Bug#638285: marked as done (INTERN realm missing in realms stanza (krb5.conf) on diskless clients)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Fri, 23 Dec 2011 21:32:13 +0000
with message-id <E1ReCir-0008Qb-FK@franck.debian.org>
and subject line Bug#638285: fixed in debian-edu-config 1.446
has caused the Debian Bug report #638285,
regarding INTERN realm missing in realms stanza (krb5.conf) on diskless clients
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
638285: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=638285
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: INTERN realm missing in realms stanza (krb5.conf) on diskless clients
• From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
• Date: Thu, 18 Aug 2011 11:08:42 +0200
• Message-id: <20110818110842.445731sbd0qqp4t6@mail.das-netzwerkteam.de>

Package: debian-edu-config
Version: SVN-r73854
Severity: normal


This issue relates to #629049.

Testing the beta1-release candidate showed that diskless workstation are missing the [realms] stanza for the INTERN realm in krb5.conf on diskless workstations.

Here is a diff though I am not sure, where to commit that to take an effect on the LTSP setup:

--- /etc/krb5.conf.orig 2011-08-18 11:01:43.525054941 +0200
+++ /etc/krb5.conf      2011-08-18 10:24:39.000000000 +0200
@@ -38,6 +38,10 @@
        fcc-mit-ticketflags = true

 [realms]
+        INTERN = {
+                kdc = kerberos.intern:88
+                admin_server = kerberos.intern
+       }
        ATHENA.MIT.EDU = {
                kdc = kerberos.mit.edu:88
                kdc = kerberos-1.mit.edu:88


Greets,
Mike

--

DAS-NETZWERKTEAM
mike gabriel, dorfstr. 27, 24245 barmissen
fon: +49 (4302) 281418, fax: +49 (4302) 281419

GnuPG Key ID 0xB588399B
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb

Attachment: pgpr1C5uVnMaM.pgp
Description: Digitale PGP-Unterschrift

--- End Message ---

--- Begin Message ---

• To: 638285-close@bugs.debian.org
• Subject: Bug#638285: fixed in debian-edu-config 1.446
• From: Holger Levsen <holger@debian.org>
• Date: Fri, 23 Dec 2011 21:32:13 +0000
• Message-id: <E1ReCir-0008Qb-FK@franck.debian.org>

Source: debian-edu-config
Source-Version: 1.446

We believe that the bug you reported is fixed in the latest version of
debian-edu-config, which is due to be installed in the Debian FTP archive:

debian-edu-config-gosa-netgroups_1.446_all.deb
  to main/d/debian-edu-config/debian-edu-config-gosa-netgroups_1.446_all.deb
debian-edu-config_1.446.dsc
  to main/d/debian-edu-config/debian-edu-config_1.446.dsc
debian-edu-config_1.446.tar.gz
  to main/d/debian-edu-config/debian-edu-config_1.446.tar.gz
debian-edu-config_1.446_all.deb
  to main/d/debian-edu-config/debian-edu-config_1.446_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 638285@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Holger Levsen <holger@debian.org> (supplier of updated debian-edu-config package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 23 Dec 2011 18:13:10 +0100
Source: debian-edu-config
Binary: debian-edu-config debian-edu-config-gosa-netgroups
Architecture: source all
Version: 1.446
Distribution: unstable
Urgency: low
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Changed-By: Holger Levsen <holger@debian.org>
Description: 
 debian-edu-config - Configuration files for Skolelinux systems
 debian-edu-config-gosa-netgroups - netgroups plugin for GOsa²
Closes: 602859 605245 606088 606108 610841 617368 617384 617726 621800 629040 629043 629049 629060 629062 629347 629626 630970 631357 638274 638275 638285 638434 652535
Changes: 
 debian-edu-config (1.446) unstable; urgency=low
 .
   * Release of thirty-nine prereleases done in Debian Edu to Debian sid,
     aimed at Debian squeeze. See below for exact list of changes.
 .
   * debian-edu-config (1.446~svn74353) squeeze-test; urgency=low
 .
   [ Petter Reinholdtsen ]
   * Change approach to increase entropy in
     /usr/share/debian-edu-config/d-i/finish-install to trigger
     disk IO instead of trying to increase the entropy amount by
     adding to /dev/urandom.
   * Reintroduce file descriptor closing when starting bind9, as
     it seem to solve part of the problem.
 .
   * debian-edu-config (1.446~svn74336) squeeze-test; urgency=low
 .
   [ Petter Reinholdtsen ]
   * Undo change to close file descriptor 3 when starting bind9.
     It did not really address the problem, which is running out
     of entropy during installation.
   * Add code in /usr/share/debian-edu-config/d-i/finish-install
     to try to add more entropy when running low.
 .
   * debian-edu-config (1.446~svn74325) squeeze-test; urgency=low
 .
   [ Petter Reinholdtsen ]
   * Disable browser.safebrowsing.malware.enabled and
     browser.safebrowsing.enabled in Iceweasel, to avoid excessive I/O
     on the home directory server when several users log in.
     (Closes: #652535)
   * Make sure to close file descriptor 3 when starting bind9 from the
     installer, to avoid hanging the installer while waiting for it to
     close.
 .
   * debian-edu-config (1.446~svn74311) squeeze-test; urgency=low
 .
   [ Petter Reinholdtsen ]
   * Add new LDAP index for uniqueMember attribute in
     slapd-squeeze_debian-edu.conf, to ensure libnss-ldapd searches are
     processed quickly and syslog do not will up with heaps of messages
     stating "<= bdb_equality_candidates: (uniqueMember) not indexed".
   * Extend testsuite/ldap-server to include a simple stress test
     ensuring that the LDAP server work also with more than 1024 LDAP
     connections open.  Should ensure that problem discovered with
     Debian Edu/Lenny do not resurface.
 .
   * debian-edu-config (1.446~svn74227) squeeze-test; urgency=low
 .
   [ Mike Gabriel ]
   * Prepare LTSP rwbind on diskless workstations for /var/log/ntpstats
     (addresses #638287), currently commented out because of RAM consumption
     on diskless workstations.
   * Provide LTSP rwbind on diskless workstations for /var/lib/alsa. Silence
     an error report on diskless workstation shutdown.
 .
   [ Andreas B. Mundt ]
   * Fix regex in gosa-remove: A username may contain dots.
 .
   * debian-edu-config (1.446~svn74195) squeeze-test; urgency=low
 .
   [ Holger Levsen ]
   * Makefile: deploy cf.pxeinstall too.
 .
   * debian-edu-config (1.446~svn74178) squeeze-test; urgency=low
 .
   [ Holger Levsen ]
   * ldap-tools/mkslapdcert: make more robust.
   * cf/cf.adduser and cf.dhcpserver: don't run sbin/debian-edu-pxeinstall
     anymore, instead add a new script cf/cf.pxeinstall for this
     purpose. (Closes: #630970)
