[Bug 1013] confirm: imap: passwordless auth or different password wished
http://bugs.skolelinux.org/show_bug.cgi?id=1013 Andreas B. Mundt changed: What|Removed |Added Status|ASSIGNED|RESOLVED Resolution||REMIND --- Comment #10 from Andreas B. Mundt 2011-02-13 09:34:34 --- (In reply to comment #9) > Andreas (M.), whats the status on this? > Yeah, should work fine with Kerberos now (imap- and smtp- ticket). The (user-) configuration still needs documentation. There is room for improvements (address rewriting, external use, automatic configuration for the user out of the box, etc.), but the initial problem (saving the system password in the config file of the mail client) is fixed. Switch bug to REMIND to keep mail system improvements in mind. Regards, Andi -- Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are watching all bug changes. -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1poxpf-0002xl...@maintainer.skolelinux.no
Re: r72930 - trunk/src/debian-edu-config/debian
Hi, On Sonntag, 13. Februar 2011, Petter Reinholdtsen wrote: > It is technically not very hard. It would involve asking a debconf > question before pkgsel is running in d-i, and setting the > tasksel/desktop debconf value. This is the same operation that is > done based on the desktop=kde/gnome kernel argument used to select > gnome vs. kde vs xfce vs ... at the moment. Thats what we thought at first too. Sadly powerdns and bind9 also need different values (!) for the cNAMERecord attribute... > The problematic part is explaining to teachers installing Debian Edu > for the first time what the options mean and why they should be forced > to select one of them. Perhaps it only should show up in > debian-edu-expert installation mode? Totally, if at all. The default should be bind and thats what should be documented and taught. When we suggested this option we were rather thinking about giving the Extremadura deployment a means to easily go with powerdns - but maybe they dont need it? cheers, Holger signature.asc Description: This is a digitally signed message part.
Bug#602863: from bind9 to powerdns and back to bind9
Hi, during the Debian Edu meeting here in Zweibrücken we discussed #602863 and how to solve it. I've asked about 15 people what they'd think about us previously using bind9 (until and including etch), then moving to powerdns (in lenny) and then switching back to bind9 in squeeze. Everybody except two people were _enthusiastic_ about the idea, one person wanted to stay neutral and one neither liked bind9 nor powerdns (and suggested dnsmasq which appearantly also has ldap support). So we decided to switch back to bind9 to solve #602863. And we still seek feedback and comments on this! This was done in svn for the debian-edu and debian-edu-config packages in r72928-72930: * Switch from pdns to bind and ldap2zone. This enables management of hosts with GOsa and has been done to enable further testing. Obviously it could be reverted and needs to be agreed on. Also needs documentation if kept for the release. Add debian/TODO.Squeeze. debian/TODO.Squeeze is kept in debian-edu-config and reads: * cf.pdns for pdns has been kept for easier reverting back to pdns. Or is this useful for users of pdns too (luis)? There were also thoughts about an install option (like gnome instead of kde) though this aint that easy probably, as it also involves the ldap ui... * Some extra attributes (objectClass: domainRelatedObject i.e. associateddomain) in gosa-server.ldif have also been kept, they probably conflict with making additions/changes in GOsa and need to be removed if we want to keep bind. Currently it seems we have broken the main server installation with this, we are working on fixing this, but due to traveling and the work week starting tomorrow this might take a few days. Stay tuned :-) cheers, Holger signature.asc Description: This is a digitally signed message part.
Re: r72930 - trunk/src/debian-edu-config/debian
[Holger Levsen] > Thats what we thought at first too. Sadly powerdns and bind9 also > need different values (!) for the cNAMERecord attribute... Your comment was about kde vs. gnome, right? That was what I was answering. The rest of your comment now seem to be about powerdns vs. bind, which was not what I was discussing. It is as you say, a lot harder. I do not really thing anyone care much about bind vs. powerdns. I know I do not. I do on the other hand care about delayed vs. direct DNS updates, where powerdns give us direct DNS updates after updating LDAP, while bind give us delayed updates. I would very much like to have LDAP changes take effect imedidately in DNS. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110213121056.gi9...@login1.uio.no
debian-edu_0.852~svn72937_amd64.changes ACCEPTED
Accepted: education-astronomy_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-astronomy_0.852~svn72937_amd64.deb education-chemistry_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-chemistry_0.852~svn72937_amd64.deb education-common_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-common_0.852~svn72937_amd64.deb education-desktop-gnome_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-desktop-gnome_0.852~svn72937_amd64.deb education-desktop-kde_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-desktop-kde_0.852~svn72937_amd64.deb education-desktop-lxde_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-desktop-lxde_0.852~svn72937_amd64.deb education-desktop-other_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-desktop-other_0.852~svn72937_amd64.deb education-desktop-sugar_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-desktop-sugar_0.852~svn72937_amd64.deb education-development_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-development_0.852~svn72937_amd64.deb education-electronics_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-electronics_0.852~svn72937_amd64.deb education-geography_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-geography_0.852~svn72937_amd64.deb education-graphics_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-graphics_0.852~svn72937_amd64.deb education-language_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-language_0.852~svn72937_amd64.deb education-laptop_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-laptop_0.852~svn72937_amd64.deb education-logic-games_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-logic-games_0.852~svn72937_amd64.deb education-main-server_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-main-server_0.852~svn72937_amd64.deb education-mathematics_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-mathematics_0.852~svn72937_amd64.deb education-menus_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-menus_0.852~svn72937_amd64.deb education-misc_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-misc_0.852~svn72937_amd64.deb education-music_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-music_0.852~svn72937_amd64.deb education-networked_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-networked_0.852~svn72937_amd64.deb education-physics_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-physics_0.852~svn72937_amd64.deb education-services_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-services_0.852~svn72937_amd64.deb education-standalone_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-standalone_0.852~svn72937_amd64.deb education-tasks_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-tasks_0.852~svn72937_amd64.deb education-thin-client-server_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-thin-client-server_0.852~svn72937_amd64.deb education-thin-client_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-thin-client_0.852~svn72937_amd64.deb education-workstation_0.852~svn72937_amd64.deb to pool/local/d/debian-edu/education-workstation_0.852~svn72937_amd64.deb Override entries for your package: education-astronomy_0.852~svn72937_amd64.deb - extra local/misc education-chemistry_0.852~svn72937_amd64.deb - extra local/misc education-common_0.852~svn72937_amd64.deb - extra local/misc education-desktop-gnome_0.852~svn72937_amd64.deb - extra local/gnome education-desktop-kde_0.852~svn72937_amd64.deb - extra local/kde education-desktop-lxde_0.852~svn72937_amd64.deb - extra local/x11 education-desktop-other_0.852~svn72937_amd64.deb - extra local/misc education-desktop-sugar_0.852~svn72937_amd64.deb - extra local/x11 education-development_0.852~svn72937_amd64.deb - extra local/misc education-electronics_0.852~svn72937_amd64.deb - extra local/misc education-geography_0.852~svn72937_amd64.deb - extra local/misc education-graphics_0.852~svn72937_amd64.deb - extra local/misc education-language_0.852~svn72937_amd64.deb - extra local/misc education-laptop_0.852~svn72937_amd64.deb - extra local/misc education-logic-games_0.852~svn72937_amd64.deb - extra local/misc education-main-server_0.852~svn72937_amd64.deb - extra local/misc education-mathematics_0.852~svn72937_amd64.deb - extra local/misc education-menus_0.852~svn72937_amd64.deb - extra local/misc education-misc_0.852~svn72937_amd64.deb - extra local/misc education-music_0.852~svn72937_amd64.deb - extra local/misc education-networked_0.852~svn72937_amd64.deb - extra local/misc education-physics_0.852~svn72937_amd64.deb - extra local/misc education-services_0.852~svn72937_amd64.deb - extra local/misc education-standalone_0.852~svn72937_amd64.deb - extra local/misc education-tasks_0.852~svn72937_amd64.deb - extra local
Re: r72930 - trunk/src/debian-edu-config/debian
Hi, On Sonntag, 13. Februar 2011, Petter Reinholdtsen wrote: > Your comment was about kde vs. gnome, right? no. > LDAP, while bind give us delayed updates. I would very much like to > have LDAP changes take effect imedidately in DNS. If you (or anybody else) needs undelayed updates, get a root shell and enter "ldap2bind". Easy and also easy to communicate to and be done by supporter or teachers. (Thats what the supporters and teachers said here.) cheers, Holger signature.asc Description: This is a digitally signed message part.
[Bug 1379] etch: Ldap Crash with to many files open
http://bugs.skolelinux.org/show_bug.cgi?id=1379 Klaus Ade Johnstad changed: What|Removed |Added CC||kl...@skolelinux.no --- Comment #14 from Klaus Ade Johnstad 2011-02-13 13:17:40 --- I see this now and then, especially in bigger installations (few thousand users in ldap), the fix is to add something like "ulimit -n 4096" to /etc/default/slapd -- Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are watching all bug changes. -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1poatz-0006se...@maintainer.skolelinux.no
Bug#602859: netgroup support for gosa
Hi, during the meeting in Zweibrücken we also discussed the need to be able to manage netgroups with gosa and thankfully Mike volunteered to work on this. Yay! cheers, Holger signature.asc Description: This is a digitally signed message part.
Bug#613167: kerberized nfs4 mounting
package: debian-edu-config severity: wishlist Hi, to ease maintainance (no more adding of workstations to be able to access home shares) and to improve security, it would be desirable to use kerberized nfs4 mounting. This bug is for tracking this issue, ie by documenting the needed steps. It's a wishlist feature and we can certainly release squeeze without. (It needs some time to implement and test properly.) cheers, Holger signature.asc Description: This is a digitally signed message part.
experiences with ltsp thin clients and kde4
Hi, does anybody already have experiences with running full classrooms of thin clients with kde4? Klaus Ade believes its not feasable to do this (even on very powerful server hardware), as the UI feels very slow once multiple users are working with it. But Klaus Ade only tested it and this didnt convince him. Does someone actually *use* such a setup (kde4 + thin clients) in production? The solution is probably to switch to LXDE, though IMO we shouldnt hold the release for it. Doing the switch manually is easy as its document it. cheers, Holger signature.asc Description: This is a digitally signed message part.
[Bug 1379] etch: Ldap Crash with to many files open
http://bugs.skolelinux.org/show_bug.cgi?id=1379 Holger Levsen changed: What|Removed |Added Status|RESOLVED|REOPENED Resolution|WORKSFORME | Version|etch-release-3.0r0 |squeeze --- Comment #15 from Holger Levsen 2011-02-13 14:38:27 --- klaus wrote: # the fix is to add something like "ulimit -n 4096" to # /etc/default/slapd shoudlnt we do this by default then? -- Configure bugmail: http://bugs.skolelinux.org/userprefs.cgi?tab=email --- You are receiving this mail because: --- You are the assignee for the bug. You are watching all bug changes. -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1poc9j-00039t...@maintainer.skolelinux.no
Bug#613214: use libpam-krb5 for uidNumbers greater than 10000 only (as opposed to the default > 1000)
Package: debian-edu-config Version: 1.446~svn72930 Severity: minor Tags: squeeze For integration of Kerberos5 libpam-krb5 needs to be tweaked in a way that it will only apply krb5 pam rules to uidNumbers greater than 1 (presuming that LDAP users on the Tjener start with 1). The current libpam-krb5 package hard-codes uidNumber = 1000 in /usr/share/pam-configs/krb5 The tweak probably has to be applied via a cfengine script. However, there exists an optional ActiveDirectory integration for Debian Edu which hacks the /etc/pam.d/common-* files. Thus, fixing this issue should try to be compliant with the changes performed by /share/debian-edu-config/tools/debian-edu-winbind -- System Information: Debian Release: 6.0 Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages debian-edu-config depends on: ii base-files 6.0 Debian base system miscellaneous f ii bind9-host [host]1:9.7.2.dfsg.P3-1.1 Version of 'host' bundled with BIN ii cfengine22.2.10-2Tool for configuring and maintaini ii debconf [debconf-2.0 1.5.36.1Debian configuration management sy ii debconf-utils1.5.36.1debconf utilities ii debian-edu-artwork 0.0.32-2Debian Edu themes and artwork ii desktop-profiles 1.4.15+nmu1 framework for setting up desktop p ii discover 2.1.2-5 hardware identification system ii education-tasks 0.852~svn72130 Debian Edu tasks for tasksel ii fping2.4b2-to-ipv6-16.1 sends ICMP ECHO_REQUEST packets to ii host 1:9.7.2.dfsg.P3-1.1 Transitional package ii ldap-utils 2.4.23-7OpenLDAP utilities ii libconfig-inifiles-p 2.52-1 Read .ini-style configuration file ii libfilesys-df-perl 0.92-3+b1 Module to obtain filesystem disk s ii libhtml-fromtext-per 2.05-5.1Mark up text as HTML ii libio-socket-ssl-per 1.33-1+squeeze1 Perl module implementing object or ii libjavascript-perl 1.16-3 module for executing embedded Java ii libnet-ldap-perl 1:0.4001-2 client interface to LDAP servers ii libnet-netmask-perl 1.9015-4parse, manipulate and lookup IP ne ii libterm-readkey-perl 2.30-4 A perl module for simple terminal ii libtext-unaccent-per 1.08-1+b1 provides functions to remove accen ii lsb-base 3.2-23.2squeeze1Linux Standard Base 3.2 init scrip ii mime-support 3.48-1 MIME files 'mime.types' & 'mailcap ii net-tools1.60-23 The NET-3 networking toolkit ii ng-utils 0.7-1 Tool to access netgroups from the ii openssl 0.9.8o-4Secure Socket Layer (SSL) binary a ii patch2.6-2 Apply a diff file to an original ii python-notify0.1.1-2+b2 Python bindings for libnotify ii ssl-cert 1.0.28 simple debconf wrapper for OpenSSL ii tftp 0.17-18 Trivial file transfer protocol cli Versions of packages debian-edu-config recommends: ii ddccontrol 0.4.2-6 a program to control monitor param ii libnotify-bin 0.5.0-2 sends desktop notifications to a n ii lsof 4.81.dfsg.1-1 List open files ii memtest86+ 4.10-1.1 thorough real-mode memory tester ii resolvconf 1.46 name server information handler ii syslinux 2:4.02+dfsg-7 collection of boot loaders Versions of packages debian-edu-config suggests: ii atftpd 0.7.dfsg-9.1 advanced TFTP server -- debconf information: debian-edu-config/kdc-password: (password omitted) debian-edu-config/kdc-password-again: (password omitted) * debian-edu-config/update-hostname: false debian-edu-config/enable-nat: false debian-edu-config/kdc-password-empty: debian-edu-config/kdc-password-mismatch: -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110213160141.88085m0mbw5cy...@mail.das-netzwerkteam.de
on releasing Debian Edu Squeeze in 6.0.1, 2 or 3? or 4? or 2012?
