ke, 2010-04-28 kello 20:43 +0200, Petter Reinholdtsen kirjoitti: > For some years now, I have wondered how we should handle laptops in > Debian Edu. The Debian Edu infrastructure is mostly designed to handle > stationary computers, and less suited for computers that come and go. > > Now I finally believe I have an sensible idea on how to adjust Debian > Edu for laptops, by introducing a new profile for them, for example > called Roaming Workstations. Here are my thought on this. The setup > would consist of the following:
Hi, I'm not using Debian Edu myself, but I've been dealing with the same issues on Ubuntu/Edubuntu in schools where laptops are shared between pupils and wlan is used for network connection. We have ldap/kerberos infrastructure in place and we wanted to use either ldap or kerberos authentication for laptops too. At first we tried using pam-ccreds and libnss-db/updatedb, but for some reason we never got it stable. It could be that missing network connection would sometimes break authentication even if user had authenticated before and sometimes it would work perfectly. Debugging the modules didn't reveal the problem, so we tried something else. Next we did https based authentication where a script run from pam would contact https server with user's credentials and transfer user and group information if authentication succeeded. This worked nicely and as a bonus no firewall seemed to stop it. Next we discovered sssd that was written as part of FreeIPA project by Fedora. sssd is packaged in Ubuntu, but seems to be missing from Debian. It loads user information from ldap and authenticates the user against ldap or kerberos. Once the information is on the laptop, it works in offline mode also. So far it's been working really nicely, so I can recommend this solution. For file synchronisation we've been using Unison and besides localisation and UI issues it's been working nicely. CUPS printer information broadcasting to local network works also with little configuration. Users see the available printers automatically and they disappear if the network goes down. There's more information about sssd on shared laptops in our blog: http://www.opinsys.fi/en/user-management-with-sssd-on-shared-laptops sssd homepage: https://fedorahosted.org/sssd/ I'm just a happy user and not involved in sssd's development or Ubuntu packaging. I hope this helps! Veli-Matti -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1272484997.2643.6344.ca...@vm-lucid