Re: Bug#772342: debian-edu-config: mounting homedirs via NFS doesn't work reliably
On Thu, Dec 11, 2014 at 12:36:30AM +0100, Wolfgang Schweer wrote: [ /etc/rc.local ] # By default this script does nothing. systemctl restart nfs-common systemctl restart autofs systemctl stop nslcd systemctl start nslcd exit 0 Investigating further (virtual-box VM setup) I dropped the connection to the internet gateway, then restarted main server and workstation. With the above stated commands in rc.local the workstation failed 6 out of 6 times to get NFS mount right. Then I changed the commands in rc.local like this: # By default this script does nothing. systemctl stop nslcd systemctl start nslcd systemctl restart autofs exit 0 With this workaround NFS mount succeeded 10 out of 10 times. So I guess the NFS issue boils down to the fact that order of services' start matters. Maybe a proper sequence can be achieved using nslcd and autofs systemd services files containing the right targets. Wolfgang signature.asc Description: Digital signature
Re: Bug#772342: debian-edu-config: mounting homedirs via NFS doesn't work reliably
On Thu, Dec 11, 2014 at 08:40:21PM +0100, Wolfgang Schweer wrote: Then I changed the commands in rc.local like this: # By default this script does nothing. systemctl stop nslcd systemctl start nslcd systemctl restart autofs exit 0 With this workaround NFS mount succeeded 10 out of 10 times. I've tested these commands in a dhcp client exit hook file two days ago and that worked as well. Sad to report that after upgrading server and client today NFS mount fails all the time. Wolfgang signature.asc Description: Digital signature
Re: Bug#772342: debian-edu-config: mounting homedirs via NFS doesn't work reliably
On Sun, Dec 14, 2014 at 12:07:17AM +0100, Wolfgang Schweer wrote: Sad to report that after upgrading server and client today NFS mount fails all the time. Strange enough, with a totally stripped down VM test environment NFS mount succeeds all the time without any changes to rc.local and without adding a dhcp hook file. This is the setup: main server (with 'desktop=kde' removed from the kernel command line) and only the main-server profile. 'apt-get install xterm iceweasel icewm lightdm' to get a minimal gui to make GOsa² available. client installation with profile 'minimal', system added using GOsa². To be continued... Wolfgang signature.asc Description: Digital signature
Re: Bug#772342: debian-edu-config: mounting homedirs via NFS doesn't work reliably
On Sun, Dec 14, 2014 at 01:38:22AM +0100, Wolfgang Schweer wrote: Strange enough, with a totally stripped down VM test environment NFS mount succeeds all the time without any changes to rc.local and without adding a dhcp hook file. This is the setup: main server (with 'desktop=kde' removed from the kernel command line) and only the main-server profile. 'apt-get install xterm iceweasel icewm lightdm' to get a minimal gui to make GOsa² available. client installation with profile 'minimal', system added using GOsa². To be continued... Added a default (desktop=kde) workstation: NFS mount fails all the time. But: NFS mount seems to work reliably with network-manager v. 0.9.10.0-4 (unstable) installed. The network interface is now brought up pretty fast (took up to about 30 seconds before). Maybe now the right sequence of services is given. Wolfgang signature.asc Description: Digital signature
Bug#772342: debian-edu-config: mounting homedirs via NFS doesn't work reliably
On Mon, Dec 15, 2014 at 01:03:50PM +0100, Holger Levsen wrote: this is due to the old (=not from sid) network-manager being installed and used? Yes, atm version 0.9.10.0-3; network-manager v. 0.9.10.0-4 was the only package installed from unstable to make NFS mount work. Wolfgang signature.asc Description: Digital signature
Bug#772342: fixed?
On Thu, Dec 25, 2014 at 02:11:49PM +0100, Holger Levsen wrote: I've seen you moved this issue to fixed+done on https://wiki.debian.org/DebianEdu/Status/Jessie so I guess you'll want to mail 772342-d...@bugs.debian.org too? :-) Does that mean that #759544 is fixed also? I believe that both bugs were triggered by #755039 and are fixed now, but due to the lack of other test reports / confirmation I haven't closed this bug yet. Wolfgang signature.asc Description: Digital signature
Xsession.d scripts (Was: [debian-edu-commits] [Debian Wiki] Update of DebianEdu/Status/Jessie by PetterReinholdtsen)
[Petter Reinholdtsen] The DebianEdu/Status/Jessie page has been changed by PetterReinholdtsen: https://wiki.debian.org/DebianEdu/Status/Jessie?action=diffrev1=164rev2=165 + * The kdm login no longer seem to run the scripts in /etc/X11/Xsession.d/, causing robustness fixes to not be applied in the default setup. This for example causes ~/.xsession-errors to fill up the user disk, no sensible explainatin to show up when the home directory is missing, our desktup-profiles menues (educational overrides) to not take effect, and possibly no ssh-agent to be running. As far as I can tell, these scripts are executed. I'm wondering if you faced this issue recently on an updated system? Or is this an experience from some time ago? Wolfgang signature.asc Description: Digital signature
Bug#774392: debian-edu-config: the script 09debian-edu-missing-home fails to work with kdm (in jessie)
Package: debian-edu-config Version: 1.815 Severity: important Tags: patch The script should inform users if the home directory isn't available and show a hint about a possible reason and how to solve the problem. This doesn't work anymore cause now kdm sets $HOME=/ before the script is executed. The patch has been tested and committed to git. diff --git a/etc/X11/Xsession.d/09debian-edu-missing-home b/etc/X11/Xsession.d/09debian-edu-missing-home index e348bf7..ae74cdd 100755 --- a/etc/X11/Xsession.d/09debian-edu-missing-home +++ b/etc/X11/Xsession.d/09debian-edu-missing-home @@ -5,14 +5,14 @@ if [ -r /etc/debian-edu/config ] ; then . /etc/debian-edu/config if echo $PROFILE | egrep -q 'Workstation|Thin-Client-Server|Minimal' ; then - if [ ! -d $HOME ] ; then + if [ ! -d $HOME -o / = $HOME ] ; then cat EOF | \ xmessage -buttons Understood:0 -timeout 30 -center -file - -Missing user home directory $HOME. +Missing user home directory. -Check if the current computer DNS name in the NIS netgroup +Check if the current computer DNS name is in the NIS netgroup workstation-hosts and authorized to mount the home directories from -the NFS server. This is done using Gosa, http://www/gosa/ . +the NFS server. This is done using Gosa, https://www/gosa/ . EOF exit 1 fi Wolfgang -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150101225842.ga5...@local.schweer-online.de
Bug#774395: debian-edu-config: the script 09debian-edu-missing-home fails to work with kdm
Package: debian-edu-config Version: 1.815 Severity: important Tags: patch With kdm in jessie the script doesn't work anymore cause kdm sets $HOME=/ before the script is executed. So users are not informed about a possible reason for the failing login and don't get a hint how to solve the problem. The patch has been tested and committed to git. diff --git a/etc/X11/Xsession.d/09debian-edu-missing-home b/etc/X11/Xsession.d/09debian-edu-missing-home index e348bf7..ae74cdd 100755 --- a/etc/X11/Xsession.d/09debian-edu-missing-home +++ b/etc/X11/Xsession.d/09debian-edu-missing-home @@ -5,14 +5,14 @@ if [ -r /etc/debian-edu/config ] ; then . /etc/debian-edu/config if echo $PROFILE | egrep -q 'Workstation|Thin-Client-Server|Minimal' ; then - if [ ! -d $HOME ] ; then + if [ ! -d $HOME -o / = $HOME ] ; then cat EOF | \ xmessage -buttons Understood:0 -timeout 30 -center -file - -Missing user home directory $HOME. +Missing user home directory. -Check if the current computer DNS name in the NIS netgroup +Check if the current computer DNS name is in the NIS netgroup workstation-hosts and authorized to mount the home directories from -the NFS server. This is done using Gosa, http://www/gosa/ . +the NFS server. This is done using Gosa, https://www/gosa/ . EOF exit 1 fi Wolfgang -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150101231759.ga8...@local.schweer-online.de
Re: [debian-edu-commits] [Debian Wiki] Update of DebianEdu/Documentation/Jessie/Requirements by WolfgangSchweer
On Sat, Feb 07, 2015 at 05:24:56PM +0100, Holger Levsen wrote: On Samstag, 7. Februar 2015, Wolfgang Schweer wrote: On Sat, Feb 07, 2015 at 04:24:41PM +0100, Holger Levsen wrote: you wrote on https://wiki.debian.org/DebianEdu/Documentation/Jessie/Requirements eth1 is used for serving LTSP clients (192.168.0.0/24 as default or 192.168.1.0/24). This is a bit unclear, so 192.168.0.0/24 is the default but why does it mention 192.168.1.0/24? In LDAP, both subnets are preconfigured for LTSP usage. In the networked clients howto chapter this is explained in detail. Feel free to drop it here for the sake of clarity. https://wiki.debian.org/DebianEdu/Documentation/Jessie/Architecture#The_default_network_setup I meant this one: https://wiki.debian.org/DebianEdu/Documentation/Jessie/HowTo/NetworkClients#Use_a_different_LTSP_client_network Wolfgang signature.asc Description: Digital signature
Re: [debian-edu-commits] [Debian Wiki] Update of DebianEdu/Documentation/Jessie/Requirements by WolfgangSchweer
On Sat, Feb 07, 2015 at 04:24:41PM +0100, Holger Levsen wrote: you wrote on https://wiki.debian.org/DebianEdu/Documentation/Jessie/Requirements eth1 is used for serving LTSP clients (192.168.0.0/24 as default or 192.168.1.0/24). This is a bit unclear, so 192.168.0.0/24 is the default but why does it mention 192.168.1.0/24? In LDAP, both subnets are preconfigured for LTSP usage. In the networked clients howto chapter this is explained in detail. Feel free to drop it here for the sake of clarity. Wolfgang signature.asc Description: Digital signature
Re: [debian-edu-commits] [Debian Wiki] Update of DebianEdu/Documentation/Jessie/Requirements by WolfgangSchweer
On Sat, Feb 07, 2015 at 05:24:56PM +0100, Holger Levsen wrote: Hi Wolfgang, On Samstag, 7. Februar 2015, Wolfgang Schweer wrote: On Sat, Feb 07, 2015 at 04:24:41PM +0100, Holger Levsen wrote: you wrote on https://wiki.debian.org/DebianEdu/Documentation/Jessie/Requirements eth1 is used for serving LTSP clients (192.168.0.0/24 as default or 192.168.1.0/24). This is a bit unclear, so 192.168.0.0/24 is the default but why does it mention 192.168.1.0/24? In LDAP, both subnets are preconfigured for LTSP usage. In the networked clients howto chapter this is explained in detail. Feel free to drop it here for the sake of clarity. https://wiki.debian.org/DebianEdu/Documentation/Jessie/Architecture#The_default_network_setup only says DHCPD on the LTSP servers only serves a dedicated network on the second interface (192.168.0.0/24 and 192.168.1.0/24 are preconfigured options) and should seldom need to be changed. Hm, both are options. But the default is 192.168.0.0/24. The other subnet only comes to mind if loking up the LDAP data base. which makes me think that the text in Jessie/Requirements should be changed to eth1 is used for serving LTSP clients (using both 192.168.0.0/24 and 192.168.1.0/24 as defaults). Is that correct (+better)? I guess not. It would be better to drop the second one. Wolfgang signature.asc Description: Digital signature
Bug#777039: debian-edu-config: cleanup kiosk setup related code and files (jessie +1)
Package: debian-edu-config Version: 1.817 Severity: normal This is reported to keep track of the issue. Since the squeeze release (KDE4) the KDE kiosk setup changed and the concept of a plain desktop was dropped but d-e-c still ships files that were used to place icons on group specific desktops (KDE3), see share/debian-edu/*. Also, there is code in postinst (and postrm) related to files (like kderc) which are no longer used (as far as I know). Desktop profiles for root (no more gui login since squeeze) and group 'admins' (no default members as of squeeze) are defined and a 'root' related desktop, too. Please correct me if I'm wrong, but imo only stuff in 'config' (and maybe 'services') subdirs really is used (via package desktop-profiles). A look at the Makefile under 'KIOSKFILES' shows lots of *.desktop files unused since squeeze, I guess. Wolfgang signature.asc Description: Digital signature
Re: [debian-edu-commits] [Debian Wiki] Update of DebianEdu/Documentation/Jessie/Requirements by WolfgangSchweer
On Sun, Feb 08, 2015 at 11:42:20AM +0100, Holger Levsen wrote: On Samstag, 7. Februar 2015, Wolfgang Schweer wrote: eth1 is used for serving LTSP clients (using both 192.168.0.0/24 and 192.168.1.0/24 as defaults). Is that correct (+better)? I guess not. It would be better to drop the second one. ok, done and replaced with a pointer to https://wiki.debian.org/DebianEdu/Documentation/Jessie/HowTo/NetworkClients#Use_a_different_LTSP_client_network I didnt add any pointers to that howto from the architecture chapter though. Should be ok like it is now. And thanks for reviewing and cleaning up. It's much better now :) I'm about to check the Kmail issue, the instructions in the manual are outdated. Wolfgang signature.asc Description: Digital signature
Re: Bug#775608: shutdown-at-night: fails to shut down the system if gdm3 is used
