running in WinNT Domain and want to replace WinOS
> with Linux on all the systems.)

> And how can I create user accounts, so that any user can logon to any
> machine in the lab (roaming profile under NT)? IS IT POSSIBLE in LINUX
> to administer User A/c's on a SERVER instead of managing User A/C's
> locally on each LINUX BOX.

> Detailed help highly appreciated!!!
> Thanks!

> From :

> Trainee Software Engineer,
> Daffodil Software (P) Ltd.
> <http://www.daffodilwoods.com>

 
 
 

Peer-to-Peer Network of LINUX Workstations, IS IT POSSIBLE?

Post by ctr2s.. » Sat, 09 Feb 2002 12:03:21



> IS IT possible to create a PEER-TO-PEER network of Linux Boxes.

You don't mean "peer-to-peer."  Peer-to-peer is where each client
performs its own authentication requests.

Quote:> (We have 30 systems running in WinNT Domain and want to replace WinOS
> with Linux on all the systems.)

See, you are talking about emulating the single-login behavior of an
NT domain, which is not peer-to-peer either.

Quote:> And how can I create user accounts, so that any user can logon to any
> machine in the lab (roaming profile under NT)? IS IT POSSIBLE in LINUX
> to administer User A/c's on a SERVER instead of managing User A/C's
> locally on each LINUX BOX.

Yes.  There are several methods: NIS, NIS+, and LDAP are the most
common.  There is a HOWTO on doing LDAP+Kerberos, but it unfortunately
doesn't seem to be in any of the standard places.  There are several
very good HOWTOs for NIS and LDAP.  I suggest you read them; they are
at all the standard Linux documentation sources.

Incidentally, what's with the RANDOM CAPITALIZATION?

--

"I woke up this morning and realized what the game needed: pirates,
pimps, and gay furries."  - Rich "Lowtax" Kyanka

 
 
 

Peer-to-Peer Network of LINUX Workstations, IS IT POSSIBLE?

Post by ctr2s.. » Sat, 09 Feb 2002 12:06:56



> > And how can I create user accounts, so that any user can logon to any
> > machine in the lab (roaming profile under NT)? IS IT POSSIBLE in LINUX
> > to administer User A/c's on a SERVER instead of managing User A/C's
> > locally on each LINUX BOX.
> what you want is an ldap-server holding the users, and the clients'
> pam stuff using that server,

LDAP is overkill for 30 workstations.  For so few users, it won't be
faster.  It's also harder to configure and maintain and has higher
base-level requirements (memory, CPU, and storage-wise).

--

"I woke up this morning and realized what the game needed: pirates,
pimps, and gay furries."  - Rich "Lowtax" Kyanka

 
 
 

Peer-to-Peer Network of LINUX Workstations, IS IT POSSIBLE?

Post by domi » Sun, 10 Feb 2002 01:33:25




>> > And how can I create user accounts, so that any user can logon to any
>> > machine in the lab (roaming profile under NT)? IS IT POSSIBLE in LINUX
>> > to administer User A/c's on a SERVER instead of managing User A/C's
>> > locally on each LINUX BOX.

>> what you want is an ldap-server holding the users, and the clients'
>> pam stuff using that server,

> LDAP is overkill for 30 workstations.  For so few users, it won't be
> faster.  It's also harder to configure and maintain and has higher
> base-level requirements (memory, CPU, and storage-wise).

i thought nis was dead, since it didn't support certain stuff like longer names
or passwords (or something like that)
domi
 
 
 

Peer-to-Peer Network of LINUX Workstations, IS IT POSSIBLE?

Post by Panchal » Sun, 10 Feb 2002 05:44:38


Thanks to all, for such a prompt help!

Quote:> See, you are talking about emulating the single-login behavior of an
> NT domain, which is not peer-to-peer either.

Yes, thats what I want. Sorry! for mistake.

Quote:> Yes.  There are several methods: NIS, NIS+, and LDAP are the most
> common.  There is a HOWTO on doing LDAP+Kerberos, but it unfortunately
> doesn't seem to be in any of the standard places.  There are several
> very good HOWTOs for NIS and LDAP.  I suggest you read them; they are
> at all the standard Linux documentation sources.

LDAP or NIS? Which one is easy to implement and administer. Is LDAP
installed by default on RedHat Linux (7.x) Any pointers to resources
on installing and configuring these services on a new setup?

Also Is it possible to get a listing of available Systems, Something
like NETWORK NEIGHBOURHOOD in WinOS. Is there something similar to
this so that users can easily navigate through the network by point
and click method.... NIS, have a concept of DOMAIN Is it similar to
WinNT Domain???

Sincerely,
Panchal V
Software Engineer,
Daffodil Software (P) Ltd.
Hisar, India.
http://www.daffodilwoods.com

 
 
 

Peer-to-Peer Network of LINUX Workstations, IS IT POSSIBLE?

Post by ctr2s.. » Sun, 10 Feb 2002 13:15:32



> > Yes.  There are several methods: NIS, NIS+, and LDAP are the most
> > common.  There is a HOWTO on doing LDAP+Kerberos, but it unfortunately
> > doesn't seem to be in any of the standard places.  There are several
> > very good HOWTOs for NIS and LDAP.  I suggest you read them; they are
> > at all the standard Linux documentation sources.
> LDAP or NIS? Which one is easy to implement and administer.