Hi, during the Debian Edu meeting in Zweibrücken in Rheinland-Pfalz we obviously also talked about the upcoming Debian Edu Squeeze release. The consenus was, that it should happen rather soon. No new features should be added anymore, instead we should try to release in March or April (2011). If we keep the changes to the debian-edu, debian-edu-config and debian-edu-install sources packages, I believe the Debian stable release managers would accept those into squeeze and we can release as part of a Debian pointrelease. Those point releases will be versioned as 6.0.1, 6.0.2, 6.0.3, etc., just like in Lenny. 6.0.1 is scheduled to be released in a month. I think it would be overly optimistic to assume we will manage to release with 6.0.1, but 6.0.2 or 6.0.3 should entirely be possible, if we restrict our changes (compared to whats in squeeze-test now) to the minimum. The input from the developers and users at the Zweibrücken meeting IME was that this was very desirable. Wheezy (the successor of Debian Squeeze) is scheduled to be released in less than 24 months, and for the last three releases Debian managed to release a little quicker (!) than once every two years, so I'm quite confident this will happen. And in 2012 I would rather see us develop for Wheezy than still struggling with releasing our Squeeze! To say it more positivly: at the moment, we (and Debian too) gained momentum and I would love to keep that! As you probably noticed I went through a lot of bugs http://bugs.skolelinux.org and categorized them like for the last two releases: prio 1 = urgent problem, needs to be fixed now prio 2 = must be fixed for the release prio 3 = normal severity prio 4 = minor issue prio 5 = enhancement / wishlist From what I know from that and from http://wiki.debian.org/DebianEdu/Status/Squeeze there are 4 big problems still to solve: #602863 [debian-edu-config] manage dhcp+dns with gosa #602859 [debian-edu-config] (gosa) netgroup support #606016 [debian-edu] indexing takes a minute using all CPU and creates 100mb data and: updating the documentation for squeeze. If you know about more issues (with whatever severity), PLEASE do file bugs. It might be that we'll only be able to fix them for Wheezy, but the earlier those are reported the better. I'd also prefer if bugs would be filed in the Debian BTS, as it's better integrated into several workflows and tracking systems. So, let's squeze now! cheers, Holger signature.asc Description: This is a digitally signed message part.
Bug#602863: from bind9 to powerdns and back to bind9
El dom, 13-02-2011 a las 12:45 +0100, Holger Levsen escribió: > Hi, > > during the Debian Edu meeting here in Zweibrücken we discussed #602863 and > how > to solve it. I've asked about 15 people what they'd think about us previously > using bind9 (until and including etch), then moving to powerdns (in lenny) > and then switching back to bind9 in squeeze. Everybody except two people were > _enthusiastic_ about the idea, one person wanted to stay neutral and one > neither liked bind9 nor powerdns (and suggested dnsmasq which appearantly > also has ldap support). > > So we decided to switch back to bind9 to solve #602863. > > And we still seek feedback and comments on this! > Obviously, you're free to do it. From my point of view, these are not good news. In the future, in our schools we're not going to switch back to use bind9 and will keep the current setup with pdns. Having all the infraestructure and information stored in ldap is very safe when you have several thousands of ltsp servers and don't want to manually modify configuration files whenever a new server is placed or moved. More things are in ldap, less things we have to touch. #602863 is not important for us. Our servers still remain in lenny and our plans to move to squeeze (or wheeze) include the development of a lwat replacement. We need to develop it to fit our needs as we have to create accounts massively every beginning of the course using as source an external application where our ministry manages all the educational data for every citizen. So, neither gosa, cipux or lwat can fulfill our needs, and a custom development is the only solution I can see. So, as we all use Debian and can touch everything, don't take this as a negative vote. We can do all the changes we need to adjust the installation to our setup. Currently we change some things, and in the future more changes will be needed, including removal of the debian-edu-config package. Fortunately, our release cycle for the school servers setup is more than two years, so we have time to adapt our setups. Regards. > This was done in svn for the debian-edu and debian-edu-config packages in > r72928-72930: > > * Switch from pdns to bind and ldap2zone. This enables management of > hosts with GOsa and has been done to enable further testing. Obviously > it could be reverted and needs to be agreed on. Also needs > documentation if kept for the release. Add debian/TODO.Squeeze. > > debian/TODO.Squeeze is kept in debian-edu-config and reads: > > * cf.pdns for pdns has been kept for easier reverting back to pdns. > Or is this useful for users of pdns too (luis)? > There were also thoughts about an install option (like gnome instead of kde) > though this aint that easy probably, as it also involves the ldap ui... > * Some extra attributes (objectClass: domainRelatedObject i.e. > associateddomain) in gosa-server.ldif have also been kept, they > probably conflict with making additions/changes in GOsa and need to > be removed if we want to keep bind. > > Currently it seems we have broken the main server installation with this, we > are working on fixing this, but due to traveling and the work week starting > tomorrow this might take a few days. Stay tuned :-) > > > cheers, > Holger signature.asc Description: Esta parte del mensaje está firmada digitalmente
Bug#602863: from bind9 to powerdns and back to bind9
[José L. Redrejo Rodríguez] > Obviously, you're free to do it. From my point of view, these are > not good news. In the future, in our schools we're not going to > switch back to use bind9 and will keep the current setup with pdns. > Having all the infraestructure and information stored in ldap is > very safe when you have several thousands of ltsp servers and don't > want to manually modify configuration files whenever a new server is > placed or moved. More things are in ldap, less things we have to > touch. Note that DNS info will still be in LDAP, also with bind9. But the LDAP schema used is differet with bind9 than with powerdns. The LDAP info is transfered to bind9 config files using the ldap2zone package. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110213160900.gj9...@login1.uio.no
Bug#602863: from bind9 to powerdns and back to bind9
El dom, 13-02-2011 a las 17:09 +0100, Petter Reinholdtsen escribió: > [José L. Redrejo Rodríguez] > > Obviously, you're free to do it. From my point of view, these are > > not good news. In the future, in our schools we're not going to > > switch back to use bind9 and will keep the current setup with pdns. > > Having all the infraestructure and information stored in ldap is > > very safe when you have several thousands of ltsp servers and don't > > want to manually modify configuration files whenever a new server is > > placed or moved. More things are in ldap, less things we have to > > touch. > > Note that DNS info will still be in LDAP, also with bind9. But the > LDAP schema used is differet with bind9 than with powerdns. The LDAP > info is transfered to bind9 config files using the ldap2zone package. > Sorry I haven't had time enouth to even take a look to these changes. Will ldap2zone remove previous zones in a bind configuration. I.E. not installing a new server, but moving it from a classroom to another or from a school to another, will it remove previous configs and create new ones? Anyway, at the end of it, I don't see any benefit from going back to bind9 and having to change the configurations again, and having to train the technical stuff again... If the change is due only to an admin tool, and not because the dns solution is better, I can't see a reason to change, as I can not use that admin tool. > Happy hacking, signature.asc Description: Esta parte del mensaje está firmada digitalmente
Bug#613214: use libpam-krb5 for uidNumbers greater than 10000 only (as opposed to the default > 1000)
[Mike Gabriel] > For integration of Kerberos5 libpam-krb5 needs to be tweaked in a > way that it will only apply krb5 pam rules to uidNumbers greater > than 1 (presuming that LDAP users on the Tjener start with > 1). Why? UIDs >= 1000 are supposed to be in LDAP, while the range from 500 to 1000 are supposed to be local users. So for me, the current default in libpapm-krb5 seem correct. Btw, it might be an alternative to use sssd instead of libpam-krb5. Vennlig hilsen, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110213173102.gk9...@login1.uio.no
Bug#613214: use libpam-krb5 for uidNumbers greater than 10000 only (as opposed to the default > 1000)
Hi Per, On So 13 Feb 2011 18:31:02 CET Petter Reinholdtsen wrote: [Mike Gabriel] For integration of Kerberos5 libpam-krb5 needs to be tweaked in a way that it will only apply krb5 pam rules to uidNumbers greater than 1 (presuming that LDAP users on the Tjener start with 1). Why? UIDs >= 1000 are supposed to be in LDAP, while the range from 500 to 1000 are supposed to be local users. So for me, the current default in libpapm-krb5 seem correct. My DebianEdu squeeze (which was a DVD snapshot install from today - 20110213) adds local users starting with uidNumber=1000. Thus, user creation in LDAP and in /etc/passwd start off with the same uidNumber. I recommend setting the first LDAP uidNumber to a higher value (like 1 or so). Btw, it might be an alternative to use sssd instead of libpam-krb5. This is another topic, but thanks for the hint. I / we will take a look... Thanks and greets from post-Zweibrücken... Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpDAAiYveeEz.pgp Description: Digitale PGP-Unterschrift
Bug#613214: use libpam-krb5 for uidNumbers greater than 10000 only (as opposed to the default > 1000)
[Mike Gabriel] > My DebianEdu squeeze (which was a DVD snapshot install from today - > 20110213) adds local users starting with uidNumber=1000. > > Thus, user creation in LDAP and in /etc/passwd start off with the > same uidNumber. I recommend setting the first LDAP uidNumber to a > higher value (like 1 or so). Then I suspect you are doing it wrong. If you want a local user, you need to add --uid 500 or so to adduser. :) If you want adduser to create local users by default, ie with uids in the 500-1000 range, you should probably edit /etc/adduser.conf to change its behaviour. These are the relevant settings: # FIRST_[GU]ID to LAST_[GU]ID inclusive is the range of UIDs of dynamically # allocated user accounts/groups. FIRST_UID=1000 LAST_UID=2 FIRST_GID=1000 LAST_GID=2 Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110213184721.gl9...@login1.uio.no
Bug#613214: use libpam-krb5 for uidNumbers greater than 10000 only (as opposed to the default > 1000)
Hi Petter, On So 13 Feb 2011 19:47:21 CET Petter Reinholdtsen wrote: [Mike Gabriel] My DebianEdu squeeze (which was a DVD snapshot install from today - 20110213) adds local users starting with uidNumber=1000. Thus, user creation in LDAP and in /etc/passwd start off with the same uidNumber. I recommend setting the first LDAP uidNumber to a higher value (like 1 or so). Then I suspect you are doing it wrong. If you want a local user, you need to add --uid 500 or so to adduser. :) Wrong is a matter of context here. I just use the Debian defaults and they uidNumbers>=1000 for /etc/passwd... Skolelinux-LDAP should not conflict with the Debian squeeze default, shouldn't it? If you want adduser to create local users by default, ie with uids in the 500-1000 range, you should probably edit /etc/adduser.conf to change its behaviour. These are the relevant settings: Please decide what you prefer (modify adduser defaults or modify LDAP uidNumber range) and file a bug for either of the needed changes. I would prefer the higher LDAP uidNumber range, but I cannot foresee the consequences. Thanks, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgppoKGwFvXaY.pgp Description: Digitale PGP-Unterschrift
Bug#613214: use libpam-krb5 for uidNumbers greater than 10000 only (as opposed to the default > 1000)
[Mike Gabriel] > Wrong is a matter of context here. Well, I would claim it is more a question of expectations. You seem to expect something not guaranteed by adduser. > I just use the Debian defaults and they uidNumbers>=1000 for > /etc/passwd... Skolelinux-LDAP should not conflict with the Debian > squeeze default, shouldn't it? As far as I can tell, it isn't in conflict, and everything is working as documented. The 500-1000 range is for local users, while 1000-> is for global users. For Skolelinux, these users are in LDAP, and adduser should not be used without any extra arguments (or changed configuration) to create local users. In fact, I would recommend against creating local users at all on machines with users in LDAP. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110213191639.gm9...@login1.uio.no
Need in Extremadura for LDAP admin interface
On Sun, Feb 13, 2011 at 04:17:44PM +0100, José L. Redrejo Rodríguez wrote: Our servers still remain in lenny and our plans to move to squeeze (or wheeze) include the development of a lwat replacement. We need to develop it to fit our needs as we have to create accounts massively every beginning of the course using as source an external application where our ministry manages all the educational data for every citizen. So, neither gosa, cipux or lwat can fulfill our needs, and a custom development is the only solution I can see. Could you elaborate some more on your needs for LDAP admin interface? Sounds like you could benefit from a scriptable interface to a select subset of the Skolelinux objects - and I suspect CipUX is an ideal tool for this, either as currently shipped with Squeeze (even if not suitable for all Skolelinux needs) or maybe with some tuning (I am sure Christian Kuelker will like to figure out if that is little or much work. Therefore: Please do describe in more detail what it is you need in Extremadura - to inspire those working on CipUX, GoSA or other LDAP tools, to help tune inot such kind of large-deployment needs (and perhaps even offer solutions concretely!). Regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: Digital signature
Bug#613214: use libpam-krb5 for uidNumbers greater than 10000 only (as opposed to the default > 1000)
Hi Petter, On So 13 Feb 2011 20:16:39 CET Petter Reinholdtsen wrote: As far as I can tell, it isn't in conflict, and everything is working as documented. The 500-1000 range is for local users, while 1000-> is for global users. For Skolelinux, these users are in LDAP, and adduser should not be used without any extra arguments (or changed configuration) to create local users. In fact, I would recommend against creating local users at all on machines with users in LDAP. There are two system tools in Debian Edu that claim the same uidNumber range. That is indeed a conflict. So what we can do is: Option 1: Use LDAP in a way many others do (avoid the uidNumber range of the distros local user scripts like useradd, adduser etc. Option 2: Add one more hack into debian-edu-config for the adduser config that has to cross-referenced to #311188. Please close this bug, I will file another bug against the adduser<->LDAP uidNumber range conflict (as we are absolutely off-topic already here). Greets, Mike -- DAS-NETZWERKTEAM mike gabriel, dorfstr. 27, 24245 barmissen fon: +49 (4302) 281418, fax: +49 (4302) 281419 GnuPG Key ID 0xB588399B mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb pgpLDm5fAgqqp.pgp Description: Digitale PGP-Unterschrift
Re: Bug#602863: from bind9 to powerdns and back to bind9
Hi, On 02/13/2011 04:17 PM, José L. Redrejo Rodríguez wrote: [...] > #602863 is not important for us. Our servers still remain in lenny and > our plans to move to squeeze (or wheeze) include the development of a > lwat replacement. We need to develop it to fit our needs as we have to > create accounts massively every beginning of the course using as source > an external application where our ministry manages all the educational > data for every citizen. So, neither gosa, cipux or lwat can fulfill our > needs, and a custom development is the only solution I can see. Or you can tell the CipUX Team (for example on cipux-devel ore here ) what you need, and we will see if we can provide it. [...] Kind Regards Christian -- To UNSUBSCRIBE, email to debian-edu-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/4d584dfe.7080...@cipworx.org
Bug#602863: from bind9 to powerdns and back to bind9
Hi, On Sonntag, 13. Februar 2011, José L. Redrejo Rodríguez wrote: > Having all the infraestructure and information stored in ldap is very > safe when you have several thousands of ltsp servers and don't want to > manually modify configuration files whenever a new server is placed or > moved. More things are in ldap, less things we have to touch. we'll keep having dns+dhcp information in ldap, we'll be using ldap2zone to write out the bind configuration into files. this is done by an cronjob running hourly and can also be triggered manually by running ldap2bind. > So, as we all use Debian and can touch everything, don't take this as a > negative vote. We can do all the changes we need to adjust the > installation to our setup. thanks for this clarification! (and your general understanding/acceptiveness!) > Currently we change some things, and in the future more changes will be > needed, including removal of the debian-edu-config package. No, that shouldn't be needed. We just changed the recommends from "pdns" to "bind9 | pnds" so if your packages depend on pdns, all is good. cheers, Holger signature.asc Description: This is a digitally signed message part.
