Content and translation status for the debian-edu-bookworm manual
The (translated) debian-edu-bookworm manual in PDF, ePUB or HTML formats are available at https://jenkins.debian.net/userContent/debian-edu-doc// To understand this mail better, please read /usr/share/doc/debian-edu-doc/README. This mail is automatically send by a cronjob run by Holger Levsen every two weeks. Please send feedback, suggestions, flames and cookies via this list. debian-edu-bookworm-manual.da.po: 618 translated messages, 255 fuzzy translations, 165 untranslated messages. debian-edu-bookworm-manual.de.po: 965 translated messages, 28 fuzzy translations, 45 untranslated messages. debian-edu-bookworm-manual.es.po: 1038 translated messages. debian-edu-bookworm-manual.fr.po: 754 translated messages, 197 fuzzy translations, 87 untranslated messages. debian-edu-bookworm-manual.it.po: 1035 translated messages, 3 fuzzy translations. debian-edu-bookworm-manual.ja.po: 739 translated messages, 198 fuzzy translations, 101 untranslated messages. debian-edu-bookworm-manual.nb-no.po: 599 translated messages, 304 fuzzy translations, 135 untranslated messages. debian-edu-bookworm-manual.nl.po: 1038 translated messages. debian-edu-bookworm-manual.pl.po: 307 translated messages, 128 fuzzy translations, 603 untranslated messages. debian-edu-bookworm-manual.pt-br.po: 843 translated messages, 138 fuzzy translations, 57 untranslated messages. debian-edu-bookworm-manual.pt-pt.po: 768 translated messages, 188 fuzzy translations, 82 untranslated messages. debian-edu-bookworm-manual.pt.po: 837 translated messages, 156 fuzzy translations, 45 untranslated messages. debian-edu-bookworm-manual.ro.po: 1038 translated messages. debian-edu-bookworm-manual.sv.po: 756 translated messages, 43 fuzzy translations, 239 untranslated messages. debian-edu-bookworm-manual.uk.po: 1038 translated messages. debian-edu-bookworm-manual.zh-cn.po: 795 translated messages, 138 fuzzy translations, 105 untranslated messages. FIXME: The HowTos from https://wiki.debian.org/DebianEdu/HowTo/"/> are either user- or developer-specific. Let's move the user-specific HowTos over here (and delete them over there)! (But first ask the authors (see the history of those pages to find them) if they are fine with moving the howto and putting it under the GPL.) 1 FIXMEs left to fix
Re: User login issue
Hi Mike, > This very likely means that your Kerberos layer / service stack is broken. > > Do you have libpam-krb5 installed on TJENER? (That would be an easy solution). Nope, it was not installed. Maybe my legacy installation is not needing it? I installed it but things did not improve. > Does the new user object in LDAP have krb* LDAP attributes? Yep, I found 9 entires: krbPrincipalName: mm@INTERN krbPwdPolicyReference: cn=users,cn=INTERN,cn=kerberos,dc=skole,dc=skolelinux,dc=no krbLoginFailedCount: 0 krbTicketFlags: 128 krbPrincipalKey:: AwIBAqMDAgEBpIICPjCCAjowVKAHMAWgAwIBAKFJMEeg[...] krbPasswordExpiration: 1970010100Z krbLastPwdChange: 20240105153122Z krbExtraData:: AALKIJhlcm9vdC9hZG1pbkBJTlRFUk4A krbExtraData:: AAgBAA== > If you launch kadmin.local and then enter "list_principals": do any > Kerberos principals (users and/or hosts and/or services) get shown? Do > the user accounts that fail login get listed by this? Yep, they get all nicely listed. > If the new LDAP users don't get listed, try "add_princ -policy users > " and try login from another tty. > > If the new LDAP users get listed, try to set their password using "cpw ". I did this but the user still can't login. > Please also let me/us know what versions of Debian Edu you have > installed (11 or 12)? This one is my personal debian edu workstation and testserver. It's rather legacy and still on 10 (buster) with GOsa 2.7.4. > If 12, have you upgraded to latest package > versions? There was a bug in Debian Edu 12's debian-edu-config that > only got resolved recently: > > ``` > debian-edu-config (2.12.41~deb12u1) bookworm; urgency=medium > >* Upload to bookworm. > > -- Mike Gabriel Sun, 03 Dec 2023 08:45:42 +0100 > > debian-edu-config (2.12.41) unstable; urgency=medium > >[ Guido Berhoerster ] >* gosa-sync: Decode the user password which GOsa substitutes base64 > encoded. > This fixes a bug where the user password could not be set or changed. > (related to #1052159). > > -- Mike Gabriel Fri, 01 Dec 2023 21:44:38 +0100 > ``` > > This fix in d-e-c goes together with a fix in gosa: d-e-c? > ``` > gosa (2.8~git20230203.10abe45+dfsg-1+deb12u2) bookworm; urgency=medium > >[ Daniel Teichmann ] >* debian/patches: > [...] > + Add 1044_fix-class-ldap-serialization.patch which fixes a few bugs >regarding serialization. This especially fixes setting LDAP > userPassword >attribute types via GOsa². (Closes: #1052159). > + Add 1045_fix-posixaccount-shadowExpire.patch which fixes shadowExpire >always being set to 0. (User can't login then). (Closes: #1053806). > >[ Guido Berhoerster ] >* debian/patches: > [...] > >[ Mike Gabriel ] >* debian/patches: > [...] > > -- Mike Gabriel Sun, 03 Dec 2023 08:16:31 +0100 > > If you Debian Edu 12, simply upgrading d-e-c and gosa to the > referenced versions should help. > > Mike Kind regards, Roman
Re: User login issue
Hi Roman, On Sa 06 Jan 2024 12:16:31 CET, roman.meier wrote: I can create a new user but the behavior is the same: I cannot login on the server. Login into GOsa2 works fine. This very likely means that your Kerberos layer / service stack is broken. Do you have libpam-krb5 installed on TJENER? (That would be an easy solution). Does the new user object in LDAP have krb* LDAP attributes? If you launch kadmin.local and then enter "list_principals": do any Kerberos principals (users and/or hosts and/or services) get shown? Do the user accounts that fail login get listed by this? If the new LDAP users don't get listed, try "add_princ -policy users " and try login from another tty. If the new LDAP users get listed, try to set their password using "cpw ". Please also let me/us know what versions of Debian Edu you have installed (11 or 12)? If 12, have you upgraded to latest package versions? There was a bug in Debian Edu 12's debian-edu-config that only got resolved recently: ``` debian-edu-config (2.12.41~deb12u1) bookworm; urgency=medium * Upload to bookworm. -- Mike Gabriel Sun, 03 Dec 2023 08:45:42 +0100 debian-edu-config (2.12.41) unstable; urgency=medium [ Guido Berhoerster ] * gosa-sync: Decode the user password which GOsa substitutes base64 encoded. This fixes a bug where the user password could not be set or changed. (related to #1052159). -- Mike Gabriel Fri, 01 Dec 2023 21:44:38 +0100 ``` This fix in d-e-c goes together with a fix in gosa: ``` gosa (2.8~git20230203.10abe45+dfsg-1+deb12u2) bookworm; urgency=medium [ Daniel Teichmann ] * debian/patches: [...] + Add 1044_fix-class-ldap-serialization.patch which fixes a few bugs regarding serialization. This especially fixes setting LDAP userPassword attribute types via GOsa². (Closes: #1052159). + Add 1045_fix-posixaccount-shadowExpire.patch which fixes shadowExpire always being set to 0. (User can't login then). (Closes: #1053806). [ Guido Berhoerster ] * debian/patches: [...] [ Mike Gabriel ] * debian/patches: [...] -- Mike Gabriel Sun, 03 Dec 2023 08:16:31 +0100 If you Debian Edu 12, simply upgrading d-e-c and gosa to the referenced versions should help. Mike ``` -- DAS-NETZWERKTEAM c\o Technik- und Ökologiezentrum Eckernförde Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde mobile: +49 (1520) 1976 148 landline: +49 (4351) 850 8940 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpV3_xtmAr9n.pgp Description: Digitale PGP-Signatur
Re: User login issue
Hi Mike, > One thing caught me at first glance that is strange: why does > ldapsearch try GSS auth although you requested simple_bind > authentication? Hmmm... is that -x in your quoted command really > starting with a '-' dash / minus sign? It looks longer (like an > )... Yep, you were right! Thanks! > If you create a new user account via GOSa can you login with that > account then? I can create a new user but the behavior is the same: I cannot login on the server. Login into GOsa2 works fine. > Greets, > Mike It also came to my mind that GOsa2 requested for a MAC address for tjener when I tried to add a DHCP group, which I did. It felt somehow wrong though since tjener normally has two interfaces. Anyway, I also deleted the entry using commandline which did not improve things. I'm not sure this is related though. Kind regards, Roman
