# All Linux Network

## Fraggle

If you guys were to install an all Linux (gentoo of course) network, how would you go about doing it? What services and compination of services would you use. Here is what I think....

Postfix

Imap

Samba (For DC)

All the normal network services (DNS, etc)

I am curious about LDAP, I don't know much about it. Keep in mind client computers would be a mix of NT4, 2k, XP, and linux.

Just wondering how you all would go about doing it...

----------

## palebear

well, on my gentoo server (for home networking) i've got setup

[Security]

shorewall    (iptables based firewal script, very easy to use and setup networkin with)

aide            (file intregity)

snort           (IDS, logging to a mysql database)

[Networking]

bind            (caching nameserver for local network)

dhcpd          (easy networking setup with win clients (esp laptops)

[Mail Server]

spamassassin

f-prot (virus scanner)

qmail (my MTA)

qmail-scanner (for use with f-prot and spamassassin for virus and spam filtering)

courier imap (interacts nicly with ALL mail clients, supports pop3, imap, and ssl connections)

squirrelmail (for webmail access)

[Web Server]

apache (for squirrelmail)

php

phpMyAdmin

acid (view snort logs)

[Other Servers]

mysql server (for snort logging)

ssh         server for remote administration

proftp      for backups, file transfers etc

squid       (i mainly use this for ad filtering)

i dont know much about ldap and dont use samba :/ (yet atleast)

----------

## Fraggle

how about for a more "business" approach. In otherwords, you have a business with about 20 people, currently on a windows network, and you want to go 100% linux...

----------

## TheQuickBrownFox

When you say: "windows network" I suppose you mean that there is a windows box that they call a server?

There are a couple of options, depending on exactly what you need. For the file & authentication server, you can definitely use Samba and LDAP. Together even, depending on how complex you want things.

There are plenty of docs, (just ask google), but things are in a state of flux when it comes to using Samba with LDAP as the backend. This doesn't mean it's not usable. It just means that it's not rock solid like NFS yet. I'm in the process of migrating some machines (CS dept at University of Pretoria, ZA) to this kind of setup.

Currently, we're using Samba as a PDC and NIS and NFS. In short: Samba serves MS machines, and does all authentication. Linux machines use NIS for mapping the uids, but not for authentication (it's broken). We use pamsmb for that. AFAIK it's possible to get rid of pamsmbd and NIS, by using winbind and running Samba on each client.

There's also a way to replace the authentication code in windows, by using pGina http://pgina.xpasystems.com/ I don't see how that makes the system simpler though.

The problem you're really facing is, how to get rid of the Windows clients.

----------

## Fraggle

 *TheQuickBrownFox wrote:*   

> When you say: "windows network" I suppose you mean that there is a windows box that they call a server?
> 
> There are a couple of options, depending on exactly what you need. For the file & authentication server, you can definitely use Samba and LDAP. Together even, depending on how complex you want things.
> 
> There are plenty of docs, (just ask google), but things are in a state of flux when it comes to using Samba with LDAP as the backend. This doesn't mean it's not usable. It just means that it's not rock solid like NFS yet. I'm in the process of migrating some machines (CS dept at University of Pretoria, ZA) to this kind of setup.
> ...

 

you can use ldap to map the uid's with samba though right?

----------

## TheQuickBrownFox

Sounds like we're working on the same setup: Samba with LDAP backend and LDAP / NFS for a mixed environment?

When you compile Samba to use LDAP, you have to include the Samba schema in the LDAP directory. This schema has the MS equivalent of a UID, called a rid in it, so Samba gets this from the directory. You also need the NIS schema if you're going to use LDAP for Linux machines. The NIS schema has an attribute called uidNumber that identifies the user in a *nix domain. Don't confuse the rid, uidNumber and uid attributes.

To make sure that users only have one password to worry about, you have to get the linux machines to also authenticate against the Samba domain.

----------

## Fraggle

This will be fun. Lots o work! I am starting a consulting company and am going to try to push for a linux backend for client's networks. Just looking to see how you all would go about doing it.

----------

## TheQuickBrownFox

I'm actually more interested in getting Linux on the desktop. The server side is getting boring when it comes to small bussineses.

I have some ideas and I'm confident that it would be a more mainainable sollution, especially in the long run.

OpenOffice is basically good enough. It might not be perfect, but it's good enough. And it doesn't cost an arm and a leg.

I read that ACCPAC is running on Linux, so there's accounting sorted.

File sharing and email is a no-brainer.

KDE is more than good enough.

Java apps work just fine. (except if it depends on MS SQL)

What's else does a small bussiness need?

----------

## Fraggle

 *TheQuickBrownFox wrote:*   

> I'm actually more interested in getting Linux on the desktop. The server side is getting boring when it comes to small bussineses.
> 
> I have some ideas and I'm confident that it would be a more mainainable sollution, especially in the long run.
> 
> OpenOffice is basically good enough. It might not be perfect, but it's good enough. And it doesn't cost an arm and a leg.
> ...

 

Very true. I should just push a total linux solution. That would definatly be a niche market...

Unfortunatly things like sound recording (multi-tracking) and photo-editing, are not quite there yet. (GIMP is good, but nothing compared to photoshop...)

----------

## TheQuickBrownFox

 *Quote:*   

> GIMP is good, but nothing compared to photoshop...

 

Yeah, that's why ILM is using Photoshop instead of Gimp   :Wink: 

It's true that it might be more difficult to produce a certain effect with the Gimp, but it's sure not impossible. The trick is that it might take some scripting to achieve a certain effect that takes a single click in PS.

You're right though, the Gimp is not as cool as PS to small businesses. 

I know nothing about sound, so I can't comment.

----------

## Fraggle

 :Razz: 

----------

