On Wed, Mar 04, 2015 at 06:38:43PM +0530, uday bhatye wrote:
> 
> remaining things in the file are like
> 
> [libdefaults]
>         default_realm = reached
> ...
> ....
> ....
> 
> [domain_realm]
>         intern = reached
>         .intern = reached

IIRC these 'reached' entries are created if name resolution is too slow 
or failing. Then the last word of some error output like 'no servers 
could be reached' is put into the file instead of the right server name.
 
> I used http://ftp.skolelinux.org/skolelinux-cd/debian-edu-7.1+edu0-USB.iso
> with verified checksum for install but no internet connection during
> install.

Most probably the missing internet connection is the reason for the 
failing name resolution. If i remember correctly I faced the same 
problem some time ago.
 
> Now many users are using the system

Great.
 
> If something has went wrong in install, is there any way to detect/correct
> it before it comes to jessie upgrade?

Run 'debian-edu-test-install' and check the output. But I'm almost sure 
that this 'reached' issue is the only wrong thing.

You should be able to create the correct file this way:

(1) Enter the LTSP chroot: ltsp-chroot -a i386
(2) Run '/usr/share/debian-edu-config/tools/sssd-generate-config -k > 
/etc/krb5.conf
(3) Run 'exit' to leave the chroot.

The content of /opt/ltsp/i386/etc/krb5.conf should be like this:
---------------------------------------------------------------------------
# Generated using /usr/share/debian-edu-config/tools/sssd-generate-config -k
[libdefaults]
        default_realm = INTERN

# The following krb5.conf variables are only for MIT Kerberos.
        krb4_config = /etc/krb.conf
        krb4_realms = /etc/krb.realms
        kdc_timesync = 1
        ccache_type = 4
        forwardable = true
        proxiable = true

# The following encryption type specification will be used by MIT Kerberos
# if uncommented.  In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).

#       default_tgs_enctypes = des3-hmac-sha1
#       default_tkt_enctypes = des3-hmac-sha1
#       permitted_enctypes = des3-hmac-sha1

# The following libdefaults parameters are only for Heimdal Kerberos.
        v4_instance_resolve = false
        v4_name_convert = {
                host = {
                        rcmd = host
                        ftp = ftp
                }
                plain = {
                        something = something-else
                }
        }
        fcc-mit-ticketflags = true

[realms]
        INTERN = {
                kdc = kerberos 
                admin_server = kerberos 
        }

[domain_realm]
        intern = INTERN
        .intern = INTERN

[login]
        krb4_convert = true
        krb4_get_tickets = false
----------------------------------------------------------

Wolfgang

Attachment: signature.asc
Description: Digital signature

Reply via email to