Accepted debian-edu-config 1.448 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Date: Sat, 21 Jan 2012 20:31:28 +0100
Binary: debian-edu-config debian-edu-config-gosa-netgroups
Architecture: source all
Maintainer: Debian Edu Developers <email@example.com>
Changed-By: Petter Reinholdtsen <firstname.lastname@example.org>
debian-edu-config - Configuration files for Skolelinux systems
debian-edu-config-gosa-netgroups - netgroups plugin for GOsa²
Closes: 653912 655516 656752
debian-edu-config (1.448) unstable; urgency=low
[ Petter Reinholdtsen ]
* Add forgotten script /usr/share/debian-edu-config/tools/pxe-
add firmware to the binary package. Make script more robust.
Thanks to Wolfgang Schweer for discovering the problems and
* Move the code inserted by cfengine into the network-manager
dispatcher.d hook into its own file, to avoid upgrade problem.
The code is used to update the hostname from DNS. Add code in
postinst to remove the now obsolete conffile
/etc/cfengine/debian-edu/cf.network-manager during upgrades.
* Move pre-pkgsel and finish-install code to adjust tasksel and set
up network from debian-edu-install to debian-edu-config, to make
it easier to change the network configuration, avoid problems with
updating the PXE installation and bringing all related
configuration into the debian-edu-config package. Add breaks
debian-edu-install (<< 1.521) to ensure a new version of the
debian-edu-install package is used.
* Make sure finish-install script do not exit too early if the
entropy gathering job has exited early.
* Change default gateway from 10.0.2.1 to 10.0.0.1 and update
DNS A and PTR records to reflect this.
* Add GOsa netdevices object for the default gateway to make it
easier to change its DNS entry from GOsa.
* Enable our menu overrides on standalone installations by adding
MENUREORDER=true in /etc/debian-edu/config.
* Extend the dynamic DHCP range on the thin client network from 200-
253 to 20-243, to handle more thin clients without any
* Remove redundant and non-changable loopbacknet ipNetwork from
LDAP. It is already in /etc/network, and hardwired in the
* Add empty directory /etc/skel/.local/share in package as a
workaround for kdelibs bug #655243.
* Get rid of hardcoded IP addresses in CUPS configuration. Use @LOCAL
instead of 10.0.0.0/8 and tjener instead of 10.0.2.2, to make it
easier to change IP setup.
* Extend the dynamic DHCP range on the backbone network from
10.0.2.100-10.0.3.242 to 10.0.16.20-10.0.31.254 (aka 10.0.16.0/20),
to handle more clients without any changes to the configuration.
This allow around 4k clients to get IP addresses out of the box.
* Add new netgroup cups-queue-autoreenable-hosts used to re-enable
stopped CUPS print queues every hour for the members of that
group. Uses new tool cups-queue-autoreenable. Make tjener a
member by default.
* Add new netgroup cups-queue-autoflush-hosts used to get CUPS
servers to flush the queue every night. Uses new tool
cups-queue-autoflush to call 'cancel -a'. Enable this on the
Main-server by default.
* Purge network-manager in the LTSP chroot, now that bug
#592479 is fixed.
* Updated sitesummary2ldapdhcp:
- Use the new LDAP subtree for DHCP objects. Report error and
continue when failing to create DHCP object. Teach it to create
GOsa server objects for new hosts.
- Adjust it to search for its LDAP administrator objects instead
of hardcoding the DN, and allow any admin user to be used.
- Change it to only update by default, and to add new server
objects when -a is used.
* Add nb translation for the gosa-netgroups module.
* Network blocking / exam mode:
- Rewrite debian-edu-update-netblock to set new rules using
iptables-restore to do this as an atomic operation to get it
working on LTSP clients.
- Add netgroup netblock-hosts in LDAP to list machines that should
activate the network blocking and file group nonetblk used by
debian-edu-update-netblock to exclude selected users from
- Add cron job to consult LDAP every 5 minutes to see if network
blocking should be enabled or not.
- Add /sbin to PATH in debian-edu-update-netblock to get the
script working from cron.
- Allow system users nslcd, openldap, xrdp, www-data, avahi,
dovecot, statd and daemon full Internet access also when network
blocking is in effect, to make sure system services keep working
as they should.
* Add --previous to msgmerge call in www/Makefile to keep previous
strings when updating tranlations. Patch from David Prévot.
* Rewrite build rule for the welcome page to use po4a
(Closes: #655516). Patch from David Prévot.
* Remove obsolete script /usr/share/debian-edu-config/tools/ldap-users.pl.
* Make sure all sambaSIDs are bootstrapped using $SAMBASID and fix
typo causing duplicate sambaSid.
* Add backup testsuite test to detect bug #626884.
* Remove closing of file descriptors when starting bind from
ldap-debian-edu-install which was introduced to try to solve the
problem before we understood the entropy hang.
* Adjust www/index.html.en to become valid XHTML. Patch from
* Migrate 'localadmin' user from /etc/passwd to the first LDAP user.
Make first LDAP user a member of the teachers group to enable the
KDE menu overrides. If user-setup-udeb ask for information on the
first user on the Main-Server installs, use this information when
setting it up the first LDAP user instead of using 'localadmin' as
* Add new pwdchange.desktop KDE menu option for networked profiles
to make it easier for users to figure out where to change the
password (Closes: #653912). Include many translations for the
password changing menu entry using patch from Wolfgang Schweer.
* Add workaround for #656309 in libpam-krb5 by replacing
/usr/share/pam-configs/krb5 with our own version, to get passwd
and all tools using it to change the kerberos password. Using PAM
to change the password do not change the LDAP and Samba passwords,
and should in general be avoided. Call 'pam-auth-update
--package' after updating /usr/share/pam-configs/ to activate the
* Remove the ldap-auth group intended to force users to authenticate
using Kerberos. It is not used yet, and probably can't be used
for its intended purpose for Squeeze as GOsa uses LDAP bind to
* Remove now obsolete traces of super-admin user.
[ Mike Gabriel ]
* Additionally to the README.unused-ldifs file all LDAP bootstrap files
that are not used in D-E squeeze anymore are marked as obsolete in their
* Remove obsolete ldif files (files not LDAP-bootstrapped anymore on main
server installation) during package upgrades.
* Add global GOsa² ACL to LDAP's BaseDN that disables
to manipulate gotoMode, userPassword and faiState via
GOsa². Consequences: (a) The Mode and the Actions drop-down
menus become inactive (read-only) for server systems. (b) Setting
of root accounts on server's gets disabled. (c) FAI is not in use
on a D-E network by default. All three functionalities
are broken with the D-E version of GOsa² (2.6.11), so it is better
to disable those options.
* A host within a netgroup should always be represented by two
nisNetgroupTriple values, one for (<hostname>,,), one for
(<fqdn>,,), as different netgroup clients handle these differently.
The GOsa² netgroups plugin also supports this. Fixing this for the
netgroups in LDAP bootstrap.
* Add main-server (aka tjener) to fsautoresize-hosts netgroup during
LDAP bootstrap to enable automatic LVM file system resizing by
* Set minimum password length to 5 characters (GOsa², Kerberos via
policy). For Samba the default is 5, libpam-krb5 also uses 5 by
* Replace super-admin DN by administrative group DN gosa-admins.
Add initial user to this gosa-admins group.
* Add Kerberos policy ,,hosts'' on main server installation.
* Add gosa-create-host script as possible post-create hook for
GOsa² system creation (not activated in GOsa² yet).
* Translation updates:
- Updates for Italian debconf templates from Claudio Carboncini.
- Updates for French web page from David Prévot.
- Updates for Russian web page from Yuri Kozlov (Closes: #656752).
be4f27b3c20ed1729d338c018b0033c07ccb4bf4 1447 debian-edu-config_1.448.dsc
4835cbe78413ed6fe7d63da8295d37f10030ece2 492738 debian-edu-config_1.448.tar.gz
7d7d1eb2a785901bcae4053662f192ca84ed1475 381242 debian-edu-config_1.448_all.deb
cf62174fa5f6048c16482a834ba41293ddac8dc8 109180 debian-edu-config-gosa-netgroups_1.448_all.deb
6dfc38ab449b3efed917614cda257acf209e8aadc05bb64a17a60272eec974d4 1447 debian-edu-config_1.448.dsc
0283eb9175ae98a2acd4116132cc38b2b6c07a5e9fb726693a80551a8d92632a 492738 debian-edu-config_1.448.tar.gz
492cad00306f1e21dff61dbee333b905569247bd21eb7733b08557a73bf61141 381242 debian-edu-config_1.448_all.deb
eaa7f45707fdac27d7b6b7e1be33f1542f3044598e7b1090648c353a1fc9a0f9 109180 debian-edu-config-gosa-netgroups_1.448_all.deb
85c3388216ffb8528549ebfa631109f8 1447 misc extra debian-edu-config_1.448.dsc
592947589813cd81f72c743ba3f35a5a 492738 misc extra debian-edu-config_1.448.tar.gz
778e379660e8c6c1b7aaace3cedc01a8 381242 misc extra debian-edu-config_1.448_all.deb
9854ed08db59e2f32c9f81a36fe1198c 109180 misc extra debian-edu-config-gosa-netgroups_1.448_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----