On Wed, Mar 04, 2015 at 06:38:43PM +0530, uday bhatye wrote: > > remaining things in the file are like > > [libdefaults] > default_realm = reached > ... > .... > .... > > [domain_realm] > intern = reached > .intern = reached
IIRC these 'reached' entries are created if name resolution is too slow or failing. Then the last word of some error output like 'no servers could be reached' is put into the file instead of the right server name. > I used http://ftp.skolelinux.org/skolelinux-cd/debian-edu-7.1+edu0-USB.iso > with verified checksum for install but no internet connection during > install. Most probably the missing internet connection is the reason for the failing name resolution. If i remember correctly I faced the same problem some time ago. > Now many users are using the system Great. > If something has went wrong in install, is there any way to detect/correct > it before it comes to jessie upgrade? Run 'debian-edu-test-install' and check the output. But I'm almost sure that this 'reached' issue is the only wrong thing. You should be able to create the correct file this way: (1) Enter the LTSP chroot: ltsp-chroot -a i386 (2) Run '/usr/share/debian-edu-config/tools/sssd-generate-config -k > /etc/krb5.conf (3) Run 'exit' to leave the chroot. The content of /opt/ltsp/i386/etc/krb5.conf should be like this: --------------------------------------------------------------------------- # Generated using /usr/share/debian-edu-config/tools/sssd-generate-config -k [libdefaults] default_realm = INTERN # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # # Thie only time when you might need to uncomment these lines and change # the enctypes is if you have local software that will break on ticket # caches containing ticket encryption types it doesn't know about (such as # old versions of Sun Java). # default_tgs_enctypes = des3-hmac-sha1 # default_tkt_enctypes = des3-hmac-sha1 # permitted_enctypes = des3-hmac-sha1 # The following libdefaults parameters are only for Heimdal Kerberos. v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] INTERN = { kdc = kerberos admin_server = kerberos } [domain_realm] intern = INTERN .intern = INTERN [login] krb4_convert = true krb4_get_tickets = false ---------------------------------------------------------- Wolfgang
signature.asc
Description: Digital signature