On Sun, Jan 18, 2015 at 09:37:51AM +0100, Petter Reinholdtsen wrote: [Wolfgang Schweer] The gdm3 greeter seems to be a special gnome-session running as a user with name '(unknown)'. shutdown-at-night uses 'who' to decide if users are still active but doesn't recognize this very case. Gah, I really wish gdm would make up its mind on how to handle utmp and wtmp. The patch has been tested and commited to git. (wheezy is affected as well, version: 0.10+deb7u2) Look good to me. Should we try to get it into Jessie? Yes. And it would be good to get it into wheezy-updates as well. Actually, the error was noticed on a wheezy workstation. I can't upload at the moment, so I hope someone can step up. :) Wolfgang signature.asc Description: Digital signature
Re: Home directories blank in diskless workstations
Hi, thanks for the additional information. On Thu, Feb 19, 2015 at 07:58:37PM +0530, uday bhatye wrote: It was so simple, but I couldn't manage to find. https://wiki.debian.org/DebianEdu/Status/Jessie gives the answer it's saying that On LTSP diskless workstations the homedir isn't mounted. This is caused by automounter running and blocking /skole as mountpoint for sshfs. As a workaround (to be able to test things) set RM_SYSTEM_SERVICES=autofs in /opt/ltsp/i386/etc/lts.conf. doing that solves the home directories problem. This was a temporary (iirc systemd related) workaround for the upcoming Debian Edu Jessie release. I'm wondering why this is needed for Wheezy, as /usr/share/ltsp/init-ltsp.d/60-edu-diskless-ws (in the LTSP chroot) should care for disabling autofs. Could you provide the content of lts.conf? still couldn't get kerberos ticket renewed. No idea atm, maybe something went wrong during installation? What is the content of LTSP-chroot/etc/ldap/ldap.conf? Wolfgang signature.asc Description: Digital signature
Re: Home directories blank in diskless workstations
Hi. On Tue, Feb 17, 2015 at 10:29:51PM +0530, uday bhatye wrote: I'm using wheezy. A mix of thin clients diskless workstations on 10.0.0.0/8 network. Used sitesummary2ldapdhcp, then added machines on main network to workstation-hosts netgroup. Adding diskless workstations isn't needed -- unless you want to use an alternative to LDM (for LTSP clients). See the documentation for details. Problem is when clients boot as thin clients, we get the home directories and can see other users' directories above them, also new files created are saved. Same machine, if booted as diskless workstation shows nothing apart from a blank Desktop directory in the home directory. If LDM is used (which is the LTSP default), only the home directory of the logged in user is mounted (using sshfs), nothing else. So this is the expected behaviour. See the documentation for details how to use another DM like KDM, GDM or Lightdm along with NFS and automount. Any new files created are lost after reboot. This is strange. Do you really mean files in the user's home directory? Also, kerberos ticket is not renewing on clients. This is expected for diskless workstations as the login via LDM doesn't allow it. If needed, it can be renewed manually -- see the documentation. Googled and tried a lot with no luck. I guess you'd be better off reading the Debian Edu documentation available locally via https://www in the Debian Edu network -- or try this all-in-one page: https://wiki.debian.org/DebianEdu/Documentation/Wheezy/AllInOne and use your browser's search function. Wolfgang signature.asc Description: Digital signature
Re: Thunderbird and LDAP
Hi. On Fri, Jan 23, 2015 at 09:55:08AM +0100, Bernd Zeitzen wrote: we want to connect Thunderbird with LDAP to have access to the mailaddresses of all teachers and pupils. Is this possible? The Debian Edu LDAP data base doesn't contain email addresses. So I guess the query would give an empty output. Wolfgang signature.asc Description: Digital signature
Bug#776763: debian-edu-config: adjust debian-edu-pxeinstall to work with debian-installer-8-netboot-*
Package: debian-edu-config Version: 1.816 Severity: important Tags: patch The debian-installer is now shipped with a changed version number scheme and the kernel command line delimiter has changed, too. The patch has been tested and will be committed to git as soon as the bug number has been obtained. diff --git a/sbin/debian-edu-pxeinstall b/sbin/debian-edu-pxeinstall index 4d5df0b..02b440a 100755 --- a/sbin/debian-edu-pxeinstall +++ b/sbin/debian-edu-pxeinstall @@ -131,7 +131,7 @@ for arch in $archs ; do [ -d $tftpdir/debian-installer ] || \ mkdir $tftpdir/debian-installer cd $tftpdir/debian-installer - di_ver=8.0 + di_ver=8 tarball= if [ -d /usr/lib/debian-installer/images/$di_ver/$arch ]; then di_img_dir=/usr/lib/debian-installer/images/$di_ver/$arch @@ -274,7 +274,7 @@ echo Generating $menufile LABEL neteduboot-$arch MENU LABEL Install Edu/^$arch ($desktop) kernel debian-installer/$arch/linux -append $gtkvideo initrd=debian-installer/$arch/initrd.gz auto url=$preseedurl hostname=$hostname domain=$domain $installconfig -- quiet +append $gtkvideo initrd=debian-installer/$arch/initrd.gz auto url=$preseedurl hostname=$hostname domain=$domain $installconfig --- quiet ipappend 2 include menupassword.cfg Wolfgang signature.asc Description: Digital signature
Re: Bug#768509: debian-edu-config: After upgrading a Wheezy main-server to Debian 7.7 the Gosa gui fails to connect to LDAP
On Wed, Nov 12, 2014 at 10:57:22AM +0100, Giorgio Pioda wrote: This seems to work getting an upgraded Wheezy main-server working again (no need to generate a new gosa.conf): (1) cat /dev/null /etc/gosa/gosa.secrets (2) take the random cleartext password from gosa.conf.orig and put it instead of the encrypted long one into gosa.conf (actually twice: adminPassword and snapshotAdminPassword) (3) restart apache2 From a security point of view it's probably more than dubious... Maybe gosa-encrypt-passwords has to be adjusted. I confirm that this approach fixes the issue. Thanks Wolfgang ! I'm also pretty dubious about security, but this file is going to be used only locally. I hope to see a GOsa package update with a better, cleaner reset. Now that gosa 2.7.4-4.3~deb7u2 is available (since point release 7.8), you can re-enable encryption. Make sure, gosa 2.7.4-4.3~deb7u2 is installed. Then execute: rm /etc/gosa/gosa.secrets gosa-encrypt-passwords service apache2 restart Wolfgang signature.asc Description: Digital signature
Bug#774610: slapd.conf: unset dbnosync to avoid data loss in case of power loss
Package: debian-edu-config Version: 1.815 Severity: important Tags: patch In case of a power loss recent changes in the LDAP data base are not stored to disk with 'dbnysunc' set to true. (Out of historic reasons slapd.conf actually is a link to slapd-squeeze_debian-edu.conf.) The patch has been tested and committed to git. diff --git a/etc/ldap/slapd-squeeze_debian-edu.conf b/etc/ldap/slapd-squeeze_debian-edu.conf index 40d282d..7b96c21 100644 --- a/etc/ldap/slapd-squeeze_debian-edu.conf +++ b/etc/ldap/slapd-squeeze_debian-edu.conf @@ -71,7 +71,7 @@ database bdb # Set the database in memory cache size. # cachesize 4000 -dbnosync +#dbnosync sizelimit 4000 # First database Wolfgang signature.asc Description: Digital signature
Re: jessie live images
On Sat, Jan 10, 2015 at 03:38:31PM +0100, Holger Levsen wrote: I've started on working on creating Debian Edu Jessie based live images, using live-build from jessie. This has been a rather pleasant process, and I successfull made some .isos. Well done :) Right now I'm tempted to just start with one image: xfce-standalone. I guess this would be a good idea. And then I wonder, what Features: The KDE desktop profile for students/pupils. on https://wiki.debian.org/DebianEdu/Documentation/Jessie/AppendixB means exactly?! IMO this is just outdated *lenny* information related to the kiosktool which isn't available any more since a long time. I guess we should get rid of related configuration files in d-e-config. Also, there's outdated stuff in the menu configuration parts (like s/oowriter/lowriter/ and similar). Wolfgang signature.asc Description: Digital signature
Re: Home directories blank in diskless workstations
On Sun, Mar 22, 2015 at 06:51:41PM +0530, uday bhatye wrote: May I ask to put a warning in the new version of manual that internet connection shouldn't be avoided for new usb installs with this issue? Thanks. Instructions in both cases (Wheezy and Jessie) changed on the Wiki. Wolfgang signature.asc Description: Digital signature
Re: Unable to install printer connected to diskless client
On Sun, Mar 22, 2015 at 06:57:24PM +0530, uday bhatye wrote: While trying to install the same printer at a diskless client, it is detected, installs in the webui but unable to print. no effective clues on googling. https://wiki.debian.org/DebianEdu/Documentation/Wheezy/HowTo/NetworkClients#LTSP_in_detail So install the package 'ltsp-docs'. Then read: file:///usr/share/doc/ltsp/LTSPManual.html#printer Wolfgang signature.asc Description: Digital signature
Bug#780591: ltsp-client-builder fails when installing Debian Edu combined server in virtualbox environment
On Mon, Mar 16, 2015 at 01:24:20PM -0700, Vagrant Cascadian wrote: On 2015-03-16, Wolfgang Schweer wrote: On Mon, Mar 16, 2015 at 10:04:13AM -0700, Vagrant Cascadian wrote: The fix is to remove the debian-edu-config hook: /usr/share/ltsp/plugins/ltsp-build-client/Debian-custom/099-mount-cdrom With this file removed the chroot installation fails with the same error message. It should definitely be removed; it is incompatible with the ltsp packages in Jessie, and can lead to the exact sort of symptoms you're experiencing... o.k. Did you remove it manually, or from the installed debian-edu-config package? The timing of removal may be significant. removed it inside target while software was installed before the LTSP step happened. I guessed this would be early enough. d-i syslog up to the failure occurs is here (short time only): http://edu.schweer-online.de/syslog.bz2 any idea? Wolfgang signature.asc Description: Digital signature
Bug#780591: ltsp-client-builder fails when installing Debian Edu combined server in virtualbox environment
On Tue, Mar 17, 2015 at 07:25:11PM +0100, Petter Reinholdtsen wrote: if [ $USE_CDROM != false ] [ ! -f /target/media/cdrom/.disk/info ]; then chroot /target mount /media/cdrom log mounting /media/cdrom fi When I just tested and the LTSP installation failed, the USE_CDROM value is 'true' and nothing is mounted in /target/media/. The CD from /dev/sr0 is mounted on /cdrom/. With this (trivial) modification installation succeeded. --- a/postinst 2015-03-06 10:00:00.0 +0100 +++ ltsp-client-builder.postinst2015-03-17 21:39:38.824682599 +0100 @@ -64,7 +64,7 @@ db_progress STEP 1 if [ $USE_CDROM != false ] [ ! -f /target/media/cdrom/.disk/info ]; then -chroot /target mount /media/cdrom +mount /dev/cdrom /target/media/cdrom log mounting /media/cdrom fi Wolfgang signature.asc Description: Digital signature
network interface problem during jenkins d-e ltsp installation
Hi. This might fix the installation hanging at the 'choose network card' step. diff --git a/bin/g-i-installation.sh b/bin/g-i-installation.sh index ccb6fdb..5b54df6 100755 --- a/bin/g-i-installation.sh +++ b/bin/g-i-installation.sh @@ -280,7 +280,7 @@ bootstrap_system() { GUITERMINAL=xterm ;; debian-edu_*) - EXTRA_APPEND=$EXTRA_APPEND desktop=kde + EXTRA_APPEND=$EXTRA_APPEND desktop=kde netcfg/choose_interface=auto GUITERMINAL=konsole ;; *) ;; Wolfgang signature.asc Description: Digital signature
Bug#780591: ltsp-client-builder fails when installing Debian Edu combined server in virtualbox environment
On Tue, Mar 17, 2015 at 09:42:18AM -0700, Vagrant Cascadian wrote: On 2015-03-17, Petter Reinholdtsen wrote: I tested a usbstick install, and as far as I can tell, the failing mount is the code in the udeb postinst: if [ $USE_CDROM != false ] [ ! -f /target/media/cdrom/.disk/info ]; then chroot /target mount /media/cdrom log mounting /media/cdrom fi I added 'set -x' at the top of the postinst script to figure out what is going on. I'm not sure why it fail. Is it mounted at that point? IIRC, during 'select and install software' the image is mounted either as /dev/sr0 on /cdrom in the d-i environment or as /dev/sr0 on /media/cdrom0 in the target. Seems to be that it is unmounted from /cdrom after packages have been fetched and then mounted again if the new ones are needed. I haven't investigated this intensively. Does /target/etc/fstab contain an entry for /media/cdrom (or one that the /media/cdrom symlink points to)? Yes, for /media/cdrom0 (which is a directory, while cdrom is a symlink pointing to cdrom0). Is USE_CDROM set to false (either through preseeding or boot prompt ltsp-client-builder/use_cdrom=true/false)? No. Do the debian-edu images contain .disk/info? Yes. It worked for me using the d-i daily images, so I suspect some difference with the debian-edu images... Maybe, yes. Wolfgang signature.asc Description: Digital signature
Bug#780591: ltsp-client-builder fails when installing Debian Edu combined server in virtualbox environment
