[debian-lan-devel] Installation report

Wed May 1 21:25:10 UTC 2013

Good evening,

This is my first installation report of a production environment for
debian-lan :)

There was one major issue and a few minor ones.

The only major one is network performances. This is not directly bound to
debian-lan, but it's architecture makes it highly network dependent.
With a poor-man's network (100mb), old cables, old computers, the overall
reactivity of the desktop is quickly impacted. There are high variation of
reactivity and the cause is not yet identified. I just can say that it's
not the server which is nearly idle.
Tomorrow, I will be able to check if it's better since the installation of
some non-free network firmwares. Some tcpdump might help locate the cause.

On the minor ones:
- when I create the LOGUSER for fai, I'm requested to input Kerberos
credential, which I don't have. Seems that local users need to be created
before debian-lan installation. Otherwise, these users need to be within
ldap. I searched a bit but didn't found the best solution to apply.
- one failure with a disk-less client (not yet investigated)
- one failure with a workstation where grub was not successfully installed
(not yet investigated)
- some packages need to be added for French environment (this will be
included in a separate config file)
- shorewall needs a bunch of rules to make the whole thing work. This will
be posted too and included in a config file.
- Squid was bypassed. This might need a configuration change to support
TPROXY and work along with shorewall. Testing tomorrow.
- installation of flashplugin-nonfree needs a bypass for the proxy. This
will be tested tomorrow following information from wiki.debian.org.
- printing issues related to the network printer. Might need lsb-printing
package to support the provided drivers.
- adding samba machines, not yet ok. But disk and printer sharing is OK.
- need a read-only user into ldap for some authentication needs like
printer connection, authentication from windows (home edition) with
pgina,...
- added support for openvpn but this should be better integrated into ldap.
- added fail2ban, just in case. I'll latter improve the shorewall config.
- I added a dirvish config for backups upon insertion of an external
usb-hdd. If someone needs it, I will post.
- baddly need the educlient/eduroaming packages. This is my next target for
the coming days.

And, for my own education. I didn't tested the password expiration yet.
What should happen when password is about to expire (provided the warning
is enabled in Gosa) and is the user able to change it form its workstation
or needs to connect onto Gosa?

All in all, this was quite a success!

Julien
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/debian-lan-devel/attachments/20130501/b2fd6da4/attachment.html>