Got it (ldap) working!!!
Lots of user errors setting up didn't help much. Hat off to the community at zentyal.org who have been (a) very patient with me and (b) very helpful.
Okay...
My network looks like this.
- I've made a gateway using clearos to act as a fairly simple router / iptables firewall between my computer science network and the wider school network. Essentially this is just to provide internet to my own network.
- I set up a dns server on a raspberry pi using dnsmasq just for internal (computing.lan) server names.
- "athena" is the zentyal server (for logins and file access). I realise that zentyal could do all of the above jobs too but I only found out about it relatively recently, well into the development of this network.
- lovelace is an edubuntu ltsp server. 31 clients (students) normally log on via two subnets using Raspberry Pi's running berryterminal. It also acts as a basic router between the two raspberry pi subnets in the classroom to allow thin client or 'normal' use.
You could do the same as me with a simpler set-up and combine "collossus", "lexicon" and "athena" in one zentyal box. If you do that you need to be aware that the firewall might block port 390 by default (which is needed by ldap)
If you wanted to make this set up using a single server instead of several as I have you would install Zentyal. Using the simplified set up you could install "gateway" , "infrastructure" and "office". The first two are self explanatory, the third option "office" provides very simplifed setup for kerberos and ldap. It was this simplified ldap/kerberos that sold me on this particular solution.
If like me you have several servers doing different jobs, turn off the firewall on zentyal (took me a while to figure out that was stopping things working due to the port 390 thing, it's not needed if you already have a firewall on your gateway (as I have in my setup))
Then follow this "how-to" guide.
http://forum.zentyal.org/index.php/topic,12925.0.html (carefully. More carefully than I was. You can also follow my journey of embarrassment there as well, should you so wish)
It's good to have a seperate NIC for each LTSP sub-net. 15 clients per sub net otherwise things get too slow.
You need to configure your /etc/network/interfaces
Code: Select all
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 192.168.1.254
netmask 255.255.255.0
up iptables-restore < /etc/ltsp/nat
auto eth1
iface eth1 inet static
address 192.168.2.254
netmask 255.255.255.0
up iptables-restore < /etc/ltsp/nat
auto eth2
iface eth2 inet static
address 192.168.0.10
netmask 255.255.255.0
gateway 192.168.0.2
dns-nameservers 192.168.0.3 10.192.160.10
The "up iptables-restore < /etc/ltsp/nat" bit will make sense later on.... it's to do with making it so you can also use the ltsp sub-nets work as "general purpose" networks too.
So in this case eth0 and eth1 provide the ltsp sub-nets and eth2 connects up to the rest of the network.
Then you have to configure /etc/ltsp/dhcpd.conf so that the ltsp server is able to allocate ip addresses to clients in the ltsp sub-nets
Code: Select all
#
# Default LTSP dhcpd.conf config file.
#
authoritative;
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.20 192.168.1.250;
option domain-name "lovelace1.lan";
option domain-name-servers 10.192.160.10;
option broadcast-address 192.168.1.255;
option routers 192.168.1.254;
# next-server 192.168.1.1;
# get-lease-hostnames true;
option subnet-mask 255.255.255.0;
option root-path "/opt/ltsp/i386";
if substring( option vendor-class-identifier, 0, 9 ) = "PXEClient" {
filename "/ltsp/i386/pxelinux.0";
} else {
filename "/ltsp/i386/nbi.img";
}
}
subnet 192.168.2.0 netmask 255.255.255.0 {
range 192.168.2.20 192.168.2.250;
option domain-name "lovelace2.lan";
option domain-name-servers 10.192.160.10;
option broadcast-address 192.168.2.255;
option routers 192.168.2.254;
# next-server 192.168.2.1;
# get-lease-hostnames true;
option subnet-mask 255.255.255.0;
option root-path "/opt/ltsp/i386";
if substring( option vendor-class-identifier, 0, 9 ) = "PXEClient" {
filename "/ltsp/i386/pxelinux.0";
} else {
filename "/ltsp/i386/nbi.img";
}
}
Next, add the two ltsp sub-net NICs to /etc/default/isc-dhcp-server. (It's worth pointing out that you shouldn't include here the NIC which connects up to the rest of the network otherwise you will have conflicts)
Code: Select all
# Defaults for dhcp initscript
# sourced by /etc/init.d/dhcp
# installed at /etc/default/isc-dhcp-server by the maintainer scripts
#
# This is a POSIX shell fragment
#
# On what interfaces should the DHCP server (dhcpd) serve DHCP requests?
# Separate multiple interfaces with spaces, e.g. "eth0 eth1".
INTERFACES="eth0 eth1"
Install nscd (sudo apt-get install nscd) - very important if you are using ldap otherwise the cart moves faster than the horse, so to speak and your berryterminal will only show a black screen and an X shaped mouse pointer.
Reboot.
That should allow you to get ltsp "clients" (x-servers, in this case "berryterminals") to work.
Then follow through this guide
https://help.ubuntu.com/community/Ubunt ... tHowtoNAT/ to configure the ltsp sub nets to work as normal networks too
WIl come back to this post as the fire alarm has just going off.
Back now. Fun and games.
Actually, that just about covers it I think.
Coming up next ...
There is a need for some '
more robust' r-pi enclosures. I am already down one Pi with a broken sd card connector. Watch this space.
) whihc is a GUI Gnome network config tool. This seems to have a bit of a bun fight with your settings in /etc/network/interfaces otherwise.
