[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Current errors detected for Main-server+Workstation in Debian Edu/Squeeze

The automatic test of the installation in Debian Edu is very good to
have to detect problems with the system.  It run on the first boot in
test installations (installs using a *-test repository), and try to
ensure that all services and setup is as it should be.

I've added heaps of more tests to detect the problems I have found
during my work on the Squeeze version, and been able to fix some of
them.  But some remains, and I am sure there are also heaps of
undetected problems yet to find. :)

Anyway, to give you an idea of the errors currently detected, and ask
for help, here is the output from 'grep error:
/var/log/installer/debian-edu-install-testsute':

  error: ./cups: URL 'https://www:631/' is not working.
  error: ./cups: URL 'https://localhost:631/' is not working.
  error: ./ldap-client: Not only one PAM module of krb5, ldap and sss is enabled
  error: ./ldap-client: LDAP cert checking turned off in /etc/ldap/ldap.conf
  error: ./ldap-client: LDAP cert checking turned off in /etc/nslcd.conf
  error: ./taskpkgs: Package jackd in task education-workstation is not installed!

The cups issues is some SSL certificate problem.  Both firefox and
wget refuses to visit the https entry point.

The first ldap-client issue is caused by nslcd, and can either be
fixed by changing nslcd, adding code to our installer to purge
libpam-ldapd during installation or by switching to libnss-sss
(require sssd to get support for netgroups - expected to show up in
30-60 days).

The two certificate problems with LDAP are just symptoms, and not the
real problem.  The real problem is that neither ldapsearch nor nslcd
is able to do certificate checking with the self signed certificate
with have given the LDAP server.  Because of this, certificate
checking is turned off, but we really should find a way to turn it on
again to ensure the clients talk to the correct LDAP server.

The last problem is caused by the jackd transition going in progress,
but can also be said to be caused by tasksel using aptitude and not
apt-get to install packages, as apt-get is able to install jackd1 to
fulfill the jackd dependency, while aptitude refuses to install jackd
at all.  I hope the jackd transition is finished soon, as people are
working actively to fix the remaining issues.

Anyway, would be nice if someone have time to look at the SSL/TLS
issues with cups and slapd, and see if we can get encryption working.

I got one suggestion to use the gnutls tools to generate the
certificate instead of the openssl tools we use at the moment, but
have not investigated how to do that nor if it work.

Happy hacking,
-- 
Petter Reinholdtsen
Reply to: