[debian-edu-commits] r80234 - in trunk/src/eduroaming: debian etc etc/ldap etc/sssd
gfwp-guest at alioth.debian.org
gfwp-guest at alioth.debian.org
Mon May 27 18:33:20 UTC 2013
Author: gfwp-guest
Date: 2013-05-27 18:33:20 +0000 (Mon, 27 May 2013)
New Revision: 80234
Modified:
trunk/src/eduroaming/debian/README.Debian
trunk/src/eduroaming/debian/changelog
trunk/src/eduroaming/debian/control
trunk/src/eduroaming/debian/postinst
trunk/src/eduroaming/etc/krb5.conf
trunk/src/eduroaming/etc/ldap/ldap.conf
trunk/src/eduroaming/etc/nsswitch.conf
trunk/src/eduroaming/etc/sssd/sssd.conf
Log:
Preliminar eduroaming 0.2-1
Modified: trunk/src/eduroaming/debian/README.Debian
===================================================================
--- trunk/src/eduroaming/debian/README.Debian 2013-05-27 10:30:57 UTC (rev 80233)
+++ trunk/src/eduroaming/debian/README.Debian 2013-05-27 18:33:20 UTC (rev 80234)
@@ -21,28 +21,20 @@
OS DEPENDANT NOTES:
Debian Wheezy / Sid:
- At the moment not working. Waiting for upstream sssd fix.
+ At the moment not tested.
Debian Squeeze
- Not tested, of course. Pick DebianEdu workstation instead !
+ Not tested.
Ubuntu 10.04
- Works very fine. Missing libraries to manually
- install from mirror.fiber.net: libpam-mklocaluser_0.6_all.deb and
- libpam-python_0.1.1-2_amd64.deb PRIOR to installation. I got them
- from mirror.fiber.net
+ Not tested.
-Ubuntu 11.04
- At the moment not working. Waiting for upstream sssd fix.
+Ubuntu 12.04
+ Not tested, yet.
-Ubuntu 11.10
- Works out of the box. For best results replace lightdm with gdm login
- manager. Lightdm hangs during very first login at userdir creation, gdm
- complains once and then works. Try also kdm at your taste.
-
-Ubuntu 12.04 (daily build, 11 march 2012)
- Not working. Waiting for upstream sssd fix. Tried sssd 1.8.0-0ubuntu1 and
- also 1.8.0~beta3 (compiled from source). No success either.
+Ubuntu 13.04
+ Working. Needs libpam-mklocaluser >= 0.8 (to be installed manually).
+ Lightdm for login not working. Choose gdm or kdm.
Feel free to test with other OS, like Ubuntu 10.10, Knoppix, Mint, or
whatever. In such a case, PLEASE, give a feedback in the debian-edu
Modified: trunk/src/eduroaming/debian/changelog
===================================================================
--- trunk/src/eduroaming/debian/changelog 2013-05-27 10:30:57 UTC (rev 80233)
+++ trunk/src/eduroaming/debian/changelog 2013-05-27 18:33:20 UTC (rev 80234)
@@ -1,5 +1,12 @@
eduroaming (0.2-1) UNRELEASED; urgency=low
+ * [ Giorgio Pioda ]
+ * Refresh of all the config files according to wheezy and
+ control of their file attributes
+ * Added display manager dependance gdm or kdm and conflict
+ with lightdm
+ * Added dependance against libpam-mklocaluser (>= 0.8)
+ (manual fix prior to installation required)
* [ Petter Reinholdtsen ]
* Remove LDAP shema and SSL certificate script files, that are only
useful on the LDAP server.
Modified: trunk/src/eduroaming/debian/control
===================================================================
--- trunk/src/eduroaming/debian/control 2013-05-27 10:30:57 UTC (rev 80233)
+++ trunk/src/eduroaming/debian/control 2013-05-27 18:33:20 UTC (rev 80234)
@@ -11,7 +11,7 @@
Package: eduroaming
Architecture: all
-Pre-Depends: libnet-dns-perl, libnet-ldap-perl, libterm-readkey-perl, libpam-mklocaluser, libpam-cracklib, libpam-python, libpam-sss, libpam-tmpdir, krb5-clients, krb5-config, krb5-user, ldap-utils, libnss-ldapd, sudo-ldap, libpam-ldapd, nslcd, libnss-sss
+Pre-Depends: libnet-dns-perl, libnet-ldap-perl, libterm-readkey-perl, libpam-mklocaluser (>= 0.8), libpam-cracklib, libpam-python, libpam-sss, libpam-tmpdir, krb5-clients, krb5-config, krb5-user, ldap-utils, libnss-ldapd, sudo-ldap, nslcd, libnss-sss, gdm | kdm
Description: Config. to roaming bind Debian and Ubuntu to Edubuntu Mainserver.
This script provides a quick connection of a fresh installed Debian
or Ubuntu OS as roaming workstation to a DebianEdu mainserver.
Modified: trunk/src/eduroaming/debian/postinst
===================================================================
--- trunk/src/eduroaming/debian/postinst 2013-05-27 10:30:57 UTC (rev 80233)
+++ trunk/src/eduroaming/debian/postinst 2013-05-27 18:33:20 UTC (rev 80234)
@@ -32,6 +32,7 @@
else
cp -f /usr/share/eduroaming/$i /$i
echo "cp /usr/share/eduroaming/$i /$i"
+ chmod 0600 /$i
fi
done
@@ -41,6 +42,7 @@
rm -r /etc/sssd/sssd.api.d
fi
+
#Fetch the ldap cert immediately to avoid double reboot and put SysV and Upstart in order
if [ -e /sbin/start ]; then
Modified: trunk/src/eduroaming/etc/krb5.conf
===================================================================
--- trunk/src/eduroaming/etc/krb5.conf 2013-05-27 10:30:57 UTC (rev 80233)
+++ trunk/src/eduroaming/etc/krb5.conf 2013-05-27 18:33:20 UTC (rev 80234)
@@ -1,7 +1,7 @@
[libdefaults]
dns_lookup_realm = true
dns_lookup_kdc = true
- default_realm = INTERN
+# default_realm = INTERN
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
@@ -90,11 +90,10 @@
admin_server = kerberos.doomcom.org
}
ANDREW.CMU.EDU = {
- kdc = vice28.fs.andrew.cmu.edu
- kdc = vice2.fs.andrew.cmu.edu
- kdc = vice11.fs.andrew.cmu.edu
- kdc = vice12.fs.andrew.cmu.edu
- admin_server = vice28.fs.andrew.cmu.edu
+ kdc = kerberos.andrew.cmu.edu
+ kdc = kerberos2.andrew.cmu.edu
+ kdc = kerberos3.andrew.cmu.edu
+ admin_server = kerberos.andrew.cmu.edu
default_domain = andrew.cmu.edu
}
CS.CMU.EDU = {
@@ -103,9 +102,9 @@
admin_server = kerberos.cs.cmu.edu
}
DEMENTIA.ORG = {
- kdc = kerberos.dementia.org
- kdc = kerberos2.dementia.org
- admin_server = kerberos.dementia.org
+ kdc = kerberos.dementix.org
+ kdc = kerberos2.dementix.org
+ admin_server = kerberos.dementix.org
}
stanford.edu = {
kdc = krb5auth1.stanford.edu
@@ -115,6 +114,13 @@
admin_server = krb5-admin.stanford.edu
default_domain = stanford.edu
}
+ UTORONTO.CA = {
+ kdc = kerberos1.utoronto.ca
+ kdc = kerberos2.utoronto.ca
+ kdc = kerberos3.utoronto.ca
+ admin_server = kerberos1.utoronto.ca
+ default_domain = utoronto.ca
+ }
[domain_realm]
.mit.edu = ATHENA.MIT.EDU
@@ -127,6 +133,8 @@
whoi.edu = ATHENA.MIT.EDU
.stanford.edu = stanford.edu
.slac.stanford.edu = SLAC.STANFORD.EDU
+ .toronto.edu = UTORONTO.CA
+ .utoronto.ca = UTORONTO.CA
[login]
krb4_convert = true
Modified: trunk/src/eduroaming/etc/ldap/ldap.conf
===================================================================
--- trunk/src/eduroaming/etc/ldap/ldap.conf 2013-05-27 10:30:57 UTC (rev 80233)
+++ trunk/src/eduroaming/etc/ldap/ldap.conf 2013-05-27 18:33:20 UTC (rev 80234)
@@ -11,6 +11,10 @@
#SIZELIMIT 12
#TIMELIMIT 15
#DEREF never
+
+# TLS certificates (needed for GnuTLS)
+TLS_CACERT /etc/ssl/certs/ca-certificates.crt
+
HOST ldap
sudoers_base ou=sudoers,dc=skole,dc=skolelinux,dc=no
BASE dc=skole,dc=skolelinux,dc=no
Modified: trunk/src/eduroaming/etc/nsswitch.conf
===================================================================
--- trunk/src/eduroaming/etc/nsswitch.conf 2013-05-27 10:30:57 UTC (rev 80233)
+++ trunk/src/eduroaming/etc/nsswitch.conf 2013-05-27 18:33:20 UTC (rev 80234)
@@ -1,11 +1,20 @@
+# /etc/nsswitch.conf
+#
+# Example configuration of GNU Name Service Switch functionality.
+# If you have the `glibc-doc-reference' and `info' packages installed, try:
+# `info libc "Name Service Switch"' for information about this file.
+
passwd: files sss
group: files sss
shadow: files sss
-hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
+
+hosts: files myhostname mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files ldap
-protocols: files
-services: files
-ethers: files
-rpc: files
-netgroup: files sss ldap
+
+protocols: db files
+services: db files
+ethers: db files
+rpc: db files
+
+netgroup: files sss
sudoers: files ldap
Modified: trunk/src/eduroaming/etc/sssd/sssd.conf
===================================================================
--- trunk/src/eduroaming/etc/sssd/sssd.conf 2013-05-27 10:30:57 UTC (rev 80233)
+++ trunk/src/eduroaming/etc/sssd/sssd.conf 2013-05-27 18:33:20 UTC (rev 80234)
@@ -24,8 +24,7 @@
ldap_uri = ldap://ldap
ldap_search_base = dc=skole,dc=skolelinux,dc=no
-; FIXME reqcert should be enabled when we figure out a way to get it working
-ldap_tls_reqcert = never
+ldap_tls_reqcert = demand
ldap_tls_cacert = /etc/ssl/certs/ca-certificates.crt
krb5_kdcip = kerberos
More information about the debian-edu-commits
mailing list