On Tue, Mar 17, 2015 at 10:00:08PM +0100, Wolfgang Schweer wrote: On Tue, Mar 17, 2015 at 07:25:11PM +0100, Petter Reinholdtsen wrote: if [ $USE_CDROM != false ] [ ! -f /target/media/cdrom/.disk/info ]; then chroot /target mount /media/cdrom log mounting /media/cdrom fi When I just tested and the LTSP installation failed, the USE_CDROM value is 'true' and nothing is mounted in /target/media/. The CD from /dev/sr0 is mounted on /cdrom/. With this (trivial) modification installation succeeded. --- a/postinst2015-03-06 10:00:00.0 +0100 +++ ltsp-client-builder.postinst 2015-03-17 21:39:38.824682599 +0100 @@ -64,7 +64,7 @@ db_progress STEP 1 if [ $USE_CDROM != false ] [ ! -f /target/media/cdrom/.disk/info ]; then -chroot /target mount /media/cdrom +mount /dev/cdrom /target/media/cdrom log mounting /media/cdrom fi Tested once again using the just rsynced usbstick ISO image (containing newest udebs): LTSP chroot installation fails as before. After /var/lib/dpkg/info/ltsp-client-builder.postinst (d-i env) had been modified like stated above, choosing LTSP chroot installation out of the d-i main-menu once again made the chroot installation start. So I guess the only chance to get the Sebian Edu LTSP installation going would be a fixed version of the ltsp-client-builder udeb. And this bug should be reassigned to ltsp, although most probably changes of d-i component caused this issue since some weeks. Wolfgang signature.asc Description: Digital signature
Bug#780591: ltsp-client-builder fails when installing Debian Edu combined server in virtualbox environment
Control: reassign -1 ltsp-client-builder-udeb On Wed, Mar 18, 2015 at 07:48:05PM +0100, Wolfgang Schweer wrote: On Tue, Mar 17, 2015 at 10:00:08PM +0100, Wolfgang Schweer wrote: With this (trivial) modification installation succeeded. --- a/postinst 2015-03-06 10:00:00.0 +0100 +++ ltsp-client-builder.postinst2015-03-17 21:39:38.824682599 +0100 @@ -64,7 +64,7 @@ db_progress STEP 1 if [ $USE_CDROM != false ] [ ! -f /target/media/cdrom/.disk/info ]; then -chroot /target mount /media/cdrom +mount /dev/cdrom /target/media/cdrom log mounting /media/cdrom fi Tested once again using the just rsynced usbstick ISO image (containing newest udebs): LTSP chroot installation fails as before. After /var/lib/dpkg/info/ltsp-client-builder.postinst (d-i env) had been modified like stated above, choosing LTSP chroot installation out of the d-i main-menu once again made the chroot installation start. IMO there is no way for debian-edu-config to fix this LTSP chroot installation failure as it seems to be related to d-i components. Please consider to check and test the provided patch. Wolfgang signature.asc Description: Digital signature
Re: Upgrade combined server (wheezy - jessie)
On Tue, Mar 10, 2015 at 02:29:45PM +0100, Holger Levsen wrote: Cleaning up. for i in $(dpkg -l|grep ^rc|cut -d' ' -f3);do dpkg -P $i;done Not sure this should be there and if, it should be prepended by a warning that this will remove configuration files of removed packages and should only be used with care, eg by first looking at what it would remove... This issue is caused by cf/cf.apt using apt-get autoremove instead of apt-get --purge autoremove, bug filed. Is this invoked automatically on upgrades or does one have to invoke it manually? The packages marked 'rc' are left behind after manually running 'cfengine-debian-edu -D installation'. IMHO the left-over configuration is due to package removal by cfengine (using apt-get purge) and afterwards running 'apt-get autoremove' to remove packages that were automatically installed by those previously purged packages. Adding the '--purge' to autoremove would get rid of them completely. The real problem would be if the cfengine run removes packages that shouldn't be removed at all. Up til now I haven't found packages missing, but who knows... Wolfgang signature.asc Description: Digital signature
Bug#779644: debian-edu: package pxelinux is missing after upgrade from wheezy
On Wed, Mar 11, 2015 at 04:10:17PM +0100, Andreas Tille wrote: On Wed, Mar 11, 2015 at 12:23:27PM +0100, Petter Reinholdtsen wrote: blends-dev used to generate depends, and it did not work well. Nitpicking: Neither cdd-dev nor blends-dev ever generated depends but debian-edu used to create depends and stopped this even before it became what blends-dev is these days. ;-) Back to the bug issue, just an idea (/me being more or less a plumber, no coder): As cfengine is run upon upgrade, it should be possible to install the missing packages using a cfengine shellscript similar to tasksuite/taskpkgs; look up packages that should be installed, if not, install the package in question. This way the depends/recommends problem during upgrades can IMO be solved (and during installation this would do no harm). @Andreas: See the wiki chapter about upgrading Debian Edu from wheezy: https://wiki.debian.org/DebianEdu/Documentation/Jessie/Upgrades Wolfgang signature.asc Description: Digital signature
Bug#779648: debian-edu: missing packages on combined server after upgrade from wheezy
On Tue, Mar 10, 2015 at 02:20:53PM +0100, Holger Levsen wrote: On Dienstag, 3. März 2015, Wolfgang Schweer wrote: The package names were obtained using '/usr/lib/debian-edu-config/testsuite/taskpkgs | grep error:' browser-plugin-libreoffice gosa-plugin-netgroups killer libnss-myhostname goplay icedtea-7-plugin tmispell-voikko could you (or anybody else!) please a.) confirm these packages still exists in jessie b.) report to this bug c.) if they don't exist, update the testsuite in git accordingly? d.) highlight packages that exist and are not installed here? (d. is probably the same as b. ;) All these packages exist in jessie and have to be installed after upgrading from wheezy as they are new in jessie (like gosa-plugin-netgroups, killer ans goplay) or have been installed as (new) recommends in jessie. Wolfgang signature.asc Description: Digital signature
Bug#779646: debian-edu-config: cf/cf.apt should use apt-get --purge autoremove -y
On Tue, Mar 10, 2015 at 02:25:31PM +0100, Holger Levsen wrote: On Dienstag, 3. März 2015, Wolfgang Schweer wrote: While testing to upgrade a combined server (profiles: Main-Server, Workstation, Thin-Client-Server) from wheezy to jessie I noticed that running 'cfengine-debian-edu -D installation' used 'apt-get purge -y' to purge no longer needed packages but afterwards 'apt-get autoremove -y'. Maybe d-e-c/cf/cf.apt should be adjusted like this: s/apt-get autoremove -y/apt-get --purge autoremove -y/ I'm not sure I'd recommend doing this blindly / non-interacticly at all... This purging is only needed from the POV of a clean system, having the next upgrade in mind... IMO the main problem might be that 'cfengine-debian-edu' would purge needed packages before autoremoving automatically installed ones. Wolfgang signature.asc Description: Digital signature
Re: Home directories blank in diskless workstations
On Fri, Mar 13, 2015 at 09:16:35AM +0100, Petter Reinholdtsen wrote: [Wolfgang Schweer] Any idea what could cause this failure? On the server it can be caused by manual partitioning without a separate partition for /skole/tjener/home0. Good point. I haven't even thought about this case for a main server. On a client, it is most likely caused by missing netgroup membership causing NFS mount from the server to fail. Looking at the code I thought this part of testsuite/filesystems to be executed only on the main server? Seems to be that I'm now able to reproduce: 'error: ./filesystems: No lost+found in /skole/tjener/home0/. Blocked by autofs?' If autofs is running due to misconfiguration the message isn't shown. That is strange. I would expect misconfigured autofs to trigger the message, not hide it. Might have been not clear enough: By default, autofs doesn't run on the main server, with 's/exit 0/#exit 0/' /etc/default/autofs' it does; that's what I did to be able to check this issue. With autofs running the home dir partition is NFS mounted and the error doesn't show up. So maybe it should be checked if for some reason /etc/fstab is missing the entry /dev/mapper/vg_system-skole+tjener+home0 /skole/tjener/home0 ext4 nosuid 0 2 or if 'vg_system-skole+tjener+home0' is missing (using 'lvmdiskscan'). Both would be good to look for on the main server. But they might give false alarm with manual partitioning. Maybe a hint could be shown that manual partitioning could be the reason. Wolfgang signature.asc Description: Digital signature
Re: Home directories blank in diskless workstations
On Wed, Mar 11, 2015 at 03:08:14PM +0530, uday bhatye wrote: debian-edu-test-install~/testreport_11_03_15 and cat ~/testreport_11_03_15 |grep '^error' gives error: ./cups: URL 'https://www:631/' is not working. error: ./cups: URL 'https://localhost:631/' is not working. error: ./doc: Release manual have 6 FIXMEs. Please fix at These three can be ignored. error: ./filesystems: No lost+found in /skole/tjener/home0/. Blocked by autofs? Strange, never saw this. I guess you could create a lost+found directory. error: ./nagios: Nagios count NUMSVCCRIT is not zero but 30. error: ./nagios: Nagios count NUMSVCUNKN is not zero but 15. Can be ignored. error: ./sudo: files is not enabled for sudoers in nsswitch.conf Strange, too. /etc/nsswitch.conf should look like this, please check: - # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc Name Service Switch' for information about this file. sudoers:files ldap passwd: files ldap group: files ldap shadow: files ldap netgroup: files ldap automount: files ldap # passwd: compat ldap # group: compat ldap # shadow: compat ldap hosts: files myhostname dns networks: files ldap protocols: db files services: db files ethers: db files rpc:db files # netgroup: nis ldap # sudoers: files ldap # sudoers: files ldap (This is before applying below mentioned fix) You should be able to create the correct file this way: (1) Enter the LTSP chroot: ltsp-chroot -a i386 (2) Run '/usr/share/debian-edu-config/tools/sssd-generate-config -k /etc/krb5.conf (3) Run 'exit' to leave the chroot. Did this. But, now clients fail to boot and stop at starting NTP server. Please check /opt/ltsp/i386/etc/ntp.conf, should be like this: -- # /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help driftfile /var/lib/ntp/ntp.drift # Enable this if you want statistics to be logged. #statsdir /var/log/ntpstats/ statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable # You do need to talk to an NTP server or two (or three). #server ntp.your-provider.example # pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will # pick a different set every time it starts up. Please consider joining the # pool: http://www.pool.ntp.org/join.html # server 0.debian.pool.ntp.org iburst # server 1.debian.pool.ntp.org iburst # server 2.debian.pool.ntp.org iburst # server 3.debian.pool.ntp.org iburst # Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for # details. The web page http://support.ntp.org/bin/view/Support/AccessRestrictions # might also be helpful. # # Note that restrict applies to both servers and clients, so a configuration # that might be intended to block requests from certain clients could also end # up blocking replies from your own upstream servers. # By default, exchange time with everybody, but don't allow configuration. restrict -4 default kod notrap nomodify nopeer noquery restrict -6 default kod notrap nomodify nopeer noquery # Local users may interrogate the ntp server more closely. restrict 127.0.0.1 restrict ::1 # Clients from this (example!) subnet have unlimited access, but only if # cryptographically authenticated. #restrict 192.168.123.0 mask 255.255.255.0 notrust # If you want to provide time to your local subnet, change the next line. # (Again, the address is an example only.) #broadcast 192.168.123.255 # If you want to listen to time broadcasts on your local subnet, de-comment the # next lines. Please do this only if you trust everybody on the network! #disable auth #broadcastclient # /etc/ntp.conf, configuration for xntpd # ntpd will use syslog() if logfile is not defined #logfile /var/log/ntpd statsdir /var/log/ntpstats/ server ntp iburst - Wolfgang signature.asc Description: Digital signature
Re: Home directories blank in diskless workstations
On Thu, Mar 12, 2015 at 10:23:53PM +0100, Petter Reinholdtsen wrote: [Wolfgang Schweer] error: ./filesystems: No lost+found in /skole/tjener/home0/. Blocked by autofs? Strange, never saw this. I guess you could create a lost+found directory. Absolutely not. It should be left to mkfs. The test check if home0 is a separate file system (lost+found is an indicator for this), and is ment to check if autofs was able to mount the NFS volume if it was missing. Any idea what could cause this failure? I used the same ISO file as stated in this thread to install a wheezy combi server in a virtualbox VM w/o internet access and was only able to reproduce the wrongly generated LTSP chroot krb5.conf file. Wolfgang signature.asc Description: Digital signature
Re: Home directories blank in diskless workstations