   * If this still doesn't make the hanging at the end of debian-edu-profile
     finish-install go away, I suggest to try with /dev/urandom, to be set in
     slapd-cert.cnf.
 .
   * debian-edu-config (1.446~svn74165) squeeze-test; urgency=low
 .
   [ Holger Levsen ]
   * ldap-tools/mkslapdcert: invoke /etc/init.d/urandom start of
     /var/lib/urandom/random-seed doesn't exist.
 .
   * debian-edu-config (1.446~svn74129) squeeze-test; urgency=low
 .
   [ Holger Levsen ]
   * ldap-tools/mkslapdcert: try harder to fix #630970, grep in more
     directories.
 .
   * debian-edu-config (1.446~svn74128) squeeze-test; urgency=low
 .
   [ Mike Gabriel ]
   * ldap2bind command during LDAP bootstrap (installation) has to
     run as user ,,bind''.
   * Fix for SVN r74090, saving of roaming profiles.
   * Assure that all Samba related config files are included in d-e-c package,
     esp. adding Win7+Samba related patches and cmd scripts.
 .
   * debian-edu-config (1.446~svn74106) squeeze-test; urgency=low
 .
   [ Mike Gabriel ]
   * Add cf.krb5client to Makefile.
 .
   * debian-edu-config (1.446~svn74095) squeeze-test; urgency=low
 .
   [ Mike Gabriel ]
   * Fix saving of roaming profiles for Windows XP.
   * Disable UAC on Windows 7 systems by default.
   * Samba netlogon: fix for 1stlogon.bat script plus filename
     fix for IE proxy registry patch.
 .
   * debian-edu-config (1.446~svn74072) squeeze-test; urgency=low
 .
   [ Holger Levsen ]
   * cupsd-debian-edu.conf: allow printing from 10.0.0.0/8.
   * ldap-bootstrap/dhcp.ldif and ipnetworks.ldif: updated for using
     10.0.0.0/8.
   * cf/cf.syslog and cf.ltsp: updated for using 10.0.0.0/8.
   * /etc/cfengine/cfservd.conf: updated for using 10.0.0.0/8.
   * tools/subnet-change: updated to use 10.0.0.0/8.
 .
   [ Mike Gabriel ]
   * Suppress dovecot warning message that appears on daemon start
     if IMAP login has not happened so far.
   * Disable IPv6 for Samba on Skolelinux systems (clients+server).
   * LDAP-bootstrap: Add _kerberos TXT record for default realm INTERN,
     add _kerberos-master SRV record and _kerberos-adm SRV record. Cfengine:
     Manipulate krb5.conf file on all networked systems, setting dns_lookup_kdc
     and dns_lookup_realm to true. (Closes: #629062, #638285)
   * Initial sync of DNS information from LDAP to bind9 config during LDAP
     bootstrap.
   * Provide registry patchset and some helper scripts (.bat) that facilitate
     Windows 7 (or Windows 2008 Server) joining to the SKOLELINUX Samba domain.
   * Handle removal of conffiles (init scripts: update-hostname, open-backdoor,
     resize_lvm) in preinst _and_ postinst.
   * Make 1stlogon.bat script (Samba netlogon share) functional for WinXP and
     Win7.
 .
   * debian-edu-config (1.446~svn74028) squeeze-test; urgency=low
 .
   [ Mike Gabriel ]
   * Disabled debugging option (set -x) in mkslapdcert.
   * Add php.ini (PHP5) for Debian Edu server.
   * Tweak php.ini for GOsa² mass imports (raise execution and input time,
     memory limit, closes: #638434).
   * Work around libnss caching problems and script error handling in Samba.
 .
   * debian-edu-config (1.446~svn74012) squeeze-test; urgency=low
 .
   [ Mike Gabriel ]
   * Update dnsd testsuite to reflect changes in SVN-r73890 (Kerberos
     using _udp, not _tcp).
   * Add missing expression ,,passwd'' after nscd -i in add machine script
     option of smb.conf.
   * Moved (Samba-related) groups and GOsa² templates from gosa.ldif to
     samba.ldif.
   * GOsa²-netgroups: Hide GOsa² user templates from objects that are shown
     available for netgroup membership.
   * GOsa²-netgroups: Allow netgroup membership for gosaTerminal objects.
 .
   * debian-edu-config (1.446~svn73998) squeeze-test; urgency=low
 .
   [ Mike Gabriel ]
   * Set Samba Administrator password (LMHASH/NTHASH) during LDAP bootstrap.
   * Provide DNS service during bootstrap of Samba LDAP objects, fetch
     LDAP certificate before creating the Samba domain in LDAP.
 .
   * debian-edu-config (1.446~svn73987) squeeze-test; urgency=low
 .
   [ Mike Gabriel ]
   * cn=smbadmin needs write access on the sambaDomainName=SKOLELINUX object.
   * Fix for chicken-and-egg problem during LDAP/Samba bootstrap.
   * Move cn=smbadmin creation to root.ldif.
   * Hide several (more) Samba specific groups from GOsa² (i.e. from the GOsa²
     administrators)
   * Assure that password for cn=smbadmin gets set properly during
     first part of LDAP bootstrap (i.e. when root.ldif is processed).
   * Set givenName: GOsa² and sn: System Administrator for uid=super-admin.
   * Add dhcp options default-lease-time and max-lease-time to global DHCP
     options (closes: #638274).
   * Explicitly allow smbd access from ,,localhost''.
   * Fix for failing ,,net getlocalsid'' command after LDAP bootstrap.
   * Enforce usage LDAP BaseDN as ldap computer suffix in smb.conf.
   * Enforce search mask in smbldap-tool for LDAP groups to BaseDN.
   * Add default OU for GOsa² winstations to LDAP bootstrap.
   * Invalidate nscd passwd cache immediately after calling
     Samba's add machine script, also make sure we raise no
     exception when running the add machine script.
   * Make ldap-debian-edu-install work when run during
     installation.
   * Allow a little pause between creation of the basic Samba
     machine object and the actual domain joining.
 .
   * debian-edu-config (1.446~svn73951) squeeze-test; urgency=low
 .
   [ Daniel Hess ]
   * Revert Samba's config file back to a state usable without Kerberos.
     - Accessing shares like user's home directory already works again.
     - Joining Windows hosts to the Skolelinux domain still does not work
       and needs further work on the smbaddclient.pl script.
 .
   [ Mike Gabriel ]
   * Update Gosa netgroups, pulled in from:
     https://oss.gonicus.de/repositories/gosa-contrib/netgroups/trunk
     (closes: #629060, #629347).
   * Fix for gosa-remove script: the part in which the script searches for
     purgable homes does now search with -maxdepth 1 which speeds up user
     removal tremendously on systems with many many homes.
   * Removal of home dirs: do not chown root:root the whole later-to-be-remove
     home dir tree, only chown root:root for home dir basefolder to block
     access (closes: #629347).
   * GOsa-netgroups: Fix missing LDAP description field when viewing
     netgroups of a system.
   * GOsa-netgroups: Allow winstations to have netgroups, fix for gosa.conf
     and plugin code.
   * GOsa-netgroups: Samba machine accounts have a trailing '$' sign, handle
     these when enumerating netgroup members.
   * Update of smb.conf, preparing for NT4 domain controller support on
     Debian Edu main server.
   * Add Samba helper script smbldap-machineadd-gosa, derived from
     smbldap-useradd script. Adding smbldap-tools as dependency for
     debian-edu-config.
   * Provide smbldap-tools config for smbldap-machineadd-gosa script.
   * Add smbldap-machineadd-gosa script to package.
   * Update LDAP bootstrap for Samba related LDAP objects, add NIS netgroup
     for Windows workstations (common scenario is dual boot functionality:
     winstation and diskless workstation).
   * Fix for missing URI in passdb backend ldapsam (smb.conf).
   * SAMBA Domain Computers group has to be visible for GOsa².
   * Grant slightly wider permissions for cn=smbadmin to give the account
     the right to create Samba machine accounts in the SKOLELINUX domain.
   * Add sambaPrimaryGroupSID for uid=Administrator.
   * Add DHCP definitions for subnet01.intern (as there already is a
     subnet01.intern defined for DNS).
   * Rename backbone DHCP shared network to ,,intern''. Rename subnet00
     DHCP shared network to subnet00.intern, for subnet01 accordingly.
     This makes the DHCP name space very similar to the DNS naming
     conventions (closes: #638275).
   * Cosmetic rename of super-admin fullname.
   * Add sambaProfilePath and sambaLogonScript defaults to GOsa² account
     templates (i.e. for NewTeacher and NewStudent).
   * sambaRID fixes for groups ,,students'' and ,,teachers''.
   * Giving examples for shared-teachers and shared-students shares, fixing
     minor typos in smb.conf.
   * Provide a completely new netlogon script infrastructure: on first
     domain logon, IE and Firefox get configured to use tjener's proxy
     and in firefox the SKOLELINUX www.intern home page is set as the
     default browser home page.
   * Add new netlogon scripts to debian-edu-config package (in Makefile).
