[seul-edu] 100% replacement of WinNT systems with Samba for schools

[Harish Pillay 9v1hp <harish@iqmind.com>]

Hi.  I am now facing an interesting problem and I think I have the solution
but am asking the list for further ideas. [Apologies for the longish email.]

I am in Singapore and my organization has been providing web-based Intranet 
services to the schools (K12) for the last two years.  Along the way, we 
have been asked to look into the infrastructure within the schools and come 
up with ideas on how to solve some of their problems.

Background:
-----------
Singaporean schools (totaling about 400 or so nationwide) are all wired up 
and have atleast a 2MB link to the Internet via the Singapore Ministry of 
Education - www.moe.gov.sg - (for proxy and filtering), which in turns goes 
out to the Internet via an ATM link to a broadband provider.  The networks 
in the schools are segregated into "Admin" and "Academic" segments via VLANs 
set up on CISCO and 3Com switches.  The admin vlan is for the school faculty
and administrators, while the academic vlan is for the students and general 
access areas - library, labs, open areas etc.  The schools are all on 
network 10, ie their IPs are 10.x.x.x given out via dhcp. 

Schools are set up with a (horrors) Windows NT server running Windows Domain 
services into which the school sets up accounts for faculty and students.  
Schools have a technical administrator to run this on a full-time basis 
(along with trouble shooting Windows machines in labs etc).  All the schools
run Windows 95/98 with some of them having Macs.  Sadly, none of them run 
Linux on the desktop (yet!).

Issue:
------
Now, even though the schools have a 2MB link to the Internet, albeit through
the Ministry, the problem of hundreds of schools aggregating into one and
then on to the net means that inevitably, real Internet access speeds are
paltry and intermitten.  Schools have therefore taken upon themselves to
find additional direct Internet connection and have approached us for help.

In order that additional access to the net does not compromise the network,
what needs to be done is for the academic vlan will be disconnected from 
the main network and the only network egress/ingress will be via the new
link.

This means that the students would not have the NT Domain logons to go 
through and will be freed from all of those issues.  What I have been able 
to propose is to run a Samba server to provide file and print services.  I 
have not proposed domain control via the latest Samba, but will do so once 
I am personally comfortable doing it unless there is a better way.  I think 
the preceding provides a holistic, stable and more or less license free 
solution.  

My question to the list is whether this is the right set of things to do 
and if not, what else can I provide?  My intention is to slowly proliferate 
Linux-based systems into the schools starting with Samba servers and later 
lab machines.  In the meantime, I need to ensure that whatever services
their existing WinNT machine provides is also provided by the Samba server
(except for domain logons).  Thus far, I think I have covered most everything.
I welcome suggestions and discussions on what else that can be done.

Regards.
PS: I am planning on being at Linuxworld Expo in SF next week.  Would be 
great to meet others on this list there.
--
Harish Pillay 9v1hp, Chief Technology Officer
I Q m i n d . c o m -- Where Learning Never Ceases

http://www.iqmind.com
w +65.323.6838 x 12   f +65.323.0208