On Thu, Mar 12, 2015 at 11:06:43PM +0100, Wolfgang Schweer wrote: On Thu, Mar 12, 2015 at 10:23:53PM +0100, Petter Reinholdtsen wrote: [Wolfgang Schweer] error: ./filesystems: No lost+found in /skole/tjener/home0/. Blocked by autofs? Strange, never saw this. I guess you could create a lost+found directory. Absolutely not. It should be left to mkfs. The test check if home0 is a separate file system (lost+found is an indicator for this), and is ment to check if autofs was able to mount the NFS volume if it was missing. Any idea what could cause this failure? Seems to be that I'm now able to reproduce: 'error: ./filesystems: No lost+found in /skole/tjener/home0/. Blocked by autofs?' If autofs is running due to misconfiguration the message isn't shown. But after running 'umount /tjener/skole/home0' this message shows up if '/usr/lib/debian-edu-config/filesystems' is run. So maybe it should be checked if for some reason /etc/fstab is missing the entry /dev/mapper/vg_system-skole+tjener+home0 /skole/tjener/home0 ext4 nosuid 0 2 or if 'vg_system-skole+tjener+home0' is missing (using 'lvmdiskscan'). Wolfgang signature.asc Description: Digital signature
Re: Unable to install printer connected to diskless client
On Tue, Mar 24, 2015 at 02:01:34AM +0530, uday bhatye wrote: in the said file did [10.0.16.96] PRINTER_0_DEVICE=/dev/usblp0 You have to check if this is the USB printer device actually used. (Chances are that '/dev/usb/lp0' is right.) To check and debug it, activate the root account in the LTSP chroot running 'ltsp-chroot passwd' on the main server (or on the actually used LTSP server). You can then login as root on a virtual console at the LTSP diskless client. Wolfgang signature.asc Description: Digital signature
Bug#781515: debian-edu-install: PXE install including profile 'Thin-Client-Server' fails due to wrong preseeding
On Mon, Mar 30, 2015 at 10:23:50PM +0200, Wolfgang Schweer wrote: Maybe it would work w/o preseeding build-client-opts and instead providing a configuration file /etc/ltsp/ltsp-build-client.conf with this content: EATMYDATA=true While the configuration file approach doesn't seem to work for some reason, using another hook instead should work: Provide a copy of /usr/share/ltsp/plugins/ltsp-build-client/Debian/080-eatmydata as /usr/share/ltsp/plugins/ltsp-build-client/Debian-custom/080-eatmydata with the default value false flipped to true: - case $MODE in commandline) add_option eatmydata `eval_gettext use eatmydata to speed up build times, at risk of data not getting written to disk` advanced true ;; configure) if [ -n $option_eatmydata_value ]; then # load libeatmydata libeatmydata=libeatmydata.so if [ -n $LD_PRELOAD ]; then export LD_PRELOAD=$libeatmydata $LD_PRELOAD else export LD_PRELOAD=$libeatmydata fi # install eatmydata package early during debootstrap if [ -z $INCLUDE ]; then INCLUDE=eatmydata else INCLUDE=$INCLUDE,eatmydata fi fi ;; esac IMO this would also make sure that 'eatmydata' is used for all possible LTSP chroot installation types like netinst, USB stick, pxeinstall or using scripts like debian-edu-ltsp and ltsp-build-client. Wolfgang signature.asc Description: Digital signature
Re: Unable to install printer connected to diskless client
On Mon, Mar 23, 2015 at 02:11:32PM +0100, Holger Levsen wrote: On Montag, 23. März 2015, Petter Reinholdtsen wrote: Perhaps this recipe should be in the Debian Edu handbook, with references to the relevant pages? A quick look on URL: https://wiki.debian.org/DebianEdu/Documentation/Jessie suggest Maintenance might be a good place for it? it should rather go in the HowTo chapter, though not sure whether into HowTo/general administration or HowTo/networked clients or HowTo/Samba or maybe in a new one, HowTo/print?! I think I'd like a new HowTo sub chapter best. (But I havent checked the subchapters, whether there is something about printing already...) As only LTSP printing is concerned, it's perhaps better to put it into: https://wiki.debian.org/DebianEdu/Documentation/Jessie/HowTo/NetworkClients#LTSP_in_detail Wolfgang signature.asc Description: Digital signature
Re: Unable to install printer connected to diskless client
On Mon, Mar 23, 2015 at 03:44:04PM +0100, Holger Levsen wrote: ack, but a specific print howto chapter might still be appropriate, and this could like to the ltsp chapter for those clients Thought about it once again. From a potential user's point of view it would really be better to have HowTo/printing. From a search POV this seems to be reasonable as well. So: move the existing instructions about printer management from the GettingStarted chapter to a new printing chapter and only link to it. Do the same for LTSP printing. Wolfgang signature.asc Description: Digital signature
Re: Upgrade combined server (wheezy - jessie)
Hi Holger, thanks for your comments, helping a lot to get things sorted. On Mon, Mar 02, 2015 at 02:13:16PM +0100, Holger Levsen wrote: Replace squid with squid3, keep the cache; a new swap file will be generated and the cache index be rebuilt upon first squid3 start. -- service squid stop umount /var/spool/squid sed -i 's#/var/spool/squid#/var/spool/squid3#' /etc/fstab mount /var/spool/squid3 service squid3 start apt-get -y purge squid squid-common this should also go in the manual and a normal bug against debian-edu,debian- edu-config (yes, against the two packages at once) should be filed about this issue. also: is this really mandatory for jessie or just nice to have? squid is available in wheezy and sid, but missing in jessie. So it would work but won't get any fixes, I guess. Get back the right Kerberos file. - cp /etc/krb5.conf.backup /etc/krb5.conf uhm, why? the cfengine run overwrites the file, bug filed. Make GOsa² work with new php version. - rm /etc/gosa/gosa.secrets this also smells like an ugly workaround for a real problem. I strongly suspect a bug against gosa (and/or debian-edu*) is in order. cp /etc/gosa/gosa.conf.orig /etc/gosa/gosa.conf gosa-encrypt-passwords or does this restore gosa.secrets? yes. Cleaning up. for i in $(dpkg -l|grep ^rc|cut -d' ' -f3);do dpkg -P $i;done Not sure this should be there and if, it should be prepended by a warning that this will remove configuration files of removed packages and should only be used with care, eg by first looking at what it would remove... This issue is caused by cf/cf.apt using apt-get autoremove instead of apt-get --purge autoremove, bug filed. Wolfgang signature.asc Description: Digital signature
Re: Upgrade combined server (wheezy - jessie)
On Tue, Feb 24, 2015 at 11:37:04PM +0100, Wolfgang Schweer wrote: On Tue, Feb 24, 2015 at 11:11:28AM +0100, Wolfgang Schweer wrote: The upgraded system has been tested so far with LTSP clients (both thin and diskless, both backbone and LTSP network) and workstations To test if Windows clients would work, a stock wheezy workstation with additional Samba disguise was used. After 'smbpasswd -e Administrator' on tjener and 'rpc net join -S tjener -U administrator' on the workstation the system showed up in the GOsa² gui as windows-workstation. Loggging in and accessing the home directory (libpam-mount, cifs) worked as well. To be continued. Various tests later, here's the updated recipe including instructions how to migrate from squid to squid3, how to deal with changes concerning cups and how to clean up the system. So far, I haven't found anything that doesn't work, but it needs testing, confirmation and review by others before the wiki chapter https://wiki.debian.org/DebianEdu/Documentation/Jessie/Upgrades can be updated. = How to upgrade from wheezy to jessie. - Please note that the following instructions apply to a default Debian Edu main server installation (desktop=kde, profiles Main-Server, Workstation, Thin-Client-Server). (For a general overview concernig wheezy to jessie upgrade, see: https://www.debian.org/releases/testing/releasenotes) Don't use X, use a virtual console, log in as root. Read all debconf information carefully, choose 'keep the local version currently installed'; in most cases hitting return will be fine. Press 'q' to quit the apt-listchanges pager once you've read the information. Make sure the current system is up-to-date. --- apt-get update apt-get -y upgrade Remove diversion; debian-edu-config's postinst seems to do it too late. --- dpkg-divert --remove /usr/share/pam-configs/krb5 rm /usr/share/pam-configs/edu-krb5 Avoid to mess up the Kerberos configuration via cfengine. - cp /etc/krb5.conf /etc/krb5.conf.backup Do the actual upgrade. -- sed -i 's/wheezy/jessie/g' /etc/apt/sources.list apt-get update apt-get -y dist-upgrade apt-get -f install apt-get -y dist-upgrade (Repeat the last two commands if dpkg exits with an error code.) Install squid3 as replacement for deprecated squid. --- apt-get -y install squid3 service squid3 stop Apply debian-edu configuration (takes some time). - cfengine-debian-edu -D installation Replace squid with squid3, keep the cache; a new swap file will be generated and the cache index be rebuilt upon first squid3 start. -- service squid stop umount /var/spool/squid sed -i 's#/var/spool/squid#/var/spool/squid3#' /etc/fstab mount /var/spool/squid3 service squid3 start apt-get -y purge squid squid-common Get back the right Kerberos file. - cp /etc/krb5.conf.backup /etc/krb5.conf Make GOsa² work with new php version. - rm /etc/gosa/gosa.secrets cp /etc/gosa/gosa.conf.orig /etc/gosa/gosa.conf gosa-encrypt-passwords Install newly split out cups package needed for networked printing. --- apt-get -y install cups-browsed Install additional package to make PXE work. apt-get -y install pxelinux Update PXE configuration. - debian-edu-pxeinstall Install missing packages; the package names were obtained using '/usr/lib/debian-edu-config/testsuite/taskpkgs | grep error:' after the step above. --- apt-get -y install browser-plugin-libreoffice gosa-plugin-netgroups \ killer libnss-myhostname goplay icedtea-7-plugin tmispell-voikko Cleaning up. for i in $(dpkg -l|grep ^rc|cut -d' ' -f3);do dpkg -P $i;done Check if the upgraded system works. --- Reboot and test if it works like before: Log in as first user and test if the GOsa² gui is working, if you're able to connect LTSP clients and workstations, if you can add/remove a netgroup membership of a system, if you can send and receive internal email, if you can manage printers and maybe other site specific things. Use the testsuite scripts if you spot an error. Update LTSP chroot (default arch i386) as root. --- sed -i '/jessie/ s/deb/#deb/g' /opt/ltsp/i386/etc/apt/sources.list ltsp-chroot -m apt-get update ltsp-chroot -m apt-get -y upgrade sed -i 's/wheezy
Re: Home directories blank in diskless workstations
On Wed, Mar 04, 2015 at 06:38:43PM +0530, uday bhatye wrote: remaining things in the file are like [libdefaults] default_realm = reached ... [domain_realm] intern = reached .intern = reached IIRC these 'reached' entries are created if name resolution is too slow or failing. Then the last word of some error output like 'no servers could be reached' is put into the file instead of the right server name. I used http://ftp.skolelinux.org/skolelinux-cd/debian-edu-7.1+edu0-USB.iso with verified checksum for install but no internet connection during install. Most probably the missing internet connection is the reason for the failing name resolution. If i remember correctly I faced the same problem some time ago. Now many users are using the system Great. If something has went wrong in install, is there any way to detect/correct it before it comes to jessie upgrade? Run 'debian-edu-test-install' and check the output. But I'm almost sure that this 'reached' issue is the only wrong thing. You should be able to create the correct file this way: (1) Enter the LTSP chroot: ltsp-chroot -a i386 (2) Run '/usr/share/debian-edu-config/tools/sssd-generate-config -k /etc/krb5.conf (3) Run 'exit' to leave the chroot. The content of /opt/ltsp/i386/etc/krb5.conf should be like this: --- # Generated using /usr/share/debian-edu-config/tools/sssd-generate-config -k [libdefaults] default_realm = INTERN # The following krb5.conf variables are only for MIT Kerberos. krb4_config = /etc/krb.conf krb4_realms = /etc/krb.realms kdc_timesync = 1 ccache_type = 4 forwardable = true proxiable = true # The following encryption type specification will be used by MIT Kerberos # if uncommented. In general, the defaults in the MIT Kerberos code are # correct and overriding these specifications only serves to disable new # encryption types as they are added, creating interoperability problems. # # Thie only time when you might need to uncomment these lines and change # the enctypes is if you have local software that will break on ticket # caches containing ticket encryption types it doesn't know about (such as # old versions of Sun Java). # default_tgs_enctypes = des3-hmac-sha1 # default_tkt_enctypes = des3-hmac-sha1 # permitted_enctypes = des3-hmac-sha1 # The following libdefaults parameters are only for Heimdal Kerberos. v4_instance_resolve = false v4_name_convert = { host = { rcmd = host ftp = ftp } plain = { something = something-else } } fcc-mit-ticketflags = true [realms] INTERN = { kdc = kerberos admin_server = kerberos } [domain_realm] intern = INTERN .intern = INTERN [login] krb4_convert = true krb4_get_tickets = false -- Wolfgang signature.asc Description: Digital signature
Bug#779641: debian-edu-config: postinst fails to remove a diversion
