Re: sarge-pr01: pam-ldap problems
RalfGesellensetter wrote:
Hi there,
today, we tested the workstation profile of debian-edu-sarge-pr01. As
counterpart, we used two different main server/tjenerer (venus 1.0r1
and debian-edu-sarge-pr00).
As there is (still) no version entry for sarge-pr01 in bugzilla, I'll
state our problems right here.
Everything went well with installation - but KDM only allows local
login. We flicked through several conf files - and noticed that these
where not configured to work with HOST ldap / dn=skole etc:
/etc/pam_ldap.conf
/etc/ldap.conf
/etc/libnss-ldap.conf (?).
Copying those from our venus server (which is Sarge indeed) didn't fix
the problem, TLS can't established an encrypted connection to ldap it
seems.
There are 3 different ways the config files ar fixed on a debian-edu
installation.
1. if the package uses debconf for configuration, we try to preseed the
config using debconf (preferred way?)
2. if there is smaller adjustment, we try to use cfengine to fix
things during installation. (done with kdmrc, and a lot of other
files)
3. we create some config files in advance, and during installation
(using cfengine) we symlink them so they will be used instead of the
original ones:
ln -s pam_ldap-debian.edu.conf /etc/pam_ldap.conf
If cfengine is used, there shoudl be a backup of the original in
/var/backups/cfengine/
Normally, if cfengine fails to run, this should be detected, and
reported during installation. I'm not sure if this will be detected on a
woody install either, but it clearly fails on a sarge installation.
if it fails, the changes in /etc/cfengine/debian-edu is not done, and it
should be possible to do this changes by hand. The best thign would of
course be to:
1. make sure nothing ever failed (we wont get there)
2. Make sure we detect every failure (hopefully we will get here)
3. Make sure errors detected is reported (this needs to work)
Any hints for fixing would be welcome - on the other hand, I will add
some information on our testings later, although we seemed having
reached a dead end. For time reasons (the workstation has to get
productive soon) I might switch to good ole bzzware...
take a look in /var/log/base-config.log especially around the line of
cfengine. Start searching for "GNU", I think it's the 3. occurence of
that line
Try to find out what fails, and if you find it, then check if things are
fixed in the lates version from cvs/subversion. you might also try to
fetch the lates debian-edu-config from the apt-source and rerun
cfengine-debian-edu
this hsould fix most problems it cfengine wasn't running during
installation. Or you might try the daily built image, I think it should
be working now.
--
Finn-Arne Johansen
faj@bzz.no
http://bzz.no/
Reply to: