fouldsy.com

Open-Xchange on the Gentoo Sparc64 was just a nightmare! Along with taking an age to run through emerging each package, too many packages weren’t in ’stable’ on the Sparc platform, and stepping back to Blackdown JDK rather than offical Sun-JDK was causing a lot of problems compiling the Java dependencies during the base system install.

So, plan B is running Open-Xchange on my dual-PII testing system. Although mainly for trying out various distros and desktop environments, it’s speed helps, and the fact it’s x86 based! Initially I’ll follow through installing it running off a local OpenLDAP server before complicating matters by powering it from the OpenLDAP server currently configured on one of the Ultra 5’s for user logins and Samba authentication.

Although I’m a little disappointed not to be able to run everything off the stack of Ultra 5’s, I’m more interested in the actual systems configuration and connections across the network than arsing around resolving annoying package dependencies on what appears to be a platform not really receiving much attention for Open-Xchange!

So, I’ve done bugger all with my stash of Sun Ultra 5’s since well before Christmas, and since getting back from my holidays I haven’t been bothered either. Terrible waste of equipment, I know!

But, having received an e-mail from the Open-Xchange team about further migration support and whitepapers from SLOX 4.1 across to Open-Xchange, figured that sooner or later our mail server at school is probably going to be shuffled across. If possible, I’d like to get this done before I leave in May as with SLOX support no longer, applying updates is a right pain, and it’s going on for 2 years since it’s been in operation anyway.

One thing I’ve been looking at for a while is expanding the e-mail systems to incorporate external mail functions as well. At the moment, it’s only handling internal e-mail, but bridging the gap seems logical. I’d want to bring in virus scanning of attachments and spam filters for that, which is why I’ve already been looking at ClamAV and SpamAssassin for my Gentoo network systems.

Anyways, I’ve actually got the 3rd Ultra 5 now running Gentoo Sparc64, integrated with the LDAP server (now I know the steps for creating the certificates from configuring the Samba server…) and have made a start on Open-Xchange on Gentoo. Running Sparc64 has already brough up an issue in that there’s no stable Sun-JDK, though there is a blackdown-jdk ebuild I’m currently compiling.

Of course, running it on such an old system means this may take a while, and since the 2nd package on the (long) list of base software has already caused problems, it may take even longer! But, I do like a challenge…

Truth be told, I just haven’t had the time to play around with this project as much as I wanted. Maybe with it being close to Christmas and stuff winding down at work (plus, just wanting to be in Alaska by now!), I just don’t have the energy on an evening to sit down and crack on.

But, Samba has been running quite happily for a week or so and integrated quite nicely with OpenLDAP. Running on two different severs, thus simulating what you’re likely to get in the network environment, has been a bit of a struggle. All the documentation with regards to running the two of them together are aimed at them being on the same physical machine. Taking out SSL makes this fairly easy and doesn’t cause problems, but most of the tutorials on enabling SSL make it harder. This has been the cause of most of my problems.

In the end, a combination of Samba-OpenLDAP howto from Idealx (a bible almost!) and the LDAP SAMBA PDC Howto from the Gentoo Wiki (always excellent resources!) have got things up + running. Moving between the two doucments is fairly easy, but for the SSL parts, stick with the Gentoo Wiki version - much easier.

Configuring the client machine has been fairly non-eventful in terms of authentication - a couple of simple changes to PAM and configuring of the OpenLDAP connection all that is required. Logging in works fine, correctly authenticating and determining group privileges. It’s getting the correct drives mapped across that’s a challenge at the moment, and this is what I just can’t be bothered to figure out right now!

Again, almost all the tutorials expect you to be running Windows clients, which make it dead easy to configure using the login.bat scripts. However, these don’t work for Linux clients, requiring your own logon scripts. I’ve pretty much got it handling the home directories and the associated shared network drives. I’ve had a quick play with How to Implement Login Scripts into a Pure Linux Environment from the Novell KB which seems to do the trick, but I’m not too happy with the method of grabbing the groups and writing them to disk before mounting them.

Overall, aside from my mistakes and ignorance in not fully understanding SSL connections between the servers, and the struggle in getting login scripts to handle network drives, it’s all been fairly easy, albeit slow going! Certainly the smbldap-tools from Idealx have given the power required to add new users, create these Samba groups for shared network drives, and adjusting the user + group permissions.

For me, one of the core features of a network system for end-users is to allow any information they need to be accessible from anywhere, no matter the machine or OS, hence the design around Samba to facilitate Windows machines, as opposed to going for NFS (a much easier method considering the bulk of the work + clients I’d use would be Linux). This basic setup shows this is possible, but fiddly when compared to the Microsoft AD and NTFS shares it’s designed to replace.

