New script: create-server-cert (in DATADIR/d-e-c/tool/)
Hi all, I have just committed a very useful script to d-e-c that easily assists a site admin to create web server certificates for additional web (or whatever) servers on a Debian Edu network. This script expects a host.domain name as first cmdline arguemnt. Usage: create-server-cert . Then, this script searches LDAP for the given host.domain name. It expects this host.domain name to have a DNS A record in LDAP (i.e. it is expected to to be the IP's FQDN. If a host is given matching the above criterion, this script extracts all CNAME records pointing at this host.domain FQDN from LDAP. The FQDN and all CNAME aliases are then put into a temporary openssl.conf (and v3.conf) file and the script tries to create an SSL server certificate for the given host. The created files will be stored in /etc/ssl/certs/_.crt and /etc/ssl/private/_domain.key. Limitations / ToDos: - the script expects A records and CNAME records to share the same domain Please let me know what you think about this? (I dearly hope, we haven't had such a script already). light+love Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpPaGrhk3PSa.pgp Description: Digitale PGP-Signatur
debian-edu-config_2.11.14_source.changes ACCEPTED into unstable
Accepted: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 20 Feb 2020 15:50:52 +0100 Source: debian-edu-config Architecture: source Version: 2.11.14 Distribution: unstable Urgency: medium Maintainer: Debian Edu Developers Changed-By: Holger Levsen Closes: 951070 Changes: debian-edu-config (2.11.14) unstable; urgency=medium . [ Wolfgang Schweer ] * Make Debian-Edu_rootCA available on client systems via the system-wide CA bundle in /etc/ssl/certs/ca-certificates.crt: - Add debian/debian-edu-config.fetch-rootca-cert (Closes: #951070) * Adjust debian/rules to reflect the change. Checksums-Sha1: 6922e47667fe4a0ceeb5ec1de5d1bc58c602153c 1923 debian-edu-config_2.11.14.dsc e6c0bbb71c27ea15eba42b345f4a9961b16f07e6 342072 debian-edu-config_2.11.14.tar.xz ec90cbf040f9ba9383acc67492268a51a50fde41 5493 debian-edu-config_2.11.14_source.buildinfo Checksums-Sha256: 3490ccb7a260a88f065e2febfd1d78cc2aa185f117ab9dd46ed4f51d4020c51e 1923 debian-edu-config_2.11.14.dsc aa4594086cf8d810c52a5fe5d95a5af7f373d72785430ba1eec565fb610ccd6d 342072 debian-edu-config_2.11.14.tar.xz 6bac9d3a2fb7639f1523d848baf6e473d5cfa4495189f2ed5cd6d2b3abd2672b 5493 debian-edu-config_2.11.14_source.buildinfo Files: af6e920544ad1d130f04d7a10e555f62 1923 misc optional debian-edu-config_2.11.14.dsc a3cca7b9ea2d99d97b303be5f836942b 342072 misc optional debian-edu-config_2.11.14.tar.xz e97387f4b94bb6d9f7d48f51d30e8dde 5493 misc optional debian-edu-config_2.11.14_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAl5OnTkACgkQCRq4Vgaa qhxX9g/+NhNAqJC75MpYaW2dWEGSM5WY+Xa+4VnyKYVj0V/wymyvReu52ur+HPEh 7e5KMI2MdYgrfEwe6gq+Xd0g/S+HY2wQu9s26bE2ps7WmMJSQqOdOGR+GgIGzlLT msKTraafLTrKXlH3cGNvRubFJkHrdTfVt4P5N9RmAHCUGFajJDuVsp76y/EkbmEB eX2nzPJO0haIVG3MIjupGGg5NhY5sA7YbL/IBCeRYcH+KHwBDf40YAxrdAiV7ehu 1a+01h+7mbxL/NUeUE0EDwB2K36S2k8Tyls+qcVA2FL6AnemtVAQv2wJ+uED/Rpl An7hg+0869HZrJxWSlmz2RffNiJ+h2ZbJ8hb3ZjiOTDnogX24sMJ9S33unrqNOTU nNman8eoCMmPBOL3Em0IQauEQ1wn4aUKwEwJt5gAdY9nrT55jtTs8QEL1UBvc2CP FUoyVx1WJsymCG5HhIeShJ4f+cCxSdO2FhC/41xHe1EE8/6hv30C63H3gae+HyaU yqEz07d7z41PuAfFjHG4hSpESv53lWY1Zw7hm57UavCthCgZEU6GLtu3XKep4NYw AgzSld2JTVX4waXJqAQEIpxcewZ+slN/DnWlPy5qaHiwQ3ljKlCQCjFfLxV3pXtL yH2YRY+8zCJGrxT4caAG6LIj3UggScheW9psdKdEsT1NFIBt4T8= =u+Rm -END PGP SIGNATURE- Thank you for your contribution to Debian.
Bug#951070: marked as done (debian-edu-config: make Debian-Edu_rootCA available via /etc/ssl/certs/ca-certificates.crt)
Your message dated Thu, 20 Feb 2020 15:19:25 + with message-id and subject line Bug#951070: fixed in debian-edu-config 2.11.14 has caused the Debian Bug report #951070, regarding debian-edu-config: make Debian-Edu_rootCA available via /etc/ssl/certs/ca-certificates.crt to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 951070: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951070 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: debian-edu-config Version: 2.11.12 Severity: wishlist Driving the fetch-ldap-cert logic another step forward. We should, on retrieval of Debian-Edu_rootCA.crt, move that file to /usr/local/share/ca-certificates/debian-edu/ and run update-ca-certificates afterwards. This assures that Debian-Edu_rootCA is available in the system-wide CA bundle in /etc/ssl/certs/ca-certificates.crt. This issue relates to #926388 (let Firefox trust /etc/ssl/certs/ca-certificates.crt) Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpAp0jBGAgVQ.pgp Description: Digitale PGP-Signatur --- End Message --- --- Begin Message --- Source: debian-edu-config Source-Version: 2.11.14 Done: Holger Levsen We believe that the bug you reported is fixed in the latest version of debian-edu-config, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 951...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Holger Levsen (supplier of updated debian-edu-config package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Thu, 20 Feb 2020 15:50:52 +0100 Source: debian-edu-config Architecture: source Version: 2.11.14 Distribution: unstable Urgency: medium Maintainer: Debian Edu Developers Changed-By: Holger Levsen Closes: 951070 Changes: debian-edu-config (2.11.14) unstable; urgency=medium . [ Wolfgang Schweer ] * Make Debian-Edu_rootCA available on client systems via the system-wide CA bundle in /etc/ssl/certs/ca-certificates.crt: - Add debian/debian-edu-config.fetch-rootca-cert (Closes: #951070) * Adjust debian/rules to reflect the change. Checksums-Sha1: 6922e47667fe4a0ceeb5ec1de5d1bc58c602153c 1923 debian-edu-config_2.11.14.dsc e6c0bbb71c27ea15eba42b345f4a9961b16f07e6 342072 debian-edu-config_2.11.14.tar.xz ec90cbf040f9ba9383acc67492268a51a50fde41 5493 debian-edu-config_2.11.14_source.buildinfo Checksums-Sha256: 3490ccb7a260a88f065e2febfd1d78cc2aa185f117ab9dd46ed4f51d4020c51e 1923 debian-edu-config_2.11.14.dsc aa4594086cf8d810c52a5fe5d95a5af7f373d72785430ba1eec565fb610ccd6d 342072 debian-edu-config_2.11.14.tar.xz 6bac9d3a2fb7639f1523d848baf6e473d5cfa4495189f2ed5cd6d2b3abd2672b 5493 debian-edu-config_2.11.14_source.buildinfo Files: af6e920544ad1d130f04d7a10e555f62 1923 misc optional debian-edu-config_2.11.14.dsc a3cca7b9ea2d99d97b303be5f836942b 342072 misc optional debian-edu-config_2.11.14.tar.xz e97387f4b94bb6d9f7d48f51d30e8dde 5493 misc optional debian-edu-config_2.11.14_source.buildinfo -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAl5OnTkACgkQCRq4Vgaa qhxX9g/+NhNAqJC75MpYaW2dWEGSM5WY+Xa+4VnyKYVj0V/wymyvReu52ur+HPEh 7e5KMI2MdYgrfEwe6gq+Xd0g/S+HY2wQu9s26bE2ps7WmMJSQqOdOGR+GgIGzlLT msKTraafLTrKXlH3cGNvRubFJkHrdTfVt4P5N9RmAHCUGFajJDuVsp76y/EkbmEB eX2nzPJO0haIVG3MIjupGGg5NhY5sA7YbL/IBCeRYcH+KHwBDf40YAxrdAiV7ehu 1a+01h+7mbxL/NUeUE0EDwB2K36S2k8Tyls+qcVA2FL6AnemtVAQv2wJ+uED/Rpl An7hg+0869HZrJxWSlmz2RffNiJ+h2ZbJ8hb3ZjiOTDnogX24sMJ9S33unrqNOTU nNman8eoCMmPBOL3Em0IQauEQ1wn4aUKwEwJt5gAdY9nrT55jtTs8QEL1UBvc2CP FUoyVx1WJsymCG5HhIeShJ4f+cCxSdO2FhC/41xHe1EE8/6hv30C63H3gae+HyaU yqEz07d7z41PuAfFjHG4hSpESv53lWY1Zw7hm57UavCthCgZEU6GLtu3XKep4NYw AgzSld2JTVX4waXJqAQEIpxcewZ+slN/DnWlPy5qaHiwQ3ljKlCQCjFfLxV3pXtL yH2YRY+8zCJGrxT4caAG6LIj3UggScheW9psdKdEsT1NFIBt4T8= =u+Rm -END PGP SIGNATURE End Message ---
Processing of debian-edu-config_2.11.14_source.changes
debian-edu-config_2.11.14_source.changes uploaded successfully to localhost along with the files: debian-edu-config_2.11.14.dsc debian-edu-config_2.11.14.tar.xz debian-edu-config_2.11.14_source.buildinfo Greetings, Your Debian queue daemon (running on host usper.debian.org)
Re: Backup
Hi Roman, Roman Meier schreef op do 20-02-2020 om 08:25 [+0100]: > Hi folks, > > After having lost some data I have started to read more about the backup > feature included in Debian Edu. > > The backups on our server seem to run just fine according to the status > page of slbackup.php. However, menuitems "Restore" and "Maintenance" give > no options to choose from. Why? Most likely your /etc/slbackup/slbackup.conf configuration file lay-out is the reason why. > > I also wonder about the "Config" page. Fields under "Server config" are > filled but none are set in "Client config". I don't actually understand > the difference between the 2 sections. I couldn't find any documentation. The package comes with an example configuration file. Take a look at /usr/share/doc/slbackup/examples/slbackup-server+ltsp.conf and compare it to your own /etc/slbackup/slbackup.conf configuration file. The slbackup system is an ordinary client server system. The main server tjener runs the back up service and thus acts as the slbackup server. Machines that have some files and directories backed up are clients. Since also files and directories of tjener are backed up by the slbackup service, tjener is in this respect the backup client. If you have other machines in your network that are backed up, they also are clients. > > Kind regards, > Roman > -- Kind regards, Frans Spiesschaert
Bug#951686: education-workstation: add gvfs-fuse under Recommends: field
Hi Wolfgang, On Do 20 Feb 2020 12:03:25 CET, Wolfgang Schweer wrote: Moin Mike, On Thu, Feb 20, 2020 at 07:30:02AM +, Mike Gabriel wrote: It becomes even more urgent on Roaming Workstations, where the server-side HOMEs are mounted via gvfsd as SMB shares. If users shall be able to access their home from a terminal, then gvfs-fuse daemon needs to be running in the background. It seems that gvfs-backends needs to be installed on the roaming workstation (gvfs-fuse unneeded). At least accessing the remote homedir (10.3 main server) from a Debian Edu 10.3 roaming ws (w/ default desktop Xfce) is working in this case. Please check. Wolfgang my point here is about accessing the SMB share mounted via gvfsd from a terminal. I can access the SMB home via Caja ( or any other gvfs compliant file browser ) all fine. However, without gvfs-fuse installed, I don't see an actual mounted directory anywhere on the system. Mike -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpNuGPNSpnWG.pgp Description: Digitale PGP-Signatur
Bug#951686: education-workstation: add gvfs-fuse under Recommends: field
Moin Mike, On Thu, Feb 20, 2020 at 07:30:02AM +, Mike Gabriel wrote: > It becomes even more urgent on Roaming Workstations, where the server-side > HOMEs are mounted via gvfsd as SMB shares. If users shall be able to access > their home from a terminal, then gvfs-fuse daemon needs to be running in the > background. It seems that gvfs-backends needs to be installed on the roaming workstation (gvfs-fuse unneeded). At least accessing the remote homedir (10.3 main server) from a Debian Edu 10.3 roaming ws (w/ default desktop Xfce) is working in this case. Please check. Wolfgang signature.asc Description: PGP signature
Re: How to restore the newteacher template in Gosa2?
On Thu, Feb 20, 2020 at 09:56:56AM +0100, Wolfgang Schweer wrote: > Yes. The 'newteacher' group is similar to the 'newstudent' group. GID > for newteacher should be 1002 as opposed to 1001 for newstudent. actually: 1001 as opposed to 1002 Wolfgang signature.asc Description: PGP signature
Re: How to restore the newteacher template in Gosa2?
Hi Roman, On Thu, Feb 20, 2020 at 09:03:29AM +0100, Roman Meier wrote: > Seems this is a little tricky. > > It appears I actually deleted user "NewTeacher". Did this result in the > deletion of its group, which may have been "newteacher"? Do I need to > recreate this group as well? Yes. The 'newteacher' group is similar to the 'newstudent' group. GID for newteacher should be 1002 as opposed to 1001 for newstudent. Good luck, Wolfgang signature.asc Description: PGP signature
Re: How to restore the newteacher template in Gosa2?
Hi Wolfgang, Seems this is a little tricky. It appears I actually deleted user "NewTeacher". Did this result in the deletion of its group, which may have been "newteacher"? Do I need to recreate this group as well? Wish I had a backup. Such a mess :( Kind regards, Roman > On Tue, Feb 18, 2020 at 08:43:40AM +0100, Roman Meier wrote: >> Unfortunately I managed to accidentally delete the newteacher template >> in >> Gosa2. >> >> How can I restore it? > > You should e able to re-create it. Take a look at the NewStudent > template (main tab, POSIX and Samba tab). The NewTeacher template is > similar, just replace student(s) with teacher(s) in all fields. IIRC, > the only difference is the UID/GID which is 1001 as opposed to 1002 for > the students and the group membership (teachers und students). Just > compare an existing teacher account to be sure about it. > > Good luck, > Wolfgang >