[debian-lan-devel] Softupdate wheezy

Julien Lambot jlambot at gmail.com
Fri Apr 19 15:11:19 UTC 2013 

Hi list

Following to my softupdate (and dumb cp error) I continued the setup.
Everything was OK until the workstation01 has been successfully deployed (I
skipped workstation00)

The client didn't resolved the mainserver's IP and I had the following
error in the logs
rpc.gssd ERROR unable to resolve 10.10.12.10 to hostname
(I changed the SERVER_A ip to suit my network's needs)
It has been worked around by modifying client's /etc/hosts file with
10.10.12.10 mainserver.intern

Then, the logon worked. Though, the session closes automatically and I
don't find anything relevant in the logs. Some errors are well found
underneath but as I don't get the whole authentication process yet, it's
quite difficult to trace the right cause. Is the pan_gnome_keyring a
mandatory module?

- NTP seems OK on both mainserver and workstation01
- ssh login on workstation01 with test user is ok
- krb preauth is not ok (but I'm new to this topic) though, reverse lookup
is fine.
- test user is well known within kerberos
e.g.: kadmin -p admin -q "list_principals"
returns:
 trober at INTERN )
- test user's home dir is not created (user made from Gosa "default user"
template. When logging in by ssh, home path is ok /srv/nfsv4/home0/trober,
but directory "disappear"
- user created without Gosa template - same issue (logon ok, but session
closes immediately)
- user created with debian-lan adduser - ibid.

The whole configuration looks very promising and I'm interested in
integrating samba afterwards, so I really want it to run seamlessly!
Thanks for all the work Andy.



auth.log:

Apr 19 16:30:11 workstation01 lightdm: pam_krb5(lightdm:auth): user trober
authenticated as trober at INTERN
Apr 19 16:30:11 workstation01 lightdm: pam_unix(lightdm:session): session
closed for user lightdm
Apr 19 16:30:11 workstation01 lightdm: pam_unix(lightdm:session): session
opened for user trober by (uid=0)
Apr 19 16:30:11 workstation01 gnome-keyring-daemon[5039]: couldn't create
socket directory: No such file or directory
Apr 19 16:30:11 workstation01 gnome-keyring-daemon[5039]: couldn't bind to
control socket: /lan/mainserver/home0/trober/.cache/keyring-SAbqan/control:
No such file or directory
Apr 19 16:30:11 workstation01 lightdm: pam_unix(lightdm:session): session
opened for user lightdm by (uid=0)
Apr 19 16:30:12 workstation01 dbus[2201]: [system] Rejected send message, 2
matched rules; type="method_call", sender=":1.39" (uid=106 pid=5077
comm="/usr/sbin/lightdm-gtk-greeter ")
interface="org.freedesktop.DBus.Properties" member="GetAll" error
name="(unset)" requested_reply="0" destination=":1.4" (uid=0 pid=2762
comm="/usr/sbin/console-kit-daemon --no-daemon ")

kdc.log

Apr 19 16:30:10 mainserver krb5kdc[3195](info): AS_REQ (4 etypes {18 17 16
23}) 10.10.12.51: NEEDED_PREAUTH: trober at INTERN for krbtgt/INTERN at INTERN,
Additional pre-authentication required
Apr 19 16:30:10 mainserver krb5kdc[3195](info): AS_REQ (4 etypes {18 17 16
23}) 10.10.12.51: ISSUE: authtime 1366381810, etypes {rep=18 tkt=18
ses=18}, trober at INTERN for krbtgt/INTERN at INTERN
Apr 19 16:30:10 mainserver krb5kdc[3195](info): TGS_REQ (4 etypes {18 17 16
23}) 10.10.12.51: ISSUE: authtime 1366381810, etypes {rep=18 tkt=18
ses=18}, trober at INTERN for host/workstation01.intern at INTERN

daemon.log
Apr 19 16:38:24 mainserver nslcd[3164]: [efd79f]
<passwd="nfs/workstation01.intern"> request denied by validnames option

kern.log
Apr 19 16:19:32 mainserver kernel: [ 1629.454832] sha1_ssse3: Using AVX
optimized SHA-1 implementation
Apr 19 16:19:32 workstation01 kernel: [  167.952990] sha1_ssse3: Neither
AVX nor SSSE3 is available/usable.


Thanks for any advice and sorry to bother list with that.

Julien


On Thu, Apr 18, 2013 at 11:49 PM, Julien Lambot <jlambot at gmail.com> wrote:

> Well
> Sorry
> Retested once again and no issue. I can't figure out why it failed before
> Please ignore my previous comment.
>
> Regards
>
>
> On Thu, Apr 18, 2013 at 11:21 PM, Julien Lambot <jlambot at gmail.com> wrote:
>
>> Hi Andi
>> >
>>
>>>  > mkdir /srv/fai/cd /tmp/git clone
>>>
>>> > git://git.debian.org/git/collab-maint/debian-lan
>>> > cp -r /tmp/debian-lan/fai/ /srv/fai/
>>>
>>
>> Just re-tested and it was only missing a trailing slash after "config"
>>
>> cp -r /tmp/debian-lan/fai/config/ /srv/fai/
>>
>> e.g.:
>> root at mainserver:/tmp# ls -l /srv/fai/
>> total 4
>> drwxr-xr-x 10 root root 4096 Apr 18 23:08 config
>>
>>
>> Hm, strange, it seems to work fine here.  What is the difference when
>>> using the recipe in the wiki compared to your approach?
>>>
>>>
>>> Here is an example when following the wiki:
>>
>> root at mainserver:/tmp# cp -r /tmp/debian-lan/fai /srv/fai/
>> root at mainserver:/tmp# ls /srv/fai/
>> fai
>>
>> Now, it's ok.
>>
>> Regards
>>
>> Julien
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/debian-lan-devel/attachments/20130419/09966154/attachment.html>

More information about the debian-lan-devel mailing list