Re: Questions/comments on the eduroaming package
[Giorgio Pioda] > Well, first round failed. The setup-roaming script fails because > the sssd-generate-config produces only an empty file. Running > sssd-generate-config alone, I don't get any error. Not an easy debug. > > I've also tried to install krb5-clients package and rerun > sssd-generate-config with no results. Is it an issue at ldap level? It is probably a problem with the hostname. If it isn't FQDN, sssd-generate-config used to fail. Fixed in svn. Try running sssd-generate-config 'DNS-domain' to tell it where to look. -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130523064745.gi22...@ulrik.uio.no
Re: Questions/comments on the eduroaming package
On Wed, May 22, 2013 at 10:59:06AM +0200, Petter Reinholdtsen wrote: > > I had a closer look at the eduroaming package in svn, and got some > questions. > > - Why isn't the package using the >/usr/share/debian-edu-config/tools/setup-roaming script to configure >the roaming setup? It would allow for a more dynamic setup, without >the hardcoded LDAP and Kerberos values. Well, first round failed. The setup-roaming script fails because the sssd-generate-config produces only an empty file. Running sssd-generate-config alone, I don't get any error. Not an easy debug. I've also tried to install krb5-clients package and rerun sssd-generate-config with no results. Is it an issue at ldap level? Regards Giorgio -- Sysadmin SPSE-Tenero Ufficio: +41 91 735 62 48 Cellulare: +41 79 629 20 63 -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130523064144.ga6...@ticino.com
libpam-mklocaluser_0.8~deb7u1_i386.changes ACCEPTED into proposed-updates->stable-new
Mapping wheezy to stable. Mapping stable to proposed-updates. Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Sat, 04 May 2013 08:25:53 +0200 Source: libpam-mklocaluser Binary: libpam-mklocaluser Architecture: source all Version: 0.8~deb7u1 Distribution: wheezy Urgency: low Maintainer: Debian Edu Developers Changed-By: Petter Reinholdtsen Description: libpam-mklocaluser - Configure PAM to create a local user if it do not exist already Closes: 706753 Changes: libpam-mklocaluser (0.8~deb7u1) wheezy; urgency=low . * Rewrite runcmd() to work with Python on Wheezy (Closes: #706753). Checksums-Sha1: 68f8893d7c7cc33bc05c548c36fd4a0ede5b2181 1085 libpam-mklocaluser_0.8~deb7u1.dsc cc09e6f4207260e3d2a8d7d11337897307d0 5269 libpam-mklocaluser_0.8~deb7u1.tar.gz 86dd4966921a01774027f62a66ef6effe37097c3 5700 libpam-mklocaluser_0.8~deb7u1_all.deb Checksums-Sha256: 51de9bb97812ba4d29abaecee2bb24c2e38a51f24f7aba733f2b631ae2fc8c83 1085 libpam-mklocaluser_0.8~deb7u1.dsc a921c925007ee562f9d1488fe5863d6661905fc7748107ff11c40da9d25e3604 5269 libpam-mklocaluser_0.8~deb7u1.tar.gz 22ff8e44a62ee5bfa8ae04f7dd0701895374aa99525740bdc75f3b2d48631186 5700 libpam-mklocaluser_0.8~deb7u1_all.deb Files: a1e71c154f5d6f014407ec3407299e0a 1085 misc optional libpam-mklocaluser_0.8~deb7u1.dsc 9ad3d71935f3f61f0e0c303562a20f47 5269 misc optional libpam-mklocaluser_0.8~deb7u1.tar.gz ea69c75fb0be07b3ee12e98b6ae6622e 5700 misc optional libpam-mklocaluser_0.8~deb7u1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iD8DBQFRnYwM20zMSyow1ykRAhOiAJ0XgHudUhO8kctFBcryHSWfJJ3e5gCg0vpj 8QIDxC5rjXvzhX0/2Rrsdn0= =/pZR -END PGP SIGNATURE- Thank you for your contribution to Debian. -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1ufmhf-00024m...@franck.debian.org
Processing of libpam-mklocaluser_0.8~deb7u1_i386.changes
libpam-mklocaluser_0.8~deb7u1_i386.changes uploaded successfully to localhost along with the files: libpam-mklocaluser_0.8~deb7u1.dsc libpam-mklocaluser_0.8~deb7u1.tar.gz libpam-mklocaluser_0.8~deb7u1_all.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1ufmc4-0001ik...@franck.debian.org
debian-edu-install_1.711~svn80199_amd64.changes ACCEPTED
Accepted: debian-edu-install-udeb_1.711~svn80199_all.udeb to pool/local/d/debian-edu-install/debian-edu-install-udeb_1.711~svn80199_all.udeb debian-edu-install_1.711~svn80199.dsc to pool/local/d/debian-edu-install/debian-edu-install_1.711~svn80199.dsc debian-edu-install_1.711~svn80199.tar.gz to pool/local/d/debian-edu-install/debian-edu-install_1.711~svn80199.tar.gz debian-edu-install_1.711~svn80199_all.deb to pool/local/d/debian-edu-install/debian-edu-install_1.711~svn80199_all.deb debian-edu-profile-udeb_1.711~svn80199_all.udeb to pool/local/d/debian-edu-install/debian-edu-profile-udeb_1.711~svn80199_all.udeb Override entries for your package: debian-edu-install-udeb_1.711~svn80199_all.udeb - optional local/debian-installer debian-edu-install_1.711~svn80199.dsc - extra local/misc debian-edu-install_1.711~svn80199_all.deb - extra local/misc debian-edu-profile-udeb_1.711~svn80199_all.udeb - optional local/debian-installer Announcing to comm...@skolelinux.org Thank you for your contribution to Debian-Edu/Skolelinux archive. -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1uffuc-id...@administrator.skolelinux.no
