[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: sarge-pr01: pam-ldap problems

RalfGesellensetter wrote:

Hi there,
today, we tested the workstation profile of debian-edu-sarge-pr01. As counterpart, we used two different main server/tjenerer (venus 1.0r1 and debian-edu-sarge-pr00).
As there is (still) no version entry for sarge-pr01 in bugzilla, I'll state our problems right here.
Everything went well with installation - but KDM only allows local login. We flicked through several conf files - and noticed that these where not configured to work with HOST ldap / dn=skole etc: 

/etc/pam_ldap.conf
/etc/ldap.conf
/etc/libnss-ldap.conf (?).
Copying those from our venus server (which is Sarge indeed) didn't fix the problem, TLS can't established an encrypted connection to ldap it seems.
There are 3 different ways the config files ar fixed on a debian-edu installation. 
 1. if the package uses debconf for configuration, we try to preseed the
    config using debconf (preferred way?)
 2. if there is smaller adjustment, we try to use cfengine to fix
    things during installation. (done with kdmrc, and a lot of other
    files)
 3. we create some config files in advance, and during installation
   (using cfengine) we symlink them so they will be used instead of the
    original ones:
     ln -s pam_ldap-debian.edu.conf /etc/pam_ldap.conf
If cfengine is used, there shoudl be a backup of the original in /var/backups/cfengine/
Normally, if cfengine fails to run, this should be detected, and reported during installation. I'm not sure if this will be detected on a woody install either, but it clearly fails on a sarge installation. if it fails, the changes in /etc/cfengine/debian-edu is not done, and it should be possible to do this changes by hand. The best thign would of course be to: 
 1. make sure nothing ever failed (we wont get there)
 2. Make sure we detect every failure (hopefully we will get here)
 3. Make sure errors detected is reported (this needs to work)
Any hints for fixing would be welcome - on the other hand, I will add some information on our testings later, although we seemed having reached a dead end. For time reasons (the workstation has to get productive soon) I might switch to good ole bzzware...
take a look in /var/log/base-config.log especially around the line of cfengine. Start searching for "GNU", I think it's the 3. occurence of that line
Try to find out what fails, and if you find it, then check if things are fixed in the lates version from cvs/subversion. you might also try to fetch the lates debian-edu-config from the apt-source and rerun 
 cfengine-debian-edu
this hsould fix most problems it cfengine wasn't running during installation. Or you might try the daily built image, I think it should be working now. 

--
Finn-Arne Johansen
faj@bzz.no
http://bzz.no/
Reply to: