Re: Small office with BSD blueprint
On 3/21/06, Smith [EMAIL PROTECTED] wrote: I would even consider doing away with dns and point everyone to the isp dns along with using static ip addresses. To avoid timeouts, I recommend you check out the FAQ [1] first before doing away with (Reverse) DNS. Distributing hosts files to your clients is of course a possibility, but I find DNS easier to setup. The default files in /var/named are pretty much good to go. Cheers, Rogier References: 1. OpenBSD FAQ - Reverse DNS http://www.openbsd.org/faq/faq8.html#RevDNS -- If you don't know where you're going, any road will get you there.
Re: Small office with BSD blueprint
Will H. Backman wrote: Looking for feedback on a basic blueprint for a small office using BSD. Situation: Small office with maybe five workstations. Question: What would an all BSD setup look like? Solution that comes to mind: * Single server for DNS, DHCP, LPD, SMTP, IMAP, and home directories. * Full install with whatever desktop environment is chosen. * automount home directories. * Instead of NIS, maybe cron job to rsyc files like /etc/passwd, /etc/hosts, /etc/printcap from central server. Does anyone out there have a similar setup? -- Will Backman - Network Administrator Coastal Enterprises, Inc. http://www.ceimaine.org I still don't know if there is much of a consensus. There is one document (http://www.openbsdsupport.org/sharedhomes.html) that is a little old, but I think it describes the traditional Unix way of doing things. I think someone with only a little Unix experience could follow that document. Combined with a network-ready printer, mail/DNS services provided by their ISP, and an inexpensive router, one could have a simple and workable solution. It should be possible to set up a simple environment without hiring a Unix/Network engineer. I'd like to thank everyone for their comments and suggestions.
Small office with BSD blueprint
Looking for feedback on a basic blueprint for a small office using BSD. Situation: Small office with maybe five workstations. Question: What would an all BSD setup look like? Solution that comes to mind: * Single server for DNS, DHCP, LPD, SMTP, IMAP, and home directories. * Full install with whatever desktop environment is chosen. * automount home directories. * Instead of NIS, maybe cron job to rsyc files like /etc/passwd, /etc/hosts, /etc/printcap from central server. Does anyone out there have a similar setup? -- Will Backman - Network Administrator Coastal Enterprises, Inc. http://www.ceimaine.org
Re: Small office with BSD blueprint
On Mon, Mar 20, 2006 at 09:53:30AM -0500, Will H. Backman wrote:
Looking for feedback on a basic blueprint for a small office using BSD.
Situation: Small office with maybe five workstations.
Question: What would an all BSD setup look like?
Solution that comes to mind:
* Single server for DNS, DHCP, LPD, SMTP, IMAP, and home directories.
* Full install with whatever desktop environment is chosen.
* automount home directories.
* Instead of NIS, maybe cron job to rsyc files like /etc/passwd,
/etc/hosts, /etc/printcap from central server.
Does anyone out there have a similar setup?
No, but I wanted to have that, so I might have a couple of ideas.
- A separate firewall is good for security, and very easy.
- Building an install script is good, but see below ...
- Rdist(1) is also very useful. Build a complete client install on the
server, then call rdist to update all clients. As long as you do some
simple things right - like not wiping /tmp or some of the files in
/etc that change when you get a DHCP lease or under /etc/ssh or
somesuch - this works perfectly.
Rdist *is* a bit old; cfengine or somesuch will be more modern, but I
find that rdist with a largish Makefile does exactly what I want.
- DHCP is not generally useful, unless you implement ...
- ... netboot, which is massively cool and very easy on the admin
And why not {N,A}FS-mount /home? That way, automounting is not necessary.