Roaming workstations in Debian-LAN available
(cc debian-edu, as they are working on the same issue ...) Hi all, with the latest commit, roaming workstations are available in Debian-LAN! http://anonscm.debian.org/gitweb/?p=collab-maint/debian-lan.git;a=commitdiff;h=9aef028d091e30f2a560315e89c604e7a07c2ffc> The ROAMING class allows to log into machines without connection to the Debian-LAN network. The class can be added to any standard workstation. A users first needs to log into the roaming machine when it is in the Debian-LAN network. After that, the machine may be taken off-line, the user can now still log in and a local home directory is created. Back in the Debian-LAN network and in the NFS-home directory, the user will find his off-line data in '/home//'. After some testing, I have already some improvement in mind: Copy the Debian-LAN home directory to the machine locally on the first login. Best regards, Andi -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130522202237.GA5420@fuzi
Re: Questions/comments on the eduroaming package
On Wed, May 22, 2013 at 10:59:06AM +0200, Petter Reinholdtsen wrote: > > I had a closer look at the eduroaming package in svn, and got some > questions. > > - Why isn't the package using the >/usr/share/debian-edu-config/tools/setup-roaming script to configure >the roaming setup? It would allow for a more dynamic setup, without >the hardcoded LDAP and Kerberos values. Digging in your script... The first question that I see, is that I don't think that all the krb5-* dependecies are resolved by the script itself. I'll test it in the next Regards -- Sysadmin SPSE-Tenero Ufficio: +41 91 735 62 48 Cellulare: +41 79 629 20 63 -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130522161421.ga8...@ticino.com
Re: Questions/comments on the eduroaming package
On Wed, May 22, 2013 at 02:27:17PM +0200, Petter Reinholdtsen wrote: > [Giorgio Pioda] > > Interesting, ssh is free here. Where do I get this access ? > > Hm, I failed to find english instructions on the web, so please follow > the instructions for sending an RT request at the end of > http://wiki.debian.org/DebianEdu/Infrastructure > and ask for > access to svn.skolelinux.no (and user.skolelinux.no). Remember to > include > > * suggested username > * a linux passwd hash > > If possible, also include > > * a signed GPG key fingerprint for a key available in the key servers > > > DO i have to svn checkout and recompile or is the eduroaming package > > "compiled" from the skolelinux repo server? If yes I don't know the > > download path. > > I only updated svn, so you have to build it yourself. :) I guess that educlient package needs a similar cleanup. Thanks a lot Giorgio -- Giorgio Pioda - Sysadmin SPSE-Tenero Cell +41 79 629 20 63 Uff. +41 91 735 62 48 -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130522131419.ga31...@macchianera.pioderia.lan
Re: Questions/comments on the eduroaming package
[Giorgio Pioda] > Interesting, ssh is free here. Where do I get this access ? Hm, I failed to find english instructions on the web, so please follow the instructions for sending an RT request at the end of http://wiki.debian.org/DebianEdu/Infrastructure > and ask for access to svn.skolelinux.no (and user.skolelinux.no). Remember to include * suggested username * a linux passwd hash If possible, also include * a signed GPG key fingerprint for a key available in the key servers > DO i have to svn checkout and recompile or is the eduroaming package > "compiled" from the skolelinux repo server? If yes I don't know the > download path. I only updated svn, so you have to build it yourself. :) -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130522122717.gb22...@ulrik.uio.no
Re: Questions/comments on the eduroaming package