Package: debian-edu-config Version: 1.817 Severity: important While testing to upgrade a combined server (profiles: Main-Server, Workstation, Thin-Client-Server) from wheezy to jessie I noticed that upgrading failed (when pam-auth-update was run) cause the postinst did not remove a diversion. Removing the diversion manually before upgrading like this solved the problem: dpkg-divert --remove /usr/share/pam-configs/krb5 rm /usr/share/pam-configs/edu-krb5 No idea why this happens, the code contained in postinst seems to be ok. Wolfgang signature.asc Description: Digital signature
Bug#779644: debian-edu: ff
Source: debian-edu Version: 1.811 Severity: important While testing to upgrade a combined server (profiles: Main-Server, Workstation, Thin-Client-Server) from wheezy to jessie I noticed that the package pxelinux was missing. Wolfgang signature.asc Description: Digital signature
Bug#779642: debian-edu-config: 'cfengine-debian-edu -D installation' overwrites Kerberos configuration file
Package: debian-edu-config Version: 1.817 Severity: important While testing to upgrade a combined server (profiles: Main-Server, Workstation, Thin-Client-Server) from wheezy to jessie I noticed that running 'cfengine-debian-edu -D installation' messed up the Kerberos configuration file /etc/krb5.conf. Maybe d-e-c/cf/cf.krb5client has to be adjusted. s/debian.installation.!standalone.!roaming::/debian.installation.!standalone.!roaming.!server::/ Wolfgang signature.asc Description: Digital signature
Bug#779649: debian-edu: should use squid3 instead of unmaintained squid after upgrade from wheezy
Source: debian-edu Version: 1.811 Severity: normal While testing to upgrade a combined server (profiles: Main-Server, Workstation, Thin-Client-Server) from wheezy to jessie I noticed a problem concerning squid. While squid still works, the package should be replaced with squid3 as squid isn't available in jessie and we would IMHO end up with an unmaintained package. After squid3 was installed and configured using cfengine, this worked to keep the cache; a new swap file was generated and the cache index was rebuilt upon first squid3 start: service squid3 stop service squid stop umount /var/spool/squid sed -i 's#/var/spool/squid#/var/spool/squid3#' /etc/fstab mount /var/spool/squid3 service squid3 start apt-get -y purge squid squid-common Wolfgang signature.asc Description: Digital signature
Re: Home directories blank in diskless workstations
Finally found time to set up a wheezy test system (using ftp://ftp.skolelinux.org/cd-wheezy-usbstick/debian-edu-amd64-i386-BD-1.iso) On Fri, Feb 20, 2015 at 09:06:33AM +0530, uday bhatye wrote: lts.conf is [default] LTSP_CONFIG=True #SOUND=False #LOCALDEV=False #CONFIGURE_X=False RM_SYSTEM_SERVICES=autofs o.k. still couldn't get kerberos ticket renewed. I guess LTSP-chroot/etc/krb5.conf is missing the 'kerberos' entries, maybe something went wrong during installation. Check the 'realms' section, should be: [realms] INTERN = { kdc = kerberos admin_server = kerberos } LTSP-chroot/etc/ldap/ldap.conf is TLS_CACERT /etc/ssl/certs/ca-certificates.crt HOST ldap.intern BASE dc=skole,dc=skolelinux,dc=no sudoers_base ou=sudoers,dc=skole,dc=skolelinux,dc=no TLS_REQCERT demand TLS_CACERT /etc/ldap/ssl/ldap-server-pubkey.pem Looks ok. So all LTSP config settings stored in LDAP should be fetched (and I assume you haven't touched those). Still no idea, why autofs isn't disabled by default. It's not reproducible for me (tested on both main and LTSP network, with and w/o client configured using GOsa²). Wolfgang signature.asc Description: Digital signature
Upgrade combined server (wheezy - jessie)
Recently I installed a wheezy combined server in a virtualbox environment using the ISO image ftp://ftp.skolelinux.org/cd-wheezy-usbstick/debian-edu-amd64-i386-BD-1.iso After having added some users and machines, I tried to upgrade to jessie. Collected experience: Some hints. --- Don't use X. Read all debconf information carefully, keep existing configuration files; in most cases hitting return will be ok. Make sure the current system is up-to-date. --- apt-get update apt-get upgrade Remove diversion; debian-edu-config's postinst does it too late? dpkg-divert --remove /usr/share/pam-configs/krb5 rm /usr/share/pam-configs/edu-krb5 Avoid to mess up the Kerberos configuration via cfengine. - cp /etc/krb5.conf /etc/krb5.conf.backup Do the actual upgrade. -- sed -i 's/wheezy/jessie/g' /etc/apt/sources.list apt-get update apt-get upgrade apt-get dist-upgrade apt-get -f dist-upgrade (Repeat last command if dpkg still errors out.) Apply debian-edu configuration. --- cfengine-debian-edu -D installation Get back the right Kerberos file. - cp /etc/krb5.conf.backup /etc/krb5.conf Make GOsa² work with new php version. - rm /etc/gosa/gosa.secrets cp /etc/gosa/gosa.conf.orig /etc/gosa/gosa.conf gosa-encrypt-passwords Install additional package to make PXE work. apt-get install pxelinux Update PXE configuration. - debian-edu-pxeinstall Update LTSP chroot (default arch i386). --- ltsp-chroot -m apt-get update ltsp-chroot -m apt-get upgrade sed -i 's/wheezy/jessie/g' /opt/ltsp/i386/etc/apt/sources.list ltsp-chroot -m apt-get update ltsp-chroot -m apt-get upgrade ltsp-chroot -m apt-get dist-upgrade ltsp-chroot -m apt-get -f dist-upgrade (Repeat last command if dpkg still errors out.) ltsp-update-kernels ltsp-update-ssh-keys Check if it works. -- reboot The upgraded system has been tested so far with LTSP clients (both thin and diskless, both backbone and LTSP network) and workstations, it basicly seems to work. Users who haven't used KDE before will get the lines theme desktop background image, others for some reason a blueish default one. More tests needed, I guess. Wolfgang signature.asc Description: Digital signature
Re: Upgrade combined server (wheezy - jessie)
On Tue, Feb 24, 2015 at 11:11:28AM +0100, Wolfgang Schweer wrote: The upgraded system has been tested so far with LTSP clients (both thin and diskless, both backbone and LTSP network) and workstations, it basicly seems to work. Users who haven't used KDE before will get the lines theme desktop background image, others for some reason a blueish default one. More tests needed, I guess. One major issue: wheezy has squid, jessie has squid3. So: apt-get purge squid apt-get install squid3 has to be done before the cfengin run. Maybe: 'rm -rf /var/spool/squid' later. To be continued... Wolfgang signature.asc Description: Digital signature
Re: Upgrade combined server (wheezy - jessie)
On Tue, Feb 24, 2015 at 11:11:28AM +0100, Wolfgang Schweer wrote: The upgraded system has been tested so far with LTSP clients (both thin and diskless, both backbone and LTSP network) and workstations, it basicly seems to work. Users who haven't used KDE before will get the lines theme desktop background image, others for some reason a blueish default one. More tests needed, I guess. Thanks to the testsuite some more issues showed up. Additional packages have to be installed: apt-get install browser-plugin-libreoffice gosa-plugin-netgroups killer \ libnss-myhostname goplay icedtea-7-plugin tmispell-voikko ltsp-chroot -m apt-get install browser-plugin-libreoffice killer \ libnss-myhostname goplay icedtea-7-plugin tmispell-voikko To be continued. Wolfgang signature.asc Description: Digital signature
Re: [debian-edu-commits] [Debian Wiki] Update of DebianEdu/Documentation/Jessie/HowTo/NetworkClients by WolfgangSchweer
On Mon, Mar 23, 2015 at 10:03:43PM +0100, Holger Levsen wrote: Just one remaining thing: (quote from the wiki again) + The printer has to be set up this way cause the LTSP chroot is the same for all clients and as such is different from a dedicated workstation environment. Better drop this completely. All variants tried to give a (rather vague) hint that there's another solution. Maybe come back to this issue once a HowTo/printing chapter has been added. Wolfgang -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150324083809.ga2...@local.schweer-online.de
Re: debian-edu-doc 1.6~20150318~8+edu0~alpha2: Please update debconf PO translation for the package debian-edu-doc
Hi Frans, On Wed, Mar 18, 2015 at 08:25:57PM +0100, Frans Spiesschaert wrote: My confusion and mistake is due to the fact that I don't know well how to manage a situation wherein I have modified locally debian-edu-jessie-manual.nl.po, and while these modifications are under review, that same file also gets modified remotely. IIRC the tool you want is 'msgmerge'. msgmerge -U file.po file.pot (see: man msgmerge) Use msgmerge like this: msgmerge -U so far translated, but outdated .po file new .pot file after a 'git pull' So keep a copy of your already translated file outside of your git directory. Wolfgang signature.asc Description: Digital signature
Re: Unable to install printer connected to diskless client
On Wed, Mar 25, 2015 at 03:34:47PM +0530, uday bhatye wrote: On 25 March 2015 at 14:49, Wolfgang Schweer wschw...@arcor.de wrote: all applications show the printer now but they show it as busy, nothing getting printed I guess this is a driver problem for this specific printer. And maybe printer specific software is missing inside the LTSP chroot. Wolfgang signature.asc Description: Digital signature
Re: debian-edu_1.810_amd64.changes ACCEPTED into unstable
On Fri, Jan 30, 2015 at 01:33:55AM +, Debian FTP Masters wrote: Changes: debian-edu (1.810) unstable; urgency=low . [ Petter Reinholdtsen ] * In main-server, add 8.0 netboot installer debs as an alternative to the 7.0 packages listed currently. As the kernel param delimiter changed from '--' to '---' as of 8.0, d-e-config/sbin/debian-edu-pxeinstall should be adjusted, I guess; i.e. s/-- quiet/--- quiet/g. Can't check it atm. Wolfgang signature.asc Description: Digital signature
Re: Unable to install printer connected to diskless client
Hi, On Mon, Mar 23, 2015 at 11:48:55AM +0530, M. R. Baiju wrote: I too tried a lot. Could not install. (1) Attach the printer to the LTSP client machine. (2) Configure this machine to run a printer in lts.conf (default location: /opt/ltsp/i386/etc/lts.conf), see the LTSP manual for details). (3) Configure the printer using the www:631 web interface on tjener. Choose network printer 'AppSocket/HP Jet direct' and set 'socket://LTSP client ip:9100' as connection URI. The printer has to be set up this way as not all services on LTSP clients are installed (or even if so, are not running). You could change this default using settings in lts.conf, see the description of KEEP_SYSTEM_SERVICES in the LTSP manual. In this case you would need to make sure that all needed packages (esp. printer drivers) are installed inside the LTSP chroot. Wolfgang signature.asc Description: Digital signature
Bug#781039: education-thin-client-server: should have package ltsp-docs as a Depends
Package: education-thin-client-server Version: 1.811 Severity: normal On LTSP servers the LTSP manual should be available by default. This is shipped with package ltsp-docs in HTML and PDF format. So ltsp-docs should be added to the thin-client-server task as a Depends, at least for stretch. Wolfgang signature.asc Description: Digital signature
Bug#780461: updates from #debian-systemd
On Wed, Apr 15, 2015 at 05:06:21PM +0200, Holger Levsen wrote: from #debian-system on IRC: mbiebl 15min sounds a bit excessive and doesn't look like the internal 90s timeout systemd uses for services to start After looking at this bug once again, there seem to be two issues: (1) The reported delay of (up to) 15 minutes is due to the fact that dhclient updates the hostname on the first lease renewal. (The interval length between renewals seems to be a random value something between 600 and 900 seconds.) Dhclient should update the hostname on reboots immediately, though. Maybe systemd plays a role, maybe not. (2) For Profiles 'Workstation' and 'Minimal' the hook script is working like stated above. But LTSP-Servers may have PROFILE=Workstation, Thin-Client-Server set in /etc/debian/edu/config. The hook script IMO fails to update the hostname cause there's no matching case entry. This patch solves issue (2) for me, please test. --- a/hostname 2015-04-20 21:35:25.26263 +0200 +++ b/hostname 2015-04-20 21:35:32.972739567 +0200 @@ -17,15 +17,12 @@ # if moved between networks. if [ -r /etc/debian-edu/config ] ; then . /etc/debian-edu/config - case $PROFILE in - Workstation|Thin-Client-Server|Minimal) - ;; - *) +fi + +if echo $PROFILE | egrep -q 'Workstation|Thin-Client-Server|Minimal' ; then + : + else exit 0 - ;; - esac -else - exit 0 fi log() { --- Wolfgang signature.asc Description: Digital signature
Re: GOSA not accepting user-photo
Hi Frank. On Wed, Apr 22, 2015 at 10:37:45AM +0200, Frank Weißer wrote: +++-==---= ii imagemagick8:6.8.9.9-5 amd64image manipulation programs Do you have a default installation? Which desktop environment? Did you modify gosa somehow? On a default combi server install (desktop=kde) imagemagick-common is installed, imagemagick isn't. Your problem isn't reproducible for me, adding a user picture is working with both PNG and JPG images - no error reported. (GOsa² needs imagemagick or php-imagick to be installed for this feature). Wolfgang signature.asc Description: Digital signature
Jessie Beta1 ISOs
