Re: Thoughts on roaming laptop setup for Debian Edu

To: debian-edu@lists.debian.org
Subject: Re: Thoughts on roaming laptop setup for Debian Edu
From: Veli-Matti Lintu <veli-matti.lintu@opinsys.fi>
Date: Wed, 28 Apr 2010 23:03:17 +0300
Message-id: <[🔎] 1272484997.2643.6344.camel@vm-lucid>
In-reply-to: <[🔎] 2flhbmvto3p.fsf@login2.uio.no>
References: <[🔎] 2flhbmvto3p.fsf@login2.uio.no>

ke, 2010-04-28 kello 20:43 +0200, Petter Reinholdtsen kirjoitti:
> For some years now, I have wondered how we should handle laptops in
> Debian Edu. The Debian Edu infrastructure is mostly designed to handle
> stationary computers, and less suited for computers that come and go.
> 
> Now I finally believe I have an sensible idea on how to adjust Debian
> Edu for laptops, by introducing a new profile for them, for example
> called Roaming Workstations. Here are my thought on this. The setup
> would consist of the following:

Hi,

I'm not using Debian Edu myself, but I've been dealing with the same
issues on Ubuntu/Edubuntu in schools where laptops are shared between
pupils and wlan is used for network connection.

We have ldap/kerberos infrastructure in place and we wanted to use
either ldap or kerberos authentication for laptops too. At first we
tried using pam-ccreds and libnss-db/updatedb, but for some reason we
never got it stable. It could be that missing network connection would
sometimes break authentication even if user had authenticated before and
sometimes it would work perfectly. Debugging the modules didn't reveal
the problem, so we tried something else.

Next we did https based authentication where a script run from pam would
contact https server with user's credentials and transfer user and group
information if authentication succeeded. This worked nicely and as a
bonus no firewall seemed to stop it.

Next we discovered sssd that was written as part of FreeIPA project by
Fedora. sssd is packaged in Ubuntu, but seems to be missing from Debian.
It loads user information from ldap and authenticates the user against
ldap or kerberos. Once the information is on the laptop, it works in
offline mode also. So far it's been working really nicely, so I can
recommend this solution.

For file synchronisation we've been using Unison and besides
localisation and UI issues it's been working nicely. CUPS printer
information broadcasting to local network works also with little
configuration. Users see the available printers automatically and they
disappear if the network goes down.

There's more information about sssd on shared laptops in our blog:
http://www.opinsys.fi/en/user-management-with-sssd-on-shared-laptops

sssd homepage: https://fedorahosted.org/sssd/

I'm just a happy user and not involved in sssd's development or Ubuntu
packaging.

I hope this helps!

Veli-Matti

Reply to:

References:
- Thoughts on roaming laptop setup for Debian Edu
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Re: Thoughts on roaming laptop setup for Debian Edu
Next by Date: On Thoughts on roaming laptop setup for Debian Edu
Previous by thread: Re: Thoughts on roaming laptop setup for Debian Edu
Next by thread: Re: Thoughts on roaming laptop setup for Debian Edu
Index(es):
- Date
- Thread