On Wed, May 22, 2013 at 12:36:30PM +0200, Petter Reinholdtsen wrote: > [Giorgio Pioda] > > Ah, didn't know it. Is it a new entry for wheezy ? I remember that in > > squeeze all the kerberos stuff had to be solved manually. I've lost > > some development in the meanwhile. > > Nope, it was working in Squeeze too. > Thus, I worked in a quick and dirty manner... > > Unfortunately the telecom company that gives us network access blocks > > IRC. I can IRC only from home. :-( > > As a Debian Edu developer, you can get a ssh account on > user.skolelinux.no, and run IRC from there, or use ssh tunneling to get > on IRC from work. :) I hope the crappy ISP do not block ssh too. :/ > Interesting, ssh is free here. Where do I get this access ? > > Feel free to do some NMU if you have a ready solution. I'm right now > > installing a fresh Ubuntu 12.04 in VM. But it takes some time. > > I'll commit a few fixes to svn, for you to test. Only removing what I > belive is obsolete first. > DO i have to svn checkout and recompile or is the eduroaming package "compiled" from the skolelinux repo server? If yes I don't know the download path. Regards again Giorgio P.S: In the meanwhile I have some Ubuntu VM to test on. -- Giorgio Pioda - Sysadmin SPSE-Tenero Cell +41 79 629 20 63 Uff. +41 91 735 62 48 -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130522114236.ga25...@macchianera.pioderia.lan
Re: Questions/comments on the eduroaming package
[Giorgio Pioda] > Ah, didn't know it. Is it a new entry for wheezy ? I remember that in > squeeze all the kerberos stuff had to be solved manually. I've lost > some development in the meanwhile. Nope, it was working in Squeeze too. > Unfortunately the telecom company that gives us network access blocks > IRC. I can IRC only from home. :-( As a Debian Edu developer, you can get a ssh account on user.skolelinux.no, and run IRC from there, or use ssh tunneling to get on IRC from work. :) I hope the crappy ISP do not block ssh too. :/ > Feel free to do some NMU if you have a ready solution. I'm right now > installing a fresh Ubuntu 12.04 in VM. But it takes some time. I'll commit a few fixes to svn, for you to test. Only removing what I belive is obsolete first. -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2flwqqr1ett@diskless.uio.no
Re: Reduce the server load by asking firefox to not cache on disk
Hi all, I just accidentally came along a package which seems to be interesting in the current context: http://packages.debian.org/wheezy/unburden-home-dir Best regards, Andi -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130522102408.GA4886@fuzi
Re: Questions/comments on the eduroaming package
On Wed, May 22, 2013 at 11:54:29AM +0200, Petter Reinholdtsen wrote: > [Giorgio Pioda] > > Remember that this package is used to convert an Ubuntu plain install > > into a ubuntu roaming WS > > Sure, I remember this. I suspect it could also be used to convert a > Debian plain installation to a Debian roaming workstation. > > >> - Why isn't the package using the > >>/usr/share/debian-edu-config/tools/setup-roaming script to configure > >>the roaming setup? It would allow for a more dynamic setup, without > >>the hardcoded LDAP and Kerberos values. > > > > Well, clear why... see above > > The current Debian Edu roaming workstation setup is dynamic, looking > up the correct LDAP and Kerberos values at installation time. This > make it possible for me to install a Roaming workstation at my > university, and the machine pick up the correct LDAP and Kerberos > settings and integrate into the university infrastructure out of the > box. It should also handle modified Debian Edu networks where the > LDAP and Kerberos server is delegated to separate machines, or Debian > Edu networks where Active Directory is used as the Kerberos server. > Thus more flexible than the current eduroaming package. :) Ah, didn't know it. Is it a new entry for wheezy ? I remember that in squeeze all the kerberos stuff had to be solved manually. I've lost some development in the meanwhile. Thus, your script should substitute a bunch of things in my package (almost all). > > >> - Why is the LDAP schemas included in /etc/ldap/schema/? As far as I > >>know, only the LDAP server need them. > >> > > > > Uhmm... maybe my mistake. > > Perhaps. The files are present in svn. I looked at > . > > >> - Why is the etc/ldap/ssl/slapd-cert.cnf file included? As far as I > >>know, only the LDAP server need it. > > > > That's strange! In my last version I putted in the script > > that fetches the cert at boot time (taken from a debian > > roaming ws) and removed the rest. > > Well, the file is still in svn. Perhaps the svn version isn't the > latest source? Please update the svn source to the latest version if > this is the case. > > > To test it, it is very simple. You just need a fresh Ubuntu install, > > and then try to install the package and interact with your mainserver. > > > > I'll try to find some time to make a check round. Time flies... > > Great. Lets coordinate on IRC. Unfortunately the telecom company that gives us network access blocks IRC. I can IRC only from home. :-( Feel free to do some NMU if you have a ready solution. I'm right now installing a fresh Ubuntu 12.04 in VM. But it takes some time. Regards Giorgio -- Giorgio Pioda - Sysadmin SPSE-Tenero Cell +41 79 629 20 63 Uff. +41 91 735 62 48 -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130522102203.ga22...@macchianera.pioderia.lan
12 year anniversary for Debian Edu / Skolelinux this summer
The skolelinux project started with a meeting called together by Knut Yrvin 2001-07-02. It is twelve years ago this summer. Something to celebrate? I suggest we use #debian-edu to coordinate, if anyone is got time to organize something. http://en.wikipedia.org/wiki/Skolelinux > got some of the history, but need more references and links. :) -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130522100813.gd15...@ulrik.uio.no
Re: Questions/comments on the eduroaming package
[Giorgio Pioda] > Remember that this package is used to convert an Ubuntu plain install > into a ubuntu roaming WS Sure, I remember this. I suspect it could also be used to convert a Debian plain installation to a Debian roaming workstation. >> - Why isn't the package using the >>/usr/share/debian-edu-config/tools/setup-roaming script to configure >>the roaming setup? It would allow for a more dynamic setup, without >>the hardcoded LDAP and Kerberos values. > > Well, clear why... see above The current Debian Edu roaming workstation setup is dynamic, looking up the correct LDAP and Kerberos values at installation time. This make it possible for me to install a Roaming workstation at my university, and the machine pick up the correct LDAP and Kerberos settings and integrate into the university infrastructure out of the box. It should also handle modified Debian Edu networks where the LDAP and Kerberos server is delegated to separate machines, or Debian Edu networks where Active Directory is used as the Kerberos server. Thus more flexible than the current eduroaming package. :) >> - Why is the LDAP schemas included in /etc/ldap/schema/? As far as I >>know, only the LDAP server need them. >> > > Uhmm... maybe my mistake. Perhaps. The files are present in svn. I looked at . >> - Why is the etc/ldap/ssl/slapd-cert.cnf file included? As far as I >>know, only the LDAP server need it. > > That's strange! In my last version I putted in the script > that fetches the cert at boot time (taken from a debian > roaming ws) and removed the rest. Well, the file is still in svn. Perhaps the svn version isn't the latest source? Please update the svn source to the latest version if this is the case. > To test it, it is very simple. You just need a fresh Ubuntu install, > and then try to install the package and interact with your mainserver. > > I'll try to find some time to make a check round. Time flies... Great. Lets coordinate on IRC. -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130522095429.gc15...@ulrik.uio.no
Re: Questions/comments on the eduroaming package
Hi Petter > I had a closer look at the eduroaming package in svn, and got some > questions. > Remember that this package is used to convert an Ubuntu plain install into a ubuntu roaming WS > - Why isn't the package using the >/usr/share/debian-edu-config/tools/setup-roaming script to configure >the roaming setup? It would allow for a more dynamic setup, without >the hardcoded LDAP and Kerberos values. Well, clear why... see above > - Why is the LDAP schemas included in /etc/ldap/schema/? As far as I >know, only the LDAP server need them. > Uhmm... maybe my mistake. > - Why is the etc/ldap/ssl/slapd-cert.cnf file included? As far as I >know, only the LDAP server need it. That's strange! In my last version I putted in the script that fetches the cert at boot time (taken from a debian roaming ws) and removed the rest. > I suspect the package can be made simpler and more robust, but am a bit > unsure about its scope and did not dare to change the source in svn. :) > > Giorgio, lets discuss details on IRC, if you want me to try to improve > the package. I am unable to test it myself, and would depend on you to > test the changes. To test it, it is very simple. You just need a fresh Ubuntu install, and then try to install the package and interact with your mainserver. I'll try to find some time to make a check round. Time flies... Regards > -- > Happy hacking > Petter Reinholdtsen -- Giorgio Pioda - Sysadmin SPSE-Tenero Cell +41 79 629 20 63 Uff. +41 91 735 62 48 -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130522093113.ga20...@macchianera.pioderia.lan
Questions/comments on the eduroaming package
I had a closer look at the eduroaming package in svn, and got some questions. - Why isn't the package using the /usr/share/debian-edu-config/tools/setup-roaming script to configure the roaming setup? It would allow for a more dynamic setup, without the hardcoded LDAP and Kerberos values. - Why is the LDAP schemas included in /etc/ldap/schema/? As far as I know, only the LDAP server need them. - Why is the etc/ldap/ssl/slapd-cert.cnf file included? As far as I know, only the LDAP server need it. I suspect the package can be made simpler and more robust, but am a bit unsure about its scope and did not dare to change the source in svn. :) Giorgio, lets discuss details on IRC, if you want me to try to improve the package. I am unable to test it myself, and would depend on you to test the changes. -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2fl38tf2xwl@diskless.uio.no
Re: Idea: RDP based demo site for Debian Edu Wheezy
[David Prévot 2013-05-09] > Technical detail reminder: please note that www.debian.org is mirrored > (and www-master not user accessible). As security.d.o, the Geo-DNS > trick offer only a bunch of IP addresses based on the supposed > location of the client, and the mirrors (IP addresses) are subject to > changes as time flies. Thanks for the tip. I was not aware of this. I am unsure if we want to set up such machine to completely block access to the outside world or not. It would block browser testing, but also avoid a lot of potential security problems. I suspect a good first setup is to install Main-Server+Thin-Client-Server and block all outside access, and only allow web access to the local web server. -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/2fl7gir2z5i@diskless.uio.no
Re: Idea: RDP based demo site for Debian Edu Wheezy
Hi, Russell. You get this email because you are one of the SELinux experts in Debian. See the quoted idea below. Are you willing to help create SELinux rules to make this idea come true? If we try this, I suspect we should try to do it on a cloud computer somewhere. :) [Petter Reinholdtsen 2013-05-09] > Today I got an idea for how to make it easier to promote Debian Edu > Wheezy. The idea is to allow anyone to experience the Debian Edu > desktop without having to install it. It is based on the premise > that everyone have or can get RDP support on their desktop. Windows > have it included, Linux users can install rdesktop or freerdp, and > MacOSX users have it included as far as I know. > > We can set up a virtual machine with a combined Main Server + Thin > client server installation, change its subnet to one publicly > available on the Internet, add iptables rules (and perhaps SELinux > rules) to restrict what can be done with the machine, and publish > the username and password required to log in for everyone to test. > > The iptables rules should limit the external IP connections to only > a few web sites (like www.debian.org and wiki.debian.org), to allow > people to test the browser, but block all other access (like ssh, > telnet, whatever). > > This would allow people to test the non-3D user applications and > experience the desktop, without making it possible for malicious > users to use the demo site as a stepping stone for attacking others. > > We can create the virtual machine on the manager.skolelinux.no > virtual host. > > Is there some problem with this idea I have not thought of? Is it a > good or a bad idea? Will it work across the Internet? Other > comments? -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130522082746.ga15...@ulrik.uio.no