Hi, just tested: setup a combi server using the latest BD ISO image: debian-edu-amd64-i386-BD-1.iso (20150422 22:14:00) md5sum: 243c2b881e8a8913ed68d90348bc9fc1 Installation (virtualbox environmemt w/ gateway ) works ok as before. Running the testsuite reveals no real problems (somehow new: xresprobe is not available in jessie, so testsuite/hardware complains about missing programs ddcprobe and ddccontrol). Diskless ws and thin client both working like expected. Kerberos TGT is renewable on diskless ws. PXE installation (profile Minimal) worked as well (on BD d-i-n-i 20150324, unstable has v. 20150418). Wolfgang signature.asc Description: Digital signature
Re: [debian-edu-commits] r86139 - trunk/src/build/CD-administrator
On Sun, Apr 19, 2015 at 05:16:06AM +, p...@alioth.debian.org wrote: Author: pere Date: 2015-04-19 05:16:05 + (Sun, 19 Apr 2015) New Revision: 86139 [..] export DEBVERSION=8.0+edu0~a0 Maybe s/a0/beta1/ for both CD and usbstick? Wolfgang signature.asc Description: Digital signature
Bug#780461: updates from #debian-systemd
On Mon, Apr 20, 2015 at 11:00:17PM +0200, Petter Reinholdtsen wrote: Could this be caused by dhclient running at a point during boot where /etc/ is read-only, causing /usr/sbin/update-hostname-from-ip to exit with an error code instead of updating the hostname? It is my best guess for why the hostname update wait for the first renewal. Seems to be /etc is writable at the time. Maybe the reason is that 'BOUND' isn't evaluated, only 'RENEWAL'? (2) For Profiles 'Workstation' and 'Minimal' the hook script is working like stated above. But LTSP-Servers may have PROFILE=Workstation, Thin-Client-Server set in /etc/debian/edu/config. The hook script IMO fails to update the hostname cause there's no matching case entry. I guess I'll file a separate bug about this issue to get it sorted. Also, why is the sethostname() function in the dhclient-exit-hooks.d/hostname script? It seem to be completely unused. Remove it? Yes, seems to be leftover cruft. And the log() function could be dropped as well; logging is done via the update-hostname-from-ip script. Wolfgang -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150421082557.ga5...@local.schweer-online.de
Re: Jessie Beta1 ISOs
On Fri, Apr 24, 2015 at 06:49:22PM +0200, Wolfgang Schweer wrote: On Fri, Apr 24, 2015 at 11:03:18AM +0200, Holger Levsen wrote: real reason after a look at testsuite/hardware and both installations is the package ddccontrol: installed if CD is used, not installed w/ BD. is there a bug for this already? maybe a temporary issue... It's not a temporary issue. Actually there seems to be quite a difference concerning the installed packages (default combi server) between beta1 CD and beta1 BD as installation media. The dependencies are resolved differently, I guess. At least testsuite/taskpkgs reports no error in both cases. This might have been an issue in the past too, I suspect. xz compressed package lists attached. Wolfgang combi-BD-pkg-list.xz Description: application/xz combi-CD-pkg-list.xz Description: application/xz signature.asc Description: Digital signature
Bug#780461: updates from #debian-systemd
On Tue, Apr 21, 2015 at 03:18:18PM +0200, Petter Reinholdtsen wrote: [Wolfgang Schweer] Seems to be /etc is writable at the time. Maybe the reason is that 'BOUND' isn't evaluated, only 'RENEWAL'? I tought both were handled in the script? Is there something wrong with that part? No, it isn't, both are dealt with. What I meant is: I suspect the state BOUND to be not handed over for some reason, only state RENEW. Maybe this is by intention, maybe a feature that I don't understand. I guess I'll file a separate bug about this issue to get it sorted. Yeah. This issue is now tracked as #783087. Wolfgang signature.asc Description: Digital signature
Re: Jessie Beta1 ISOs
On Fri, Apr 24, 2015 at 07:19:00PM +0200, Holger Levsen wrote: diff --git a/d-i-preseed-cfgs/debian-edu_jessie_main-ltsp-server_preseed.cfg b/d-i-preseed-cfgs/debian-edu_jessie_main-ltsp-server_preseed.cfg index 98d853a..635d536 100644 --- a/d-i-preseed-cfgs/debian-edu_jessie_main-ltsp-server_preseed.cfg +++ b/d-i-preseed-cfgs/debian-edu_jessie_main-ltsp-server_preseed.cfg @@ -392,7 +392,7 @@ d-i debian-edu-install/participate-popcon boolean false # Tell LTSP to not use the CDROM, but a HTTP mirror -d-i ltsp-client-builder/use_cdrom boolean false +#d-i ltsp-client-builder/use_cdrom boolean false :-) yes. this fix was only valid until the wrong thin-client-server preseeding got fixed :) I've reverted this commit now and triggered another build, we'll see. :) still waiting for the build of the hopefully final beta1 images should hopefully start in an hour or so... Wolfgang signature.asc Description: Digital signature
Re: Jessie Beta1 ISOs
On Fri, Apr 24, 2015 at 09:09:43PM +0200, Wolfgang Schweer wrote: Installation of the combi server has been successful. Using the just rsynced ISO images the results are like reported in both cases, netinst and usbstick. So these might be the final beta1 images. images and md5sums: 75ae82cdbd7c505ef7eb052aca20cb01 /var/www/ftp.skolelinux.org/cd-jessie-amd64-i386-netinst//debian-edu-amd64-i386-NETINST-1.iso debian-edu-amd64-i386-NETINST-1.iso 664576 KB 25.04.2015 05:36:00 local file: 75ae82cdbd7c505ef7eb052aca20cb01 ISO-images/debian-edu-amd64-i386-NETINST-1.iso 39e41011cf3fe7d208e86ceab73d692b /var/www/ftp.skolelinux.org/cd-jessie-usbstick//debian-edu-amd64-i386-BD-1.iso debian-edu-amd64-i386-BD-1.iso 5116304 KB 25.04.2015 03:56:00 local file: 39e41011cf3fe7d208e86ceab73d692b ISO-images/debian-edu-amd64-i386-BD-1.iso Wolfgang signature.asc Description: Digital signature
Re: Jessie Beta1 ISOs
On Fri, Apr 24, 2015 at 11:03:18AM +0200, Holger Levsen wrote: So someone needs to test a combi installation with the netinst image, to see whether the failures of https://jenkins.debian.net/view/edu_devel/job/g-i- installation_debian-edu_jessie_main-ltsp-server/ are due to the image or due to the jenkins setup... atm, installation is running w/ LTSP chroot installation in progress. After a brief look at the preseeding, this line seems to be missing for the jenkins job: d-i ltsp-client-builder/use_cdrom boolean false BTW: I persuaded d-i to replace ftp.de.debian.org with another (faster for me) mirror cause waiting for estimated 12 hours is no fun: d-i ltsp-client-builder/build-client-opts string --mirror http://mirror.1und1.de/debian --dist jessie (somehow new: xresprobe is not available in jessie, so testsuite/hardware complains about missing programs ddcprobe and ddccontrol). real reason after a look at testsuite/hardware and both installations is the package ddccontrol: installed if CD is used, not installed w/ BD. is there a bug for this already? maybe a temporary issue... debian-installer-netboot-images/20150422 will still move to jessie, so the images will change once more (before we can declare them beta1), I hope+think this will happen today... right; newest d-i-n-i installed on the system using the netinst CD: ftp://ftp.skolelinux.org/cd-jessie-amd64-i386-netinst/debian-edu-amd64-i386-NETINST-1.iso md5sum: c62f0c9ba3ec39f3f6a44485c050ebc2 664576 KB 23.04.2015 21:42:00 Wolfgang signature.asc Description: Digital signature
Bug#783087: debian-edu-config: dhclient exit hook hostname script fails to update LTSP server hostname
Package: debian-edu-config Version: 1.818 Severity: important Hi, LTSP servers have PROFILE=Workstation, Thin-Client-Server set in /etc/debian-edu/config after a default installation. The hook script fails to update the hostname cause there's no matching case entry. This patch seems to fix the issue (might be smarter, though): --- a/hostname 2015-04-20 21:35:25.26263 +0200 +++ b/hostname 2015-04-21 23:46:00.066965628 +0200 @@ -17,15 +17,14 @@ # if moved between networks. if [ -r /etc/debian-edu/config ] ; then . /etc/debian-edu/config - case $PROFILE in - Workstation|Thin-Client-Server|Minimal) - ;; - *) - exit 0 - ;; - esac -else +fi + +if echo $PROFILE | egrep -q 'Main-Server|Roaming-Workstation|Standalone' ; then exit 0 + else + if echo $PROFILE | egrep -q 'Workstation|Thin-Client-Server|Minimal' ; then + : + fi fi log() { Wolfgang signature.asc Description: Digital signature
Re: Jessie Beta1 ISOs
On Fri, Apr 24, 2015 at 06:49:22PM +0200, Wolfgang Schweer wrote: atm, installation is running w/ LTSP chroot installation in progress. Installation of the combi server has been successful. newest d-i-n-i installed on the system using the netinst CD: ftp://ftp.skolelinux.org/cd-jessie-amd64-i386-netinst/debian-edu-amd64-i386-NETINST-1.iso md5sum: c62f0c9ba3ec39f3f6a44485c050ebc2 664576 KB 23.04.2015 21:42:00 PXE installation is working with d-i-n-i/20150422 as well. All tests like reported for BD ISO successful for this CD ISO too :) Wolfgang signature.asc Description: Digital signature
Re: Fwd: First Jessie based Debian Edu beta release
On Tue, Apr 28, 2015 at 11:51:12AM +0200, Frank Weißer wrote: $ rsync -avzP ftp.skolelinux.org::skolelinux-cd/debian-edu-8.0+edu0~b1-CD.iso . gives rsync: failed to connect to ftp.skolelinux.org (158.36.191.142): Connection refused (111) rsync error: error in socket IO (code 10) at clientserver.c(128) [Receiver=3.1.1] Maybe a temporary problem, please try again. (rsync is working here for both ISO images.) Wolfgang signature.asc Description: Digital signature
diskless workstation vs. thin client (Was: [debian-edu-commits] [Debian Wiki] Update of DebianEdu/Documentation/Jessie/Architecture by JoeHansen)
On Fri, May 01, 2015 at 03:14:38PM -, Debian Wiki wrote: The DebianEdu/Documentation/Jessie/Architecture page has been changed by JoeHansen: https://wiki.debian.org/DebianEdu/Documentation/Jessie/Architecture?action=diffrev1=4rev2=5 Comment: newer older (or i don't get the point) In the given context: use older hardware as thin client, newer (than old) hardware as diskless workstation. Wolfgang signature.asc Description: Digital signature
Re: diskless workstation vs. thin client (Was: [debian-edu-commits] [Debian Wiki] Update of DebianEdu/Documentation/Jessie/Architecture by JoeHansen)
On Fri, May 01, 2015 at 06:01:09PM +0200, Wolfgang Schweer wrote: On Fri, May 01, 2015 at 03:14:38PM -, Debian Wiki wrote: The DebianEdu/Documentation/Jessie/Architecture page has been changed by JoeHansen: https://wiki.debian.org/DebianEdu/Documentation/Jessie/Architecture?action=diffrev1=4rev2=5 Comment: newer older (or i don't get the point) In the given context: use older hardware as thin client, newer (than old) hardware as diskless workstation. As it has been changed to 'older' now, there seems to be no difference any more in the instructions concerning the reuse of old hardware (thin clients or diskless workstations). But there's quite a difference. Running old hardware as diskless workstation only makes sense if the hardware would qualify to run as workstation (maybe harddisk excluded). IMO this has been the reason for 'newer hardware'. Wolfgang signature.asc Description: Digital signature
Re: wpad and chromium
On Wed, May 06, 2015 at 09:08:02AM +0200, Giorgio Pioda wrote: since yesterday we experience problems using the chromium browser on Skolelinux wheezy clients/server production network. Apparently it doesn't accept any more the wpad.dat configurations. Is there a recent change on this topic? No idea, but this resource might be useful: https://www.chromium.org/developers/design-documents/network-stack/debugging-net-proxy Wolfgang -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20150506083947.ga7...@local.schweer-online.de
Re: Failed install skolelinux 7
On Wed, May 13, 2015 at 11:44:31AM +0200, Helge Tore Høyland wrote: During install of skolelinux from debian-edu-7.1+edu0-CD.iso Try one of these images: http://ftp.skolelinux.org/cd-wheezy-usbstick/debian-edu-amd64-i386-BD-1.iso http://ftp.skolelinux.org/cd-wheezy-amd64-i386-netinst/debian-edu-amd64-i386-NETINST-1.iso Wolfgang signature.asc Description: Digital signature
Re: Squid proxy thoughts
On Fri, May 15, 2015 at 01:53:23PM +0200, Helge Tore Høyland wrote: It dit not work with chromium either. I checked both of the them for the setting they have, and it says Use Systems settings for firefox and http://wpad/wpad.dat; for chromium. Konqueror on the other hand picked up the change and uses my gateways proxy. But gateway shows both tjener.interns ip and clients ip when i use that. IMO this might be needed, too: check /etc/environment on the client systems (disable proxy). check /usr/share/debian-edu/networked-kde3/share/config/kioslaverc if using KDE (disable proxy). [kde3 is there due to historical reasons.] Both might be those System settings for various clients. Wolfgang signature.asc Description: Digital signature
Bug#779649: wont include today
On Tue, Apr 14, 2015 at 07:44:11PM +0200, Holger Levsen wrote: I've just looked at the squid-related branch of debian-edu-config and noticed this problem: - cf/cf.squid is run on updates and new installations - it executes share/debian-edu-config/tools/migrate-squid-to-squid3 which includes this code: if [ $(dpkg -l squid) != ] [ $(dpkg -l squid3) != ] ; then which will return error if either is not installed. I *fear* (or suspect) this might break the installation (when only one of them is installed) thus I'm vary to include this now. More feedback + testing welcome. Also its not really time critical now, as there are no critical security holes in squid right now. Thus also downgrading the severity. Agreed. Plus: the manual Upgrades chapter includes instructions how to migrate from squid to squid3. Wolfgang signature.asc Description: Digital signature
Re: [debian-edu-commits] [Debian Wiki] Update of DebianEdu/ReleaseNotes/Jessie by WolfgangSchweer
On Wed, Apr 15, 2015 at 05:14:19PM +0200, Holger Levsen wrote: aren't those changed needed on https://wiki.debian.org/DebianEdu/Documentation/Jessie/Features as well? yes, but postponed due to lack of time. Done now. Wolfgang signature.asc Description: Digital signature
Re: [debian-edu-commits] [Debian Wiki] Update of DebianEdu/ReleaseNotes/Jessie by WolfgangSchweer
On Thu, Apr 16, 2015 at 12:06:51PM +0200, Holger Levsen wrote: btw, I've also been thinking about replacing the image specific links in https://wiki.debian.org/DebianEdu/Documentation/Jessie/Installation#Download_the_installation_media_for_Debian_Edu_8.0.2B- edu0_Codename_.22Jessie.22 with more generic ones so that we dont have to update them (and their translations) constantly... what do you think? Seems like a good idea. Wolfgang signature.asc Description: Digital signature
Re: jenkins job debian-edu_jessie_main-ltsp-server
On Thu, Apr 09, 2015 at 09:49:51PM +0200, Wolfgang Schweer wrote: Maybe a greater PIXELDIFF value would let it go on. After digging into it one more time... While the above approach was supposed to be a dead end street, this one might be of value. Wolfgang From e25c494bf3b88f3d8798f7cf36cb1de88933bf25 Mon Sep 17 00:00:00 2001 From: Wolfgang Schweer wschw...@arcor.de Date: Sat, 11 Apr 2015 18:45:25 +0200 Subject: [PATCH] add *ltsp-server as it is basically the same as *combi-server. --- bin/g-i-installation.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/g-i-installation.sh b/bin/g-i-installation.sh index 94bb881..63296e7 100755 --- a/bin/g-i-installation.sh +++ b/bin/g-i-installation.sh @@ -854,7 +854,7 @@ post_install_boot() { *) ;; esac ;; - debian-edu*-combi-server) case $TOKEN in + debian-edu_*ltsp-server|debian-edu*-combi-server) case $TOKEN in # debian-edu installations report error found during installation, go forward 0100) ! $EDUTESTMODE || do_and_report move 760 560 click 1 ;; -- 2.1.4 signature.asc Description: Digital signature
Re: Apropos Jessie release notes (Was: [Debian Wiki] Update of DebianEdu/ReleaseNotes/Jessie by WolfgangSchweer)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Looks fine for me, last proposed para too. (Typo: into in seven languages) Wolfgang (sent from mobile) -BEGIN PGP SIGNATURE- Version: APG v1.1.1 iQJCBAEBCgAsBQJVMl+iJRxXb2xmZ2FuZyBTY2h3ZWVyIDx3c2Nod2VlckBhcmNv ci5kZT4ACgkQF+yw1/QxG0yBAg/+PyI06XpfoS7jpqET0HleilGA8c48VKwUES3v CHSc7bIeIIIpHFUFbKmaR0m6tJTdGCPCa3VCZ5SsAJ60bm84b0hKt6CxHwCfrLwb papixTZIq6/MUvwNlEtYfmAtuPHa3ZWTaZclUCFOuxepc5Wcu4E7rvAUtJ1lz3KV LNa9LCqjjdB3RSbmTRGXmh23xHnGYFBJEVKdi4eXEcRyl2Akq832iYB7YKYz5oiK poC9mCEfeRxyHxGXL2etgk/K2NV9vRwIQM0PA49h5au2G4zUV61kAJhG1+Ej2wtU 7rx9Y9+emISqk87PORgTTKHRJRcQ1y0bOUJd7BG/PN7qm7cWlDU/AD1sRpQUcJvu FjTblpTvN75kKsJFbooz8wzxEqBCBWvyBJXcy+5O7vTPLSIUZ0MCT7NuQDvC3G6Z 4EFHXo/KjMPfdtqW3SXPLizRQG9exSRjHk3EytuLeulHf447lRL5ow65/sLai8lW xPz1i4/QQg8X6WHCH408j26eDdvqUK1Q84q8pdROdUc0sJQ1pjXcL89ipErPd7v1 0hbB9L+4sMbEyrIheNHuSNz7lkPMWPtEVxrEhfNdXbedglEdxk8/aqzJGzKAX5h3 6eiRC/RSqcHxsGlOj7bHPy3V9CQZG/p0an/eN8qAHWfvGhfore/40A0xvxwL4f57 w8K/aPE= =E78p -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/6fe2bda8-6901-4ce1-aec6-ba808eebe...@arcor.de
Re: Apropos Jessie release notes (Was: [Debian Wiki] Update of DebianEdu/ReleaseNotes/Jessie by WolfgangSchweer)
Hi Andreas. On Fri, Apr 17, 2015 at 01:32:34PM +0200, Andreas Tille wrote: since you are discussing about Jessie release notes: I'd consider it sensible to mention Debian Edu also in: https://anonscm.debian.org/viewvc/ddp/manuals/trunk/release-notes/en/whats-new.dbk?view=markup Thanks for the hint, seems to be a good idea. Maybe something like this could be added, feedback welcome: section id=debian-edu titleNews from Debian Edu Blend/title paraThe Debian Edu team was able to drop the need of an own repository. The first Jessie based Debian Edu beta is released at the same time as Debian Jessie with all packages now being in Debian. Visit the ulink url=http://blends.debian.org/edu/tasks;Debian Edu tasks pages/ulink for an overview of educational software packages included in Debian Edu and the ulink url=https://wiki.debian.org/DebianEdu/Documentation/Jessie; Debian Edu Jessie manual pages/ulink for detailed information about setting up a completely configured school network; the manual contains download links for CD and BD ISO images. /para /section Wolfgang signature.asc Description: Digital signature
Re: jenkins job debian-edu_jessie_main-ltsp-server
On Sun, Apr 05, 2015 at 01:55:10PM +0200, Holger Levsen wrote: diff --git [...] -d-i ltsp-client-builder/use_cdrom boolean false +#d-i ltsp-client-builder/use_cdrom boolean false thanks, merged, deployed and https://jenkins.debian.net/view/reproducible/job/g-i-installation_debian- edu_jessie_main-ltsp-server/174/console triggered! Comparing console output (with preseeding 'use_cdrom boolean false'): https://jenkins.debian.net/view/edu_devel/job/g-i-installation_debian-edu_jessie_main-ltsp-server/173/console and (with preseeding 'use_cdrom boolean true'): https://jenkins.debian.net/view/edu_devel/job/g-i-installation_debian-edu_jessie_main-ltsp-server/176/console seems to show that building the chroot is working now. Any idea / logs why it fails during this step? (Running an installation manually in a similar way using the same ISO file and slightly modified preseeding (only to match the local setup) has actually been working in a virtualbox test environment.) Wolfgang signature.asc Description: Digital signature
Re: Debian Edu Beta 1 on Jessie Release Date: 2015-04-25
On Tue, Apr 07, 2015 at 09:50:22PM +0200, Holger Levsen wrote: - we should release Debian Edu 8 Jessie Beta1 on the 25th of April 2015, together with the release of Debian Edu 8. - we should aim to release Debian Edu 8 Jessie whenever Debian Jessie 8.1 is released, providing this date is suitable to us and we're confident of our release, of course! (A week later so we can base our final images on 8.1) - are we (Debian Edu) up to this challenge? There's actually not that much to do, it's mostly testing images + updates, reporting back and writing up the release announcement, plus some last minute translations to the manual... I think we can (+should!) do it! Yes. Sounds like a good plan. If you know of any issues affecting Debian Edu jessie, please update https://wiki.debian.org/DebianEdu/Status/Jessie An unblock request for debian-installer-netboot-images 20150324 is still needed, I guess. (PXE installs affected.) Wolfgang signature.asc Description: Digital signature
jenkins job debian-edu_jessie_main-ltsp-server
Hi, this job is IMO failing due to the wrong preseeding in (d-e-config)/ defaults.thin-client-server causing a CD installation to be assumed. As a CD is actually available (as opposed to using pxeinstall) the problem could probably be solved modifying the preseeding to use it (which is the ltsp-client-builder-udeb default). diff --git a/d-i-preseed-cfgs/debian-edu_jessie_main-ltsp-server_preseed.cfg b/d-i-preseed-cfgs/debian-edu_jessie_main-ltsp-server_preseed.cfg index 98d853a..635d536 100644 --- a/d-i-preseed-cfgs/debian-edu_jessie_main-ltsp-server_preseed.cfg +++ b/d-i-preseed-cfgs/debian-edu_jessie_main-ltsp-server_preseed.cfg @@ -392,7 +392,7 @@ d-i debian-edu-install/participate-popcon boolean false d-i grub-installer/bootdev string /dev/sda # Tell LTSP to not use the CDROM, but a HTTP mirror -d-i ltsp-client-builder/use_cdrom boolean false +#d-i ltsp-client-builder/use_cdrom boolean false d-i ltsp-client-builder/build-client-opts string --dist jessie --mirror http://ftp.de.debian.org.org/debian --copy-sourceslist rpcbind rpcbind/loopback boolean false Wolfgang signature.asc Description: Digital signature
Bug#780739: debian-edu-config: debian-edu-pxeinstall fails to preseed ltsp-build-client
On Wed, Mar 18, 2015 at 05:15:45PM +0100, Wolfgang Schweer wrote: Package: debian-edu-config Version: 1.817 Severity: important Tags: patch During test to pxeinstall a thin-client-server I noticed, that ltsp-client-builder preseeding had not taken effect. This is due to a wrong type. This patch fixed it: diff --git a/sbin/debian-edu-pxeinstall b/sbin/debian-edu-pxeinstall index 02b440a..9dc358a 100755 --- a/sbin/debian-edu-pxeinstall +++ b/sbin/debian-edu-pxeinstall @@ -199,7 +199,7 @@ d-i mirror/ftp/proxystring $ftp_proxy #d-i passwd/root-password-crypted password passwordhash # Tell LTSP to not use the CDROM, but a HTTP mirror -d-i ltsp-client-builder/use_cdrom boolean false +d-i ltsp-client-builder/use_cdrom string false d-i ltsp-client-builder/build-client-opts string --mirror $mirrorurl --dist $dist # Tell PXE clients to fetch the correct time from the central NTP server After digging into it I believe that this patch is unneeded. Real reason for the failure was most probably a wrong preseeding in d-e-config/defaults.thin-client-server. Wolfgang signature.asc Description: Digital signature
Bug#779649: so no squid on new jessie installs?
On Wed, Apr 08, 2015 at 08:30:44PM +0200, Petter Reinholdtsen wrote: [Holger Levsen] I'm a bit surprised by #779649 debian-edu: should use squid3 instead of unmaintained squid after upgrade from wheezy - does that mean that there is no http proxy installed on new installtions of Debian Edu Jessie? Nope. If that was the case, the self testing after test installation would report an error. d-e has squid in wheezy and squid3 in jessie as defaults. (IIRC squid3 is available in wheezy as well, squid is deprecated and missing in jessie.) If upgrading from wheezy d-e would end up with squid kept installed and working but w/o any updates, I guess. Wolfgang signature.asc Description: Digital signature
Re: jenkins job debian-edu_jessie_main-ltsp-server
On Thu, Apr 09, 2015 at 04:58:27PM +0200, Holger Levsen wrote: I don't think more time is the right solution, as it got past the installation, rebooted and is now waiting for the self-tests to end. So it's hanging somewhere else and the fix needs to be elsewhere (lines 1355-1360). Maybe a greater PIXELDIFF value would let it go on. Wolfgang From 3203abab67322274e5e9775d6a12fd9f36d83f68 Mon Sep 17 00:00:00 2001 From: Wolfgang Schweer wschw...@arcor.de Date: Thu, 9 Apr 2015 21:37:38 +0200 Subject: [PATCH] fix d-e ltsp-server by augmenting the PIXELDIFF value. --- bin/g-i-installation.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/bin/g-i-installation.sh b/bin/g-i-installation.sh index 94bb881..92d3ce4 100755 --- a/bin/g-i-installation.sh +++ b/bin/g-i-installation.sh @@ -1354,6 +1354,8 @@ case $NAME in case $NAME in debian-edu_*test*server) let START_TRIGGER=NR+600 ;; +debian-edu_*ltsp-server|debian-edu_*combi-server) let START_TRIGGER=NR+80 ; PIXELDIFF=230 +;; *)let START_TRIGGER=NR+80 ;; esac -- 2.1.4 signature.asc Description: Digital signature
Bug#779649: so no squid on new jessie installs?
On Thu, Apr 09, 2015 at 10:38:25AM +0200, Holger Levsen wrote: On Mittwoch, 8. April 2015, Wolfgang Schweer wrote: If upgrading from wheezy d-e would end up with squid kept installed and working but w/o any updates, I guess. and that (=no security upgrades) is a serious problem as it's a network facing service, putting the whole installation (and thus pupils and teachers data) at risk. the steps to migrate from squid to squid3 contained in the d-e jessie manual Upgrades chapter might go into a script called during the cfengine fifths pass run. In addition it would be needed to check in the script if squid3 is running to keep cfengine's actions idempotent. Unsure if this could be the way to go as I dont know enough about cfengin's passes (and to actually code it). Wolfgang signature.asc Description: Digital signature
Re: jenkins job debian-edu_jessie_main-ltsp-server
On Thu, Apr 09, 2015 at 11:42:47AM +0200, Holger Levsen wrote: thanks, merged, deployed and about to trigger the job! :) It got further but not far enough. double timeout one more time. Wolfgang From 6a4b3cab62d7d4ccb08a99add8934eea24dadf3c Mon Sep 17 00:00:00 2001 From: Wolfgang Schweer wschw...@arcor.de Date: Thu, 9 Apr 2015 16:44:31 +0200 Subject: [PATCH] double timeout one more time. --- bin/g-i-installation.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/g-i-installation.sh b/bin/g-i-installation.sh index 94bb881..321cc0f 100755 --- a/bin/g-i-installation.sh +++ b/bin/g-i-installation.sh @@ -1320,7 +1320,7 @@ case $NAME in ;; *_presentation) monitor_system presentation 10 ;; - debian-edu_*ltsp-server|debian-edu_*combi-server) monitor_system install wait4match 3000 100 1200 + debian-edu_*ltsp-server|debian-edu_*combi-server) monitor_system install wait4match 3000 100 2400 ;; debian-edu_*wheezy*standalone*) monitor_system install wait4match 1200 100 ;; -- 2.1.4 signature.asc Description: Digital signature
Bug#779649: so no squid on new jessie installs?