Joachim
Re: Small office with BSD blueprint
Will H. Backman wrote: Looking for feedback on a basic blueprint for a small office using BSD. Situation: Small office with maybe five workstations. Question: What would an all BSD setup look like? Solution that comes to mind: * Single server for DNS, DHCP, LPD, SMTP, IMAP, and home directories. * Full install with whatever desktop environment is chosen. * automount home directories. * Instead of NIS, maybe cron job to rsyc files like /etc/passwd, /etc/hosts, /etc/printcap from central server. Does anyone out there have a similar setup? -- Will Backman - Network Administrator Coastal Enterprises, Inc. http://www.ceimaine.org I have that. I suppose I can send details on what I've setup if you want. Let me make some comments relative to your solution: 1. You want more that one server for availability. If your single server goes down, all 5 employees will be non-productive. 2. I don't see a firewall. 3. I don't see a backup solution. This is critical. 4. You might consider a network printer rather than sharing one through your server. -- John R. Shannon, CISSP [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: Small office with BSD blueprint
Joachim Schipper wrote:
On Mon, Mar 20, 2006 at 09:53:30AM -0500, Will H. Backman wrote:
Looking for feedback on a basic blueprint for a small office using BSD.
Situation: Small office with maybe five workstations.
Question: What would an all BSD setup look like?
Solution that comes to mind:
* Single server for DNS, DHCP, LPD, SMTP, IMAP, and home directories.
* Full install with whatever desktop environment is chosen.
* automount home directories.
* Instead of NIS, maybe cron job to rsyc files like /etc/passwd,
/etc/hosts, /etc/printcap from central server.
Does anyone out there have a similar setup?
No, but I wanted to have that, so I might have a couple of ideas.
- A separate firewall is good for security, and very easy.
Yes, firewall/NAT router is assumed. Could even be a simple $40 Linksys
box.
- Building an install script is good, but see below ...
- Rdist(1) is also very useful. Build a complete client install on the
server, then call rdist to update all clients. As long as you do some
simple things right - like not wiping /tmp or some of the files in
/etc that change when you get a DHCP lease or under /etc/ssh or
somesuch - this works perfectly.
Rdist *is* a bit old; cfengine or somesuch will be more modern, but I
find that rdist with a largish Makefile does exactly what I want.
I'm looking for as simple and generic as possible. I'm not sure what
would be the most simple.
- DHCP is not generally useful, unless you implement ...
Do you usually assign static IPs?
- ... netboot, which is massively cool and very easy on the admin
And why not {N,A}FS-mount /home? That way, automounting is not necessary.
I guess a straight NFS mount could be easier. Fewer config files to
mess with.
Joachim
Re: Small office with BSD blueprint
John R. Shannon wrote: Will H. Backman wrote: Looking for feedback on a basic blueprint for a small office using BSD. Situation: Small office with maybe five workstations. Question: What would an all BSD setup look like? Solution that comes to mind: * Single server for DNS, DHCP, LPD, SMTP, IMAP, and home directories. * Full install with whatever desktop environment is chosen. * automount home directories. * Instead of NIS, maybe cron job to rsyc files like /etc/passwd, /etc/hosts, /etc/printcap from central server. Does anyone out there have a similar setup? -- Will Backman - Network Administrator Coastal Enterprises, Inc. http://www.ceimaine.org I have that. I suppose I can send details on what I've setup if you want. Let me make some comments relative to your solution: 1. You want more that one server for availability. If your single server goes down, all 5 employees will be non-productive. Is there a simple way to provide high availability for home directories? I don't care if IMAP is still running if the home directories are down. 2. I don't see a firewall. I assume something like a $40 linksys. 3. I don't see a backup solution. This is critical. Yes, that would be included also. Then we can start the whole dump vs. tar vs. pax vs. amanda debate. I'll stick with dump, given that it used for the examples in the FAQ for OpenBSD. 4. You might consider a network printer rather than sharing one through your server.