NIS.  What it does is share certain important files (like /etc/passwd
and /etc/group) over the network.  This means that with a few small
changes to /etc/nsswitch.conf, you can go to NIS and then use all the
regular Unix user/group/password control mechanisms.

Quote:> Is LDAP installed by default on RedHat Linux (7.x) Any pointers to
> resources on installing and configuring these services on a new
> setup?

There is an LDAP HOWTO, and many NIS HOWTOs.  NIS is originally a Sun
thing, so there's also plenty of general documentation which also
applies to Linux (the implementations are, from what I've seen,
entirely compatible).

NIS is occasionally called "Yellow Pages," which is an idiotic name.
NIS+ is _not_ NIS: it is quite different.  It's probably also not
worth your time for such a small network.

Quote:> Also Is it possible to get a listing of available Systems, Something
> like NETWORK NEIGHBOURHOOD in WinOS.

Well, you could theoretically ping the broadcast address and see what
machines respond.  But there wouldn't be much point, because...

Quote:> Is there something similar to
> this so that users can easily navigate through the network by point
> and click method....

There's no real reason they'd need to do this.  The sensible approach
is to designate one system the "server" (it can be a
desktop/workstation too) and use it to hold all the shared
information.  Generally that will be /home.  Then all workstations
would be configured to mount /home using NFS at boot.

Quote:> NIS, have a concept of DOMAIN Is it similar to WinNT Domain???

Yes.  It's analagous, though I'm sure there are little differences
that will*you up.

One difference is that NIS isn't really a single sign-in system.  Your
username and password are the same on all participating systems, but
you do have to sign in on each system.  The way around this is
Kerberos, which I mentioned in passing earlier.  With Kerberos, you
"login" once (you get a ticket from the KDC) and then are
automatically authenticated for all other Kerberos-enabled services.
Which means you only have to give your username and password once.

This is probably a lot of information.  So here's my recommendation:
NIS, and nothing else.  Worry about things like Kerberos later, if you
decide you need them.

--

"I woke up this morning and realized what the game needed: pirates,
pimps, and gay furries."  - Rich "Lowtax" Kyanka

 
 
 

Peer-to-Peer Network of LINUX Workstations, IS IT POSSIBLE?

Post by Moe Webbe » Sun, 10 Feb 2002 14:47:36




>> LDAP or NIS? Which one is easy to implement and administer.

> NIS.  What it does is share certain important files (like /etc/passwd
> and /etc/group) over the network.  This means that with a few small
> changes to /etc/nsswitch.conf, you can go to NIS and then use all the
> regular Unix user/group/password control mechanisms.

From a security (read 'paranoia') point of view NIS should not be
recommended.  Sending hashed passwords through the wire for any
logon attempt doesn't seem wise in the age of homegrown ghz clusters
with enough cycles per sec (or SMP; boom per cycle) for some weak
passwords to break.

Rather take the time to deploy kerberos/LDAP or make up some
scripts to automate the distribution of your common passwd/group files
via scp.

The latter should be sufficient for most small/medium size networks.

regards
,moe

qbag nvz gbb ybj

 
 
 

Peer-to-Peer Network of LINUX Workstations, IS IT POSSIBLE?

Post by ctr2s.. » Mon, 11 Feb 2002 05:47:39



> From a security (read 'paranoia') point of view NIS should not be
> recommended.  Sending hashed passwords through the wire for any
> logon attempt doesn't seem wise in the age of homegrown ghz clusters
> with enough cycles per sec (or SMP; boom per cycle) for some weak
> passwords to break.

It doesn't make sense for LDAP either; in fact, to authenticate with
the LDAP server, won't you have to send passwords over the wire
cleartext?  NIS, at least, can offer MD5 encryption of passwords.

I agree with you about your paranoia, but for a small network of 30 or
so computers - the OP's configuration as I best remember it - and
probably a comparable number of people in the same building, I don't
see LDAP+Kerberos as being worthwhile.  While the two do work
together, they require considerable configuration to do so; and since
the OP does not seem to be really familiar with either, he will
probably have difficulty administering it once he gets it set up.

Quote:> Rather take the time to deploy kerberos/LDAP or make up some scripts
> to automate the distribution of your common passwd/group files via
> scp.

Using scripts is a bad solution, really.  I was able to come up with
two hefty paragraphs full of reasons why it's a bad solution just off
the top of my head, and you can rest assured there are three times as
many I haven't thought of.  Individually, many of the problems are
just annoyances (slow password change propagation, requiring password
changes to happen on one central server) but put together they totally
blow away the security issues with NIS on a small network.

I still suggest he start with NIS, reevaluate his needs in a few
weeks, and then look at LDAP+Kerberos.  There are tools to convert
/etc/passwd files to LDAP accounts.  He'd still probably have to make
all his users "change" their passwords for Kerberos, but at least he
wouldn't have to reenter the GECOS stuff.

--

"I woke up this morning and realized what the game needed: pirates,
pimps, and gay furries."  - Rich "Lowtax" Kyanka

 
 
 

Peer-to-Peer Network of LINUX Workstations, IS IT POSSIBLE?

Post by Ben Russ » Wed, 13 Feb 2002 08:51:47




>>From a security (read 'paranoia') point of view NIS should not be

If it is a Linux Only network all the boxes *could* be setup with
FreeSWAN and have them use the auto Host-to-host VPN config. Then any
of the scenarios (NIS, NIS+, LDAP, FTP....) could be used with security.

BTW, if anybody has done this I would love to hear about it.

-Ben.