On Wed, Apr 08, 2015 at 10:51:27PM +0200, Holger Levsen wrote: On Mittwoch, 8. April 2015, Petter Reinholdtsen wrote: Nope. If that was the case, the self testing after test installation would report an error. so it installs squid3? yes. Wolfgang signature.asc Description: Digital signature
Re: jenkins job debian-edu_jessie_main-ltsp-server
On Tue, Apr 07, 2015 at 02:08:15PM +0200, Petter Reinholdtsen wrote: The installation is working, but the time between changes to the progress bar is too long, causing the jenkins test to fail to see changes to the screen shots for too long, believing the installation is hanging. The solution is to increase the timeout for the ltsp installs. No idea by how much. Perhaps a good idea to double it until it is long enough, and then try to cut it down by using binary search. :) maybe the attached patch would do it? Wolfgang From 5de23ef77e2a894ca16b9d88955990a8632b3ea4 Mon Sep 17 00:00:00 2001 From: Wolfgang Schweer wschw...@arcor.de Date: Thu, 9 Apr 2015 10:38:19 +0200 Subject: [PATCH] set doubled timeout for g-i-installs of type d-e-combi and d-e-ltsp-server. --- bin/g-i-installation.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/g-i-installation.sh b/bin/g-i-installation.sh index 22cd382..24040fa 100755 --- a/bin/g-i-installation.sh +++ b/bin/g-i-installation.sh @@ -1320,7 +1320,7 @@ case $NAME in ;; *_presentation) monitor_system presentation 10 ;; - debian-edu_*combi-server) monitor_system install wait4match 3000 100 + debian-edu_*ltsp-server|debian-edu_*combi-server)) monitor_system install wait4match 3000 100 1200 ;; debian-edu_*wheezy*standalone*) monitor_system install wait4match 1200 100 ;; -- 2.1.4 signature.asc Description: Digital signature
Re: LDAP import/export
On Wed, Jun 17, 2015 at 01:08:14PM +0200, Giorgio Pioda wrote: The only big problem is to cope with the krb5 stash file/masterkey, as you described. If you set up a new jessie tjener this problem doesn't exist. It's only required when upgrading an existing wheezy main server. To fix/control only the export of additional user created gosa groups and the systems. Good luck. Wolfgang signature.asc Description: Digital signature
Re: LDAP import/export
On Wed, Jun 17, 2015 at 08:59:45AM +0200, Giorgio Pioda wrote: Failed to generate LDAP export: Enter LDAP Password: ldap_bind: Server is unwilling to perform (53) additional info: unauthenticated bind (DN with no password) disallowed (while operating on LDAP server ldap://ldap.intern) Any idea to fix it? No. But it might be possible to (adapt and) use Petter's script: /usr/share/debian-edu-config/tools/ldap-migrate-squeeze-wheezy IIRC, some final migration steps had to be done manually (search the mailing list). But, there's the chance that the script might even work better for wheezy to jessie migration cause the changes to the initial LDAP database have been minimal. You might find this useful, too: https://wiki.debian.org/DebianEdu/Documentation/Jessie/Upgrades Please note that this upgrade recipe has only been tested on a system with a default combi server setup. Wolfgang signature.asc Description: Digital signature
Re: LDAP import/export
On Wed, Jun 17, 2015 at 11:55:54AM +0200, Giorgio Pioda wrote: No. But it might be possible to (adapt and) use Petter's script: /usr/share/debian-edu-config/tools/ldap-migrate-squeeze-wheezy Actually on my wheezy tjener this script is missing. Do I have to install some additional packages? Sorry, only available in git. IIRC now it isn't shipped due to it's experimental status. Attached for your convenience. Wolfgang #!/usr/bin/perl # # Migrate the relevant parts of the Debian Edu LDAP database from # Squeeze to Wheezy. # # Extract users and groups from the slapcad output to insert with # slapadd. It must be run just after installation of the main server. sub usage { my $exitcode = shift; print 'EOF'; Usage: $0 Migrate LDAP information from a Debian Edu Squeeze main server to a Debian Edu Wheezy main server. How to use it: # Get a copy of the Squeeze LDAP database ssh root@squeeze-tjener service slapd stop ssh root@squeeze-tjener slapcat tjener-squeeze.ldif ssh root@squeeze-tjener service slapd start # Fetch Kerberos master key used to encrypt user passwords ssh root@squeeze-tjener klist -K -k /etc/krb5kdc/stash # Get a copy of the current Wheezy LDAP database service slapd stop slapcat tjener-wheezy.ldif service slapd start # Restart local LDAP server ldap-migrate-squeeze-wheezy # Create input file for ldapmodify to merge ldapadmindn=$(ldapsearch -H ldap://localhost/ -x ((cn=admin)(objectClass=simpleSecurityObject)) 2/dev/null | perl -p0e 's/\n //g' | awk '/^dn: / {print $2}') ldapmodify -H ldap://localhost/ -ZZ -D $ldapadmindn -W -v -x tjener-wheezy-ldapmodify.ldif # Load the new/changed entries into LDAP # List current key with KNVO 1 klist -K -k /etc/krb5kdc/stash # Add old Kerberos master key used to encrypt user passwords as KNVO 2 kdb5_util add_mkey # Add new Kerberos master key to get a KNVO number higher than the old key kdb5_util add_mkey # Activate key with KNVO 3 kdb5_util use_mkey 3 # Migrate all users to KNVO 3 kdb5_util update_princ_encryption # Store key with KNVO 3 in /etc/krb5kdc/stash kdb5_util stash # Remove now obsolete keys with KNVO 1 and 2 kdb5_util purge_mkeys -v # Copy home directories from old to new main-server rsync -av root@squeeze-tjener:/skole/tjener/home0/. /skole/tjener/home0/. WARNING: This code is experimental! EOF exit($exitcore) if $exitcode; } use strict; use warnings; use Getopt::Std; use Net::LDAP::LDIF; use Data::Dumper; my $debug = 0; my %opts; getopts(d, \%opts) || usage(1); $debug = 1 if $opts{d}; my $oldldiffile = tjener-squeeze.ldif; my $curldiffile = tjener-wheezy.ldif; my $newldiffile = tjener-wheezy-ldapmodify.ldif; my $oldldif = Net::LDAP::LDIF-new( $oldldiffile, r, onerror = 'undef' ); unless ($oldldif) { warn unable to read $oldldiffile; usage(1); } my $curldif = Net::LDAP::LDIF-new( $curldiffile, r, onerror = 'undef' ); unless ($curldif) { warn unable to read $curldiffile; usage(1); } my $newldif = Net::LDAP::LDIF-new( $newldiffile, w, onerror = 'undef', change = 1 ); unless ($newldif) { warn unable to write $newldiffile; usage(1); } my %curuser; my %curgroup; my %cursudorole; my %curnisnetgroup; my %curhost; while (not $curldif-eof() ) { my $entry = $curldif-read_entry(); if ( ! $curldif-error() ) { my %cls; map { $cls{$_} = 1 } $entry-get_value('objectClass'); print Data::Dumper-Dump([\%cls], [qw(*cls)]) if $debug; if (exists $cls{'posixAccount'} exists $cls{'person'} ! exists $cls{'gosaUserTemplate'} ! exists $cls{'gotoWorkstation'}) { $curuser{$entry-get_value('uid')} = 1; } elsif (exists $cls{'posixGroup'} ) { $curgroup{$entry-get_value('cn')} = $entry; } elsif (exists $cls{'sudoRole'} ) { $cursudorole{$entry-get_value('cn')} = $entry; } elsif (exists $cls{'nisNetgroup'} ) { $curnisnetgroup{$entry-get_value('cn')} = $entry; } elsif (exists $cls{'device'} || exists $cls{'goServer'} || exists $cls{'gotoWorkstation'}) { $curhost{$entry-get_value('cn')} = $entry; } } } print Data::Dumper-Dump([\%curuser], [qw(*curuser)]) if $debug; print Data::Dumper-Dump([\%curgroup], [qw(*curgroup)]) if $debug; print Data::Dumper-Dump([\%curnisnetgroup], [qw(*curnisnetgroup)]) if $debug; # Extract every user and group LDAP object not already in the LDAP # database. while (not $oldldif-eof() ) { my $entry = $oldldif-read_entry(); if ( $oldldif-error() ) { print Error msg: , $oldldif-error( ), \n; print Error lines:\n, $oldldif-error_lines( ), \n; } else { my %cls; map { $cls{$_} = 1 } $entry-get_value('objectClass'); if (exists $cls{'posixAccount'} exists $cls{'person'} ! exists $cls{'gosaUserTemplate'} ! exists
Re: Re: LDAP import/export
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 As far as the user password encryption is concerned (stash file) you have to do it like done in Petter's script, the keytab files could be left untouched, I suppose. Wolfgang -BEGIN PGP SIGNATURE- Version: APG v1.1.1 iQJCBAEBCgAsBQJVgWppJRxXb2xmZ2FuZyBTY2h3ZWVyIDx3c2Nod2VlckBhcmNv ci5kZT4ACgkQF+yw1/QxG0wzVg//Yxr5pJUglp5UwxAf42ApdIF6S/vX1WPuHY2/ wcfeYxY46Ylmk2qVZNnpyMLCi5WDwSg+dzyKplbaDLu9QmIEya0z/ef6opHZaJ71 H75eZaeOQCbgQap5LxATIQI0Y6/5TipijFgKn9nSuCYW3T3cLFaUSmdUpo0PSaiX Zwb/AakumVJguTAnrc5Wj1EyBJb0xCp9hMj3yBoKFBvdX84D9HlcWDU14SneXaxa IgIxM4e7lG5V2PWnBGIyYl1Ijw/52jLW15qWNra9O+NvBIJ5+2SUEvXbLKM0rXLe C/+vPQGp/UYFubkRcGGHjcpW36cnu33HuOGWxA0eWAc+y+kZwuwVpSApouPzwxsv QfQJlfXjC7D6tiryDU2WEUjqtjn46nOmphiJMPKCV3N4sKioApSzVhnF2e0Yi4AH wKIgIhSO4UIQQlN0HpaLxlFynZx1aAbV55YLQFrhmLs4hELzyXGLSterYbEQpGGL Vv6nTfJ4vNe0c9VGldHDCrrRozItrxdSlAapd1B3VUZlTtcc26v5MbETfqg2jrAa 2NyAasRL3MpSlQpti04kaC3cDj3xpS3gFCwy9a16osyPZLHNs5KxbucSIpmMsseO u0vmggQdGWd0vM/hKmrkAvEn4z/QWuGViAdIpO1PZq2fvQManvJ+z9ezypxpiJto +3FJEBg= =I8nA -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/ac89ac3a-7d56-4e7d-90ea-86e694b4b...@arcor.de
Re: nfs4 server doesn't allow ws client mount
On Fri, Jul 03, 2015 at 04:01:27PM +0200, Giorgio Pioda wrote: [..] 3) Fresh WS client install via PXE/Jessie. Added with sitesummary into GOsa. 4) Cannot login on WS, but can on tjener with all users. Also a brand new jessie created user is not able to login into WS, complaining that the home partition is not mounted (workstation-hosts) but the machine IS in the group This might be caused by the 15 minute delay for changed hostnames to be updated on the client side. As opposed to the procedure documented in the manual, please leave the ws hostname as it is (auto-mac-xx- ...), and maybe restart the isc-dhcp-server (just to be sure). At least this worked for me after testing once again a pxe installed ws in a virtualbox environment. Wolfgang signature.asc Description: Digital signature
Re: Cannot enter home directory. Using /.
Hi, cc'ing to the debian-edu mailing list, where more people could give advice. Please consider to subscribe to the list if not yet done. On Sat, Jul 04, 2015 at 09:01:00AM +, Tom Duguid wrote: I have a SckoleLinux server installed with the main server and workstation options selected for install. I have 10 workstations with SkoleLinux installed. I made a mistake when installing some of the workstations using sitesummary2ldap so I removed them using GOSA2. I used 'sitesummary2ldap -a -i ether-xx:xx:xx:xx:xx:xx -t workstations' to put the workstations back on the server. The workstations that I had NOT added and removed previous to this worked. The workstations that I had added by mistake and removed previous to this came up with the following error whenever any user attempts to log in: 'Cannot enter home directory. Using /.' I can recreate this on a Virtual Machine setup by adding a workstation client to the VM server (it works at this point) and then removing it through GOSA2 and adding it again through sitesummary2ldap. When I try to log into the VM workstation I get the 'Cannot enter home directory. Using /.' error again. Confirmed for a combined server (jessie) and clients in a VirtualBox test environment. I was able log in after disabling the nscd netgroup cache using these steps (on tjener): service nscd stop rm /var/cache/nscd/netgroup sed -i '/netgroup/ s/yes/no/' /etc/nscd.conf service nscd start service nslcd restart service nfs-kernel-server restart Please consider to test the workaround. Wolfgang signature.asc Description: Digital signature
Re: Cannot enter home directory. Using /.
On Mon, Jul 06, 2015 at 10:43:16AM +0200, Wolfgang Schweer wrote: I compared the wheezy and jessie nscd.conf files. As opposed to wheezy, netgroup caching is enabled by default in jessie. I guess filing a bug against nscd will be the right thing. Done: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791562 Wolfgang signature.asc Description: Digital signature