Re: Small office with BSD blueprint
I would be interested in the details on that also. Thanks in advance. On 3/20/06, John R. Shannon [EMAIL PROTECTED] wrote: Will H. Backman wrote: Looking for feedback on a basic blueprint for a small office using BSD. Situation: Small office with maybe five workstations. Question: What would an all BSD setup look like? Solution that comes to mind: * Single server for DNS, DHCP, LPD, SMTP, IMAP, and home directories. * Full install with whatever desktop environment is chosen. * automount home directories. * Instead of NIS, maybe cron job to rsyc files like /etc/passwd, /etc/hosts, /etc/printcap from central server. Does anyone out there have a similar setup? -- Will Backman - Network Administrator Coastal Enterprises, Inc. http://www.ceimaine.org I have that. I suppose I can send details on what I've setup if you want. Let me make some comments relative to your solution: 1. You want more that one server for availability. If your single server goes down, all 5 employees will be non-productive. 2. I don't see a firewall. 3. I don't see a backup solution. This is critical. 4. You might consider a network printer rather than sharing one through your server. -- John R. Shannon, CISSP [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: Small office with BSD blueprint
On Mon, Mar 20, 2006 at 11:14:04AM -0500, Will H. Backman wrote:
Joachim Schipper wrote:
On Mon, Mar 20, 2006 at 09:53:30AM -0500, Will H. Backman wrote:
Looking for feedback on a basic blueprint for a small office using BSD.
Situation: Small office with maybe five workstations.
Question: What would an all BSD setup look like?
Solution that comes to mind:
* Single server for DNS, DHCP, LPD, SMTP, IMAP, and home directories.
* Full install with whatever desktop environment is chosen.
* automount home directories.
* Instead of NIS, maybe cron job to rsyc files like /etc/passwd,
/etc/hosts, /etc/printcap from central server.
Does anyone out there have a similar setup?
No, but I wanted to have that, so I might have a couple of ideas.
- A separate firewall is good for security, and very easy.
Yes, firewall/NAT router is assumed. Could even be a simple $40 Linksys
box.
OpenBSD does a better job, though. ;-)
- Building an install script is good, but see below ...
- Rdist(1) is also very useful. Build a complete client install on the
server, then call rdist to update all clients. As long as you do some
simple things right - like not wiping /tmp or some of the files in
/etc that change when you get a DHCP lease or under /etc/ssh or
somesuch - this works perfectly.
Rdist *is* a bit old; cfengine or somesuch will be more modern, but I
find that rdist with a largish Makefile does exactly what I want.
I'm looking for as simple and generic as possible. I'm not sure what
would be the most simple.
I've found rdist(1) to be very powerful, albeit old. It's also scary
when misconfigured, as it will happily rm -rf every machine it has
access to.
That being said, it's easy to set up and part of the base system.
- DHCP is not generally useful, unless you implement ...
Do you usually assign static IPs?
Yes, on a small LAN such as this - why not? It cuts out one bad idea
(DHCP), and does not have any disadvantages I can see. Except maybe that
you need to update the DNS server(s) on all the Windows boxes if it
changes. And yes, that's happened to me...
- ... netboot, which is massively cool and very easy on the admin
And why not {N,A}FS-mount /home? That way, automounting is not necessary.
I guess a straight NFS mount could be easier. Fewer config files to
mess with.
That would be the obvious solution, yes.
Joachim
Re: Small office with BSD blueprint
On Mon, 20 Mar 2006 19:00:49 +0100 Joachim Schipper [EMAIL PROTECTED] spake: - DHCP is not generally useful, unless you implement ... Do you usually assign static IPs? Yes, on a small LAN such as this - why not? It cuts out one bad idea (DHCP), and does not have any disadvantages I can see. Except maybe that you need to update the DNS server(s) on all the Windows boxes if it changes. And yes, that's happened to me... One note on this I have run into... If you work at home and at the office on a portable, then having DHCP running helps you transition from one network to another (no changing IP's). But other than that...
Re: Small office with BSD blueprint
--- Joachim Schipper [EMAIL PROTECTED] wrote: [snip] Do you usually assign static IPs? Yes, on a small LAN such as this - why not? It cuts out one bad idea (DHCP), and does not have any disadvantages I can see. Except maybe that you need to update the DNS server(s) on all the Windows boxes if it changes. And yes, that's happened to me... Why is DHCP a bad idea? -- Peter Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Small office with BSD blueprint
Peter wrote: --- Joachim Schipper [EMAIL PROTECTED] wrote: [snip] Do you usually assign static IPs? Yes, on a small LAN such as this - why not? It cuts out one bad idea (DHCP), and does not have any disadvantages I can see. Except maybe that you need to update the DNS server(s) on all the Windows boxes if it changes. And yes, that's happened to me... Why is DHCP a bad idea? -- Peter Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com Perhaps I should also explain the reason for my original post. There is a lot of choice, which is a good thing for the well informed. While there can never be the right way, I don't see a lot of material out there that describes the most common way to deal with the typical scenarios.
Re: Small office with BSD blueprint
At 02:02 PM 3/20/2006 -0500, Peter wrote: Yes, on a small LAN such as this - why not? It cuts out one bad idea (DHCP), and does not have any disadvantages I can see. Except maybe that you need to update the DNS server(s) on all the Windows boxes if it changes. And yes, that's happened to me... Why is DHCP a bad idea? It isn't - DHCP simplifies network management. I can't count the number of times somebody brings a machine into the shop here; having to boot it and assign network/getway addresses would take WAY too long. *Especially* for some troublesome OSs that require rebooting to change IPs (not OBSD, of course). For a small network with no 'traveling' machines, NP, but for anything else, it's the only solution. Lee
Re: Small office with BSD blueprint
Why is DHCP a bad idea? rogue dhcp servers, broken clients, possible man in the middle attacks and unauthorised access problems http://www.networkpenetration.com/dhcp_flaws.html cheers ste
Re: Small office with BSD blueprint
Will H. Backman wrote: Looking for feedback on a basic blueprint for a small office using BSD. Situation: Small office with maybe five workstations. Question: What would an all BSD setup look like? Solution that comes to mind: * Single server for DNS, DHCP, LPD, SMTP, IMAP, and home directories. * Full install with whatever desktop environment is chosen. * automount home directories. * Instead of NIS, maybe cron job to rsyc files like /etc/passwd, /etc/hosts, /etc/printcap from central server. Does anyone out there have a similar setup? Also, am I crazy for avoiding NIS in a small, trusted network like a small office?
Re: Small office with BSD blueprint
On Mon, 2006-03-20 at 20:02:24 +, Ste Jones proclaimed... rogue dhcp servers, broken clients, possible man in the middle attacks and unauthorised access problems http://www.networkpenetration.com/dhcp_flaws.html Right, cause that doesn't happen w/o DHCP. Quit spreading FUD.
Re: Small office with BSD blueprint
* Peter [EMAIL PROTECTED] [2006-03-20 20:08]: Why is DHCP a bad idea? it isn't.
Re: Small office with BSD blueprint
On Mon, Mar 20, 2006 at 03:23:36PM -0500, Will H. Backman wrote: Will H. Backman wrote: Looking for feedback on a basic blueprint for a small office using BSD. Situation: Small office with maybe five workstations. Question: What would an all BSD setup look like? Solution that comes to mind: * Single server for DNS, DHCP, LPD, SMTP, IMAP, and home directories. * Full install with whatever desktop environment is chosen. * automount home directories. * Instead of NIS, maybe cron job to rsyc files like /etc/passwd, /etc/hosts, /etc/printcap from central server. Does anyone out there have a similar setup? Also, am I crazy for avoiding NIS in a small, trusted network like a small office? I don't see the point in using it, either. As I pointed out elsewhere, rdist can do the same job for a small number of users. Joachim
Re: Small office with BSD blueprint
On Mon, Mar 20, 2006 at 02:02:58PM -0500, Peter wrote: --- Joachim Schipper [EMAIL PROTECTED] wrote: [snip] Do you usually assign static IPs? Yes, on a small LAN such as this - why not? It cuts out one bad idea (DHCP), and does not have any disadvantages I can see. Except maybe that you need to update the DNS server(s) on all the Windows boxes if it changes. And yes, that's happened to me... Why is DHCP a bad idea? It introduces nasty points of failure and is generally useless for a static machine population. Not to mention the fact that spoofing DHCP isn't very hard, though the same goes for many other important networking protocols. If you receive lots of visitors with laptops, allow them their own DHCP'ed /24, or /25, or something. Otherwise, static IPs work just fine, and I like knowing which machine has which address all the time (granted, a halfway decent DHCP implementation does that too). Joachim
Re: Small office with BSD blueprint
I would even consider doing away with dns and point everyone to the isp dns along with using static ip addresses. You only need dns if you anticipate a lot of users making dns queries to the point of affecting your bandwidth or you need a dns server to point the rest of the internet to your websites. With 5 users, I don't think you will deal with these issues. I would definitely, on such a small setup, get rid of lpd. Use direct ip, meaning everyone prints directly to the printer. I work in a network with about 50 printers and 300 users, and I almost never hear a user complain about print jobs jamming. And some of my users do heavy duty printing. Of course we buy HP network printers or use HP Jetdirect boxes for printers that don't have network cards built in. Do a google for Windows *Print Migrator* 3.1 http://www.microsoft.com/downloads/details.aspx?FamilyID=9B9F2925-CBC9-44DA-B2C9-FFDBC46B0B17displaylang=en from MS's site (assuming you are catering to a windows workshop). This program is free from MS will make installing printers a breeze. I played with LPD before and it seems more of a headache than direct IP. For full install ... desktop... google for g4u and consider creating an internal ftp server (this is especially great for a unix worksop). Or, in theory, you can create a samba server, do some research on www.*netboot**disk*.com and buy a single copy of norton ghost and thus build yourself a enterprise ghost server without paying for ghost enterprise, in theory. Or, create an ssh server, download insert linux, play around with sshfs and ntfsclone on the insert cd to clone workstations (this method I haven't really experimented with other than to create the image). With such a small network, minimize as much work as you can by avoiding services. Joachim Schipper wrote: On Mon, Mar 20, 2006 at 03:23:36PM -0500, Will H. Backman wrote: Will H. Backman wrote: Looking for feedback on a basic blueprint for a small office using BSD. Situation: Small office with maybe five workstations. Question: What would an all BSD setup look like? Solution that comes to mind: * Single server for DNS, DHCP, LPD, SMTP, IMAP, and home directories. * Full install with whatever desktop environment is chosen. * automount home directories. * Instead of NIS, maybe cron job to rsyc files like /etc/passwd, /etc/hosts, /etc/printcap from central server. Does anyone out there have a similar setup?
Re: Small office with BSD blueprint
Smith, I'd highly recommend the HP JetDirect in a small printer like a Laserjet 2x00 series. With 5-10 users and enough RAM in the printer, users won't even notice. They also seem to work well with whatever we throw at them, including OpenBSD (I'll be putting a LJ3500 on the network with an OBSD 3.8 server this week for a project). The 2x00 series is the smallest that can support a small office and have a JetDirect card internally. If you're going to go for Linux or BSD as your workstation OS, dd is your friend (and is very quick). If you have to use Windows, use Ghost. From: [EMAIL PROTECTED] on behalf of Smith Sent: Mon 3/20/2006 8:11 PM To: misc@openbsd.org Subject: Re: Small office with BSD blueprint I would even consider doing away with dns and point everyone to the isp dns along with using static ip addresses. You only need dns if you anticipate a lot of users making dns queries to the point of affecting your bandwidth or you need a dns server to point the rest of the internet to your websites. With 5 users, I don't think you will deal with these issues. I would definitely, on such a small setup, get rid of lpd. Use direct ip, meaning everyone prints directly to the printer. I work in a network with about 50 printers and 300 users, and I almost never hear a user complain about print jobs jamming. And some of my users do heavy duty printing. Of course we buy HP network printers or use HP Jetdirect boxes for printers that don't have network cards built in. Do a google for Windows *Print Migrator* 3.1 http://www.microsoft.com/downloads/details.aspx?FamilyID=9B9F2925-CBC9-44DA- B2C9-FFDBC46B0B17displaylang=en from MS's site (assuming you are catering to a windows workshop). This program is free from MS will make installing printers a breeze. I played with LPD before and it seems more of a headache than direct IP. For full install ... desktop... google for g4u and consider creating an internal ftp server (this is especially great for a unix worksop). Or, in theory, you can create a samba server, do some research on www.*netboot**disk*.com and buy a single copy of norton ghost and thus build yourself a enterprise ghost server without paying for ghost enterprise, in theory. Or, create an ssh server, download insert linux, play around with sshfs and ntfsclone on the insert cd to clone workstations (this method I haven't really experimented with other than to create the image). With such a small network, minimize as much work as you can by avoiding services. Joachim Schipper wrote: On Mon, Mar 20, 2006 at 03:23:36PM -0500, Will H. Backman wrote: Will H. Backman wrote: Looking for feedback on a basic blueprint for a small office using BSD. Situation: Small office with maybe five workstations. Question: What would an all BSD setup look like? Solution that comes to mind: * Single server for DNS, DHCP, LPD, SMTP, IMAP, and home directories. * Full install with whatever desktop environment is chosen. * automount home directories. * Instead of NIS, maybe cron job to rsyc files like /etc/passwd, /etc/hosts, /etc/printcap from central server. Does anyone out there have a similar setup?
Re: Small office with BSD blueprint
Smith wrote: I would even consider doing away with dns and point everyone to the isp dns along with using static ip addresses. You only need dns if you anticipate a lot of users making dns queries to the point of affecting your bandwidth or you need a dns server to point the rest of the internet to your websites. With 5 users, I don't think you will deal with these issues. I disagree with that; from a scalability point of view you don't need your own DNS resolver, but I've found that many ISPs' DNS servers for customer use aren't well-maintained or they're overloaded. Running your own DNS server eliminates this as a possible problem.
Re: Small office with BSD blueprint
Will H. Backman wrote: I assume something like a $40 linksys. Might I suggest that if you have budget for an extra computer or an older one laying around (not *too* old if you want decent outgoing internet performance) pop some NICs into it and use pfSense ( www.pfsense.com ) to make it a firewall. It uses the same firewall as OpenBSD (pf) and has a nice webGUI to make managing the firewall easy. It does everything I've ever needed it to do and more, including failover (to improve availability) and other services that you have to pay extra for on a linksys box-type solution (IPSec VPN). It also has all the standard things too (DHCP, DNS forwarder, etc). The only way I could see it improving would be if it switched to OpenBSD as a base system. (It currently uses FreeBSD)
Re: Small office with BSD blueprint
On Tuesday 21 March 2006 03:02, Peter wrote: Why is DHCP a bad idea? It isnt, it's usually a very good idea since it makes network management a whole lot simpler. Of course, with only a handfull of machines using a static configuration might not be a big deal but if you have people coming in with laptops on a regular basis the static setup quickly becomes a pain even on a small network. --- Lars Hansson
Re: Small office with BSD blueprint
On Tuesday 21 March 2006 00:19, Will H. Backman wrote: 2. I don't see a firewall. I assume something like a $40 linksys. If your intention is to use OpenBSD why be cheap on the fireqwall and use total garbage? --- Lars Hansson
