Re: GOsa + no-internet flag implementation
Hi Petter, On Fr 19 Aug 2011 22:23:09 CEST Petter Reinholdtsen wrote: [Mike Gabriel] Any suggestions are appreciated... Are you aware of debian-edu-config/sbin/debian-edu-update-netblock? It seem relevant for this use case. No, I don't... I'll take a look on Monday. The weekend is a weekend off... I'LL let you know what I find. And... possibly others have other ideas. Looking forward to more input on that. Thanks, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpXuatCUlgfc.pgp Description: Digitale PGP-Unterschrift
Re: GOsa + no-internet flag implementation
[Mike Gabriel] > Any suggestions are appreciated... Are you aware of debian-edu-config/sbin/debian-edu-update-netblock? It seem relevant for this use case. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110819202309.gp31...@login1.uio.no
GOsa + no-internet flag implementation
Hi all, hi Alejandro+Benoit, how would you implement the control of an no-internet flag (in LDAP look at by squid) with GOsa²? What I need for a Debian Edu project is: o be able to turn on-and-off internet on a per user basis o on a group (posixGroup, groupOfNames) basis o on a class room basis Any suggestions are appreciated... Thanks, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpK2D0dBumdL.pgp Description: Digitale PGP-Unterschrift
Re: Bug#613167: Diskless Workstations not using kerberized NFSv4 for homes currently
Hi Andi, On Fr 19 Aug 2011 17:41:00 CEST "Andreas B. Mundt" wrote: user debian-edu@lists.debian.org usertag 638157 + debian-edu thanks On Thu, Aug 18, 2011 at 10:52:18AM +0200, Mike Gabriel wrote: Hi all, is it intended that current diskless workstations in Skolelinux do not use kerberized NFSv4? Hi, it looks like kerberization does not work with current nfs-utils, see http://bugs.debian.org/638157>. Hopefully this can be fixed in a point release, the patch doesn't look very invasive ... Best regards, Andi This is weird as I am using kerberization on squeeze root servers... However, I use sec=krb5p... I will test that at my customer's on Monday. Maybe sec=krb5i works. krb5p is to CPU intensive for many open files... Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpLZO6B792SO.pgp Description: Digitale PGP-Unterschrift
Bug#638541: new debian-edu background not shown on GNOME desktops
Package: debian-edu-artwork Version: SVN-r73887 Severity: minor Hi all, the new debian-edu artwork is not shown on GNOME desktops. The desktop stays green (default background color of GNOME). When using gconf-editor as root, I can see a key /desktop/gnome/bacground/picture_filename with the value: /usr/share/wallpapers/debian-edu-wallpaper.png But the file does not exist (I can only those with the screen width in their filename). As I have a school here the completely runs on 4:5 / 4:3 displays, I have manually created a symlink from debian-edu-wallpaper.png -> debian-edu-wallpaper01_1600x1200.png I guess we should use alternatives here, as well? Or is there an auto-recognition mechanism for schreen width or something? Any ideas? Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpUKL3V9Nn5W.pgp Description: Digitale PGP-Unterschrift
Re: Bug#613167: Diskless Workstations not using kerberized NFSv4 for homes currently
user debian-edu@lists.debian.org usertag 638157 + debian-edu thanks On Thu, Aug 18, 2011 at 10:52:18AM +0200, Mike Gabriel wrote: > Hi all, > > is it intended that current diskless workstations in Skolelinux do > not use kerberized NFSv4? > Hi, it looks like kerberization does not work with current nfs-utils, see http://bugs.debian.org/638157>. Hopefully this can be fixed in a point release, the patch doesn't look very invasive ... Best regards, Andi -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110819154100.GA4242@flashgordon
Re: Removal of users takes ages on systems with many homes / many files.
[Mike Gabriel] > This happens because the find process that searches for purgable > dirs scans the whole hd which is not feasible on big installations. Why is this done in the script: chown -R root:root $RM_HOMEDIR chmod go-rwx $RM_HOMEDIR In my experience, there is no need to do the destructive recursive ownership change, and the chmod call would be enough. With the chown -R in place, there is no way to properly recover the files on disk if the user should be restored, as there is no way to know what ownership the files had. At the University of Oslo, we rename to .$user.removed and chmod to mode 0 to block access, and it has been working for us for years. We do not change ownership of the files in the hope directory. But we touch the home directory to know when the user was removed. > I have reduced the search depth to -maxdepth 1, maybe we could use a > -maxdepth 2 in case people cascade homes (e.g. like > /skole/tjener/home0/students, /skole/tjener/home0/teachers). Sound like a good idea. What about keeping an index instead, to not have to guess where hope pages used to be? It seem a bit risky, as it might end up removing files in other users home directory by mistake if it is allowed to search many levels, and might miss some if it isn't. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110819140839.gk31...@login1.uio.no
CAVE: do not rename a department (ou) in GOsa...
... because it will then vanish from the GOsa WebGUI and if there are many objects in it, it will take quite an effort to reconstruct everythin with ldapvi... GRMPF... (this is probably a GOsa upstream bug and I wonder if we should do something about that in Debian Edu...) Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgp0OhIexUQiU.pgp Description: Digitale PGP-Unterschrift
Removal of users takes ages on systems with many homes / many files.
Hi Andi, could you please cross-check SVN commit 73889. I made the experience that it takes such a long time before the gosa-remove script returns awareness back to the GOsa WebGUI that it makes the admin user think GOsa has died (and it might indeed do so if max_exec_time of php.ini is exceeded). This happens because the find process that searches for purgable dirs scans the whole hd which is not feasible on big installations. I have reduced the search depth to -maxdepth 1, maybe we could use a -maxdepth 2 in case people cascade homes (e.g. like /skole/tjener/home0/students, /skole/tjener/home0/teachers). What do you think? (and: How are you???) Best, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpiXYNXzBWuD.pgp Description: Digitale PGP-Unterschrift
Bug#638434: GOsa mass imports need time, tweak php.ini parms
Package: debian-edu-config Severity: normal Version: SVN-r73887 Hi all, first the good news: GOsa mass imports work and seem to handle imports quite nicely... But: they take time... 120 Stundents apprx. 2 minutes, sometimes longer (???) To honour that we should tweak these PHP values: # this one definitely, php.ini default in Debian is 30sec max_execution_time = 300 # maybe also this time, default is 60 max_input_time = 120 # just to be sure: increase from 128 to 256 (not necessarly, maybe) memory_limit = 256M The max_execution_time is a must to make mass imports work in GOsa for long student lists, the others can be considered as optional tweaks... Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpJbWMaDvFOI.pgp Description: Digitale PGP-Unterschrift