[debian-lan-devel] Wheezy semi-successful convert

Julien Lambot jlambot at gmail.com
Wed Feb 27 21:31:51 UTC 2013 

Hi Andy,
Thanks for your fast answer !
Glad to have started testing Debian-Lan.
I was heager to start using it.


 GOsa is not implemented in the Squeeze setup.  I decided to do that
> only for Wheezy, as it will hopefully be released soon.
>

OK, no issue as Wheezy will soon be the stable release. And indeed, it's
not in the Squeeze repo.
Although, we will unfortunately use a 2.7 version. The latest seems
promising.

>
> > Then, I tried the wheezy CD image but it got problems to get the network
> > connection though the network card was recognized. (I wont be able to
> check
> > this further because it now runs, and I want to get it in production
> asap -
> > Challenge started)
>
> (I should probably update the CD image to the latest version in git ...)
>

Tell me if I can help. I can also host some files if it helps.


> > I finally installed wheezy and made a conversion.
> >
> > As is, I can say NFS, KDC are not OK yet. This will be checked right
> > now.
>
> OK, looking forward for the reasons/problems ...
>

Here is the content of
/var/log/fai/mainserver/softupdate-20130227_130645/error.log

fai.log:/usr/bin/fai-class: WARNING. Following classes are defined multiple
times:       2 DEBIAN
fai.log:  404  Not Found [IP: 77.243.184.65 80]
fai.log:W: Failed to fetch
http://http.debian.net/debian-backports/dists/wheezy-backports/main/binary-amd64/Packages
404  Not Found [IP: 77.243.184.65 80]
fai.log:E: Some index files failed to download. They have been ignored, or
old ones used instead.
fai.log:The following packages have unmet dependencies:
fai.log:Warning: The home dir /var/run/nslcd/ you specified can't be
accessed: No such file or directory
fai.log:! Warning: you may need to reload your webservice!
fai.log:E: Some index files failed to download. They have been ignored, or
old ones used instead.

This one seems to explain the passwd problem for the various services. I
don't remember that it has been asked (I didn't recorded the session...)
fai.log:KDC_LDAP/10-slapd-KDC FAILED with exit code 127.
fai.log:KDC_LDAP/10-slapd-KDC FAILED with exit code 127.
shell.log:ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
shell.log:./KDC_LDAP/10-slapd-KDC: line 68: dialog: command not found
shell.log:./KDC_LDAP/10-slapd-KDC: line 71: dialog: command not found
shell.log:KDC_LDAP/10-slapd-KDC FAILED with exit code 127.
shell.log:ln: failed to create symbolic link `//media/cdrom/cdrom0': File
exists
shell.log:mv: cannot stat `//etc/icinga/objects/localhost_icinga.cfg': No
such file or directory
shell.log:ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
shell.log:./KDC_LDAP/10-slapd-KDC: line 68: dialog: command not found
shell.log:./KDC_LDAP/10-slapd-KDC: line 71: dialog: command not found
shell.log:KDC_LDAP/10-slapd-KDC FAILED with exit code 127.
status.log:KDC_LDAP/10-slapd-KDC FAILED with exit code 127.
status.log:KDC_LDAP/10-slapd-KDC FAILED with exit code 127.

>
> > I will also need to integrate:
> > - samba because of windows clients.
> > - ddclient (or alike) because of ... well, budget considerations.
> > - ldaps
> >
>
> OK, samba is a good point. LDAP is kerberized via GSSAPI and uses TLS
> already, so no need to use ldaps.
>

Right, I saw afterward that it was configured with TLS. That's fine!
Though, having recently made a setup of openldap/tls/samba, I saw the
config of openldap was a bit changed. It now uses ldif.
Are you interested in defining the configuration following this method?
Config space in ldap DB will become the new standard (I read that in
wiki.debian.org somewhere)
If yes, I will collect the config files I used and look at your scripts.


> > The only question I have right now is, what is the default gosa's admin
> > password?
>
> You should have been asked for a password for 'admin' during
> installation.  Use 'admin' and that password for login into GOsa.
>

unfortunately not, or I missed it.


>
> > There is one in /root/installation/LDAPadminPWD but it is not accepted.
> > Pardon me if I missed the information somewhere.
>
> This is the password of the LDAP admin, try:
>
>      ldapvi -ZZ -D cn=admin,dc=intern -w `cat
> /root/installation/LDAPadminPWD`
>
> It is used for the ldapscripts i.e. the debian-lan command and GOsa's
> internal access to LDAP.  Usually you should not need it (anymore), an
> anything should be done with the admin password and kerberos (except
> GOsa login, where no Kerberos is used (but the same password)).
>

I will try that.
Otherwise, is it possible to launch the scripts again manually from the
"converted" server or do I need to reinstall from scratch?

Thereby, I suppose that if I change mainserver.intern to whatever.domain, I
will need to adapt the whole ldap config and directory accordingly?

I hope they are useful.  Please report all problems, that's pretty
> appreciated!  I might live in my filter bubble already, so it's great
> to have some input from someone else.
>

They are !
I will do. As I told you, I'm very interested in the project and will do my
best to help out.

>
> Best regards,
>
>      Andi
>


Greetings
Julien
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/debian-lan-devel/attachments/20130227/9965b57f/attachment.html>

More information about the debian-lan-devel mailing list