Once additional features such as the web caching + filtering get built-in along with e-mail (both on separate servers - more work!), the true power and benefits should become apparent since they’re all running from a single authentication point and directory from the word go, without the need to hack things together as is the case with current MS AD / Samba connectors.

Well, my first Gentooserver is up and running on the Sun Ultra 5’s quite happily. It wasn’t as problematic as expected to be honest. I guess having done a few Gentoo installs before helped too!

The only couple of things I found was the system didn’t compile the network card driver correctly. I had to go back into the config, de-select the card, exit, head back into config and re-select before re-building the kernel. Plus, with a 3.5Mb limit on 2.4 kernel size on Sparc64, I only just managed to get it down to 3.4Mb after stripping off .comments and .notes as detailed in the excellent Gentoo Sparc Handbook.

Also on this first server, which will become the OpenLDAP server, it wouldn’t set console fonts correctly on boot, causing the system to hang. The correct setting had been applied, but booting off the CD and doing a quick “rc-update del consolefont default” and rebooting cured it with no ill-effects.

Lack of ssh access by default is a bit of an annoyance, but that’s just the way the Gentoo installer does things, so then had to leave the system a while compiling OpenSSH and setting it load on boot. Is easier controlling via ssh then switching back and forth with KVM’s and keyboards.

Onto OpenLDAP, and more great documention from Gentoo in the form of the Gentoo OpenLDAP handbook got everything up and running without too many hassles. The only issue was not including the full hostname within /etc/hosts - it must be hostname.domainname.extension, in this case fatcontroller.homelinux.net, not fatcontroller.homelinux or communicating with the LDAP server would fail. Enabling SSL is a doodle, and importing users, groups, etc. from the local box was fine with the migration-tools. Not sure about how it would handle an import from existing LDAP server such as a Microsoft Active Directory, which would have interesting to try out. Not having one in my pocket hindered that slightly!

My test machine with a Gentoo system already installed has been commandered as the network client since it’s already setup, and a few simple changes to PAM got the workstation authenticating with the LDAP server. The next stage is implementing a Samba server to handle network home directories and profile storage, so whilst authenticating against the LDAP server, you also have the appropriate network drives mapped to the account.

Speaking of which, the Samba server itself installed within one evening having learnt from the problems building the first server. I decided it probably wasn’t worth the hassling unplugging everything, slaving hard drives, imaging them, then plugging everything back to together. Of course, making judicious use of [scp to move the kernel .config file and such across helped a tad! Also, the Samba server didn’t experience the console fonts problem on boot, so is quite happy booting. Currently, it’s starting to compile all the tools as per the Gentoo Samba3/CUPS/ClamAV HOWTO.

Overall, the speed of the systems in terms of booting up and running things seems quite okay. Compiling is a slightly different matter, as to be expected from the hardware. Won’t break any records for compilation time, but it seems fairly stable and that’ll do me! Am looking forward to getting my teeth into this project once Samba is up + running to really start manipulating the LDAP server to control shared group folder permissions and logins in the same manner network clients + users would in the workplace. Sticking an e-mail server into that will be next, but intend on having some fun with OpenLDAP + Samba first!

eBay is a naughty, naughty place. It draws you into buying stuff against your will. Well, not quite, but you get the idea.

The latest idea is playing around with some high-end network services under Linux. OpenLDAP servers maintaining an entire LDAP directory, with integrated Samba file + printer sharing on per user/group basis including virus scanning, e-mail solution containing virus + spam filtering tied into the LDAP structure, and of course Internet content filtering + Squid proxy cache complete with Intranet portalset all based off permissions from the directory. So, I needed some equipment.

Space being limited, and also wanting a decent challenge as opposed to running them off my usual testing machines based round PII 400Mhz’s with 128Mb-256Mb RAM, picked out some Sun Ultra 5’s instead. Since the Ultra 5’s are IDE interface based, they take standard hard drives and CD drives making them cheap to get parts for. These 4 cost £45 plus shipping - 3 x 270Mhz with 128Mb RAM + 6.3Gb hard drives, plus 1 x 330Mhz with 256Mb RAM and 6.3Gb hard drive.

What’s going to run on these? Gentoo Sparc64, of course. Support seems very good under Gentoo, with active forums, mailing lists and IRC. Although compiling will be slower compared to the other alternative, Debian, I’m interested to see how much Gentoo can harness the 64-bit processing, plus how well Gentoo actually stands up in a server environment. I’ve always ran Debian on servers due to ease of installation and updates, but since I’m not in the production environment, would try something else. Whilst this is purely for development and learning, the reasoning behind it is an integration of these technologies into our Windows network at work, or for future reference depending on employment status in a year or two.

Once the keyboard + mouse arrive, will make a start trying to install Gentoo in the first place! Hoping to simply create a base install, then image the remaining three drives, allowing me then give each machine it’s own roles without having to run through building each system from scratch.