So I had this bright idea of using Linux and OpenLDAP to help teach my students about directory services next term.

(I figure that they'll get ADS'ed to death in any number of other classes, they're not big on theory and *NIX really lets you dig in and get your hands dirty on stuff like this. Besides, last I checked ADS doesn't run on non-MS platforms and non-MS platforms aren't going away anytime soon and LDAP is the defacto cross-platform DS interface protocol.)

Now, where was I? Oh, yeah...so as part of my academic due diligence I need to mess around with this stuff myself so I do my research, snag the 7.2 images (sorry, guys, what Linux we use around school is Red Hat. On the other hand, *my* students learn how to re-compile and customize kernels.)

The only x86 iron I have on my home network, though, is my P2-400 currently running x86 Solaris. I have a sentimental attachment to Solaris from my post-SysV AT&T days and thought it would be nice to have it running around the home, so to speak.

However, the P2 isn't running any vital services right now, so I wipe it and install. All went very smoothly except for a few...snags:

- My previous experience with RH 7.x was with a 6.0 install upgraded to 7.0. Hence it used inetd. 7.2 uses xinetd instead so that took a little research and playing before I got used to that. (Not a lot of good xinetd tutorials around, by the way. I'll have to write one up.)

- My home network has a wireless segment on it, connected through an Airport base station to the Ethernet piece. So I set up ssh on the P2 but couldn't connect to it from my laptop, which is on the wireless segment. I fiddle and fiddle and discover that I also can't ssh from the P2 to the laptop. Neither can I ftp or telnet either way (once I enabled the services). Now I'm no idiot but I really felt like one when I finally (after an hour or two of shuffling and re-wiring) remembered that bit in the install about 'firewall configuration'. D'oh!

- 7.2 detected my video card, VRAM and monitor type perfectly. However, why can't the installer recommend some display modes based on that detection so I don't have to shuffle through the various permutations of bit depth and resolution? (I didn't need a GUI and didn't have a mouse anyway, but can't we at least do that little bit for the Windows refugees?)

- Solaris vs. Linux - As I said, I have a soft spot for Solaris and think it's great on Sun hardware. But on x86 iron, it's a pain in the ass. Linux just seems to be improving at a faster rate and not only that, it's more 'fiddle-friendly'. That is, the tools are all there and work in a more predictable way on Linux. I've tried to install the Net::SSLeay Perl module on Solaris (both on Sparc and x86) and it always barfs with some compiler option error. On Linux, it drops right in. I'm not talking about RPMs here, either, but compiling from source. (This doesn't even get to the conversation about why I need multiple package mgt. tools in Solaris vs. one in Linux...)

- Anyway, I still like Solaris and think it's a robust, scalable, <insert positive buzzwords here> OS for an enterprise network. However, I don't think it's that great as a learning environment (which is where I use *NIX the most) and it's not that great on x86 hardware.

- That being said, I still have problems with Linux. I decided to upgrade to the lastest OpenSSH and this required way more fiddling than it should have due to all the differences in file/directory locations necessitating a lot of manual tweaks to scripts and paths. A good dose of LSB is still sorely needed in this area.


Well, the install's done and I've got it all sorted out now. I just wanted to get this off of my chest and express my deep appreciation for Linus, Richard, Ken, Dennis, Alan, Eric and everyone else who continues to fight the good fight and keep the cool tools coming my way.

For my part, I'll just keep on subverting the system from the inside....

I'll probably dig into that today, since my brain was busy half the night composing it.

I've done about four others so far (on DNS, e-mail, Webmin and SSL/SSH). They're written to give you just enough theory so you can toss together a working implementation and then point you to where you can learn more. The Webmin tutorial is the first in the series as I can later show the way

The HOWTOs are good, but are a little overwhelming to my students. I got started on them due to a class project that I gave my UNIX sysadmin class last term. Here's the description, straight out of the hand-out:

---------------------------------------
Each team will produce one client and two servers:
The client will be a dual boot Red Hat 7.0/Windows 2K Pro. Equivalent functionality should be available to the user regardless of which OS they are using. You will create at least two user IDs for demonstration purposes with documentation on a procedure for adding additional users. (For extra credit, you can have authentication handled by a network server.) Both clients will have the following minimal functionality:
- Office Suite (StarOffice 5.2..see below)
- E-mail client
- Web browser (your choice)

NOTE: The Web browser should be installed in a common directory so all users can access it, not installed in individual home directories.

The servers will have the following functionality:
NFS/Samba - This will provide file services for both the Linux and Windows clients. At minimum, the user should be mounting their home directory from the network.

Print services - You have a choice between using lpd, lprng and CUPS. The client should be able to print through the server from both Win2K and Linux.

StarOffice - You should use version 5.2 but it must be installed on the network and both Windows and Linux versions should be available to the client. (That is, a full install on the client is not allowed. SO must be set up to run off of the network.)

Apache - The minimum requirement here is a main page (accessed by the URL http://<server>) and consisting of something other than the Apache test page and a personal user page (accessed by the URL http://<server>/~<userid>). In addition, at least one 'secure' page (using SSL) should be created and available.

Name Resolution - The minimum here will be a DNS subdomain off of the school domain. (For extra credit you could set up NIS for name resolution.)

SSH/SSH - Telnet and ftp should be disabled on both the client and the servers and access should be only through ssh and utilities like scp.

NTP - One of the servers should be a network time server and the other two machines will be set as NTP clients.(This is now an optional, extra credit item)

E-mail - One of the servers should be set up as a POP server, with e-mail accessible from both the Windows and Linux clients and you should set up mail forwarding with at least one other team.

Webmin - Each machine should have Webmin installed and accessible through SSL.

The output of this project:
One dual-boot client and two servers (as described above)
One document that describes the configuration of each machine and service.
A live demonstration of your mini-network. including but not limited to:
- user authentication
- Office, e-mail and web browsing
- Creating a new user
- Administering/accessing machines remotely with webmin/ssh

--------------

Obviously not all of this material was in our textbook and it would take them more time than they had to research it themselves, so I began to put together little tutorials that would step them through the major pieces while explaining what was going on and pointing out additional resources.

Not everyone got it 100% done, needless to say, but the consensus was that they learned a lot more from the project than they would have if we had just stuck with the book. (We still got through the entire text as well.)

Probably a little more than you wanted to know, but I *am* a professional pedant so I'm apt to get pedantic at the drop of a hat.