   * Use direct path to LDAP cert in smbldap.conf instead of using a
     symlink.
   * Fix for smbldap.conf, correcting ou container for new SMB machines.
   * Replace $SAMBAPWD in smbldap_bind.conf during installation.
 .
   [ Petter Reinholdtsen ]
   * Correct the Vcs-Browser link in the control file to use the new paths.
 .
   [ Andreas B. Mundt ]
   * Use UDP SVR record instead of TCP for Kerberos.  By default, the KDC
     does not listen on any TCP ports.
 .
   [ Holger Levsen ]
   * share/debian-edu-config/d-i/finish-install: don't run "edu-etcvcs init"
     one more time, esp. not after already having committed.
   * Fix Makefile for Mike.
 .
   * debian-edu-config (1.446~svn73823) squeeze-test; urgency=low
 .
   [ Andreas B. Mundt ]
   * Fix code in sbin/debian-edu-pxeinstall and sbin/snakeoil-on-ice
     grabbing DNS from leases file.
 .
   * debian-edu-config (1.446~svn73805) squeeze-test; urgency=low
 .
   [ Andreas B. Mundt ]
   * Never leave /etc/hostname back empty.
   * Update tjener webpage logo.
   * Grab DNS from leases file in sbin/debian-edu-pxeinstall and
     sbin/snakeoil-on-ice if resolv.conf is missing.
   * Add code to trigger disk read/write to create some entropy when
     preparing the LDAP certificate. (to address #630970)
   * Fix machine ou in slapd.conf and smb-debian-edu-client.conf.
   * Add regular expression match for newer kernels' lvm-devices to
     sbin/debian-edu-fsautoresize.  Thanks Petter for the hint.  Really
     show percentage. (Closes: #631357).
 .
   * debian-edu-config (1.446~svn73734) squeeze-test; urgency=low
 .
   [ Andreas B. Mundt ]
   * Do not forget moving the systems' tab in /etc/gosa/gosa.conf.
   * Add FIXME concerning NFSv4 and Kerberos.
   * Try to use a temporay /etc/resolv.conf in snakeoil-on-ice and
     debian-edu-pxeinstall if /etc/resolv.conf is empty or missing.
 .
   [ Holger Levsen ]
   * cf/cf.kdm and testsuite: remove workarounds for #582568 as we don't rely
     on root logins into kde nor gnome anymore.
 .
   * debian-edu-config (1.446~svn73702) squeeze-test; urgency=low
 .
   [ Andreas B. Mundt ]
   * Fix error in cfengine rule.
 .
   * debian-edu-config (1.446~svn73693) squeeze-test; urgency=low
 .
   [ Andreas B. Mundt ]
   * Clear LDAP password from debconf database in finish-install.
   * Rearranging GOsa menu:  Move important stuff to the top of the list.
   * Modify cfengine rules to update /etc/hostname name from DHCP.
 .
   * debian-edu-config (1.446~svn73652) squeeze-test; urgency=low
 .
   [ Andreas B. Mundt ]
   * Add debconf templates for "ldap-password-again",
     "ldap-password-mismatch" and "ldap-password-empty".
   * Fetch ldap-password in the same manner as it already works for the
     kdc-password.
 .
   * debian-edu-config (1.446~svn73615) squeeze-test; urgency=low
 .
   [ Andreas B. Mundt ]
   * Remove code introduced to install GOsa for testing as it is installed
     by default now.
   * Send output from gosa-encrypt-passwords to /dev/null to not waste the
     log with useless messages.
 .
   [ Daniel Hess ]
   * Add debconf template for "debian-edu-config/ldap-password" which is
     never shown, but makes debconf complain anyway if not avaible.
 .
   * debian-edu-config (1.446~svn73556) squeeze-test; urgency=low
 .
   [ Andreas B. Mundt ]
   * Clean ldap-debian-edu-install a bit and make it more robust.
   * Revert modification in cf.ldapserver, script is run as root.
   * Make sure the data in a deleted user's home directory is only
     accessible to root.  (Closes: #629626).
 .
   [ Mike Gabriel ]
   * Update for smb.conf on Debian Edu main server. Needs more work
     around smbldap-tools support.
 .
   * debian-edu-config (1.446~svn73555) squeeze-test; urgency=low
 .
   [ Andreas B. Mundt ]
   * Revert modifications in gosa.conf as they do not accomplish the
     intended.
 .
   [ Mike Gabriel ]
   * Add NIS Netgroups tabs for systems (they were missing in the
     dh_install configuration file).
   * Drag in latest GOsa netgroups plugin code (r629) from
     https://oss.gonicus.de/repositories/gosa-contrib/netgroups/trunk
     (Closes: #629347).
 .
   * debian-edu-config (1.446~svn73536) squeeze-test; urgency=low
 .
   [ Andreas B. Mundt ]
   * Fix the username-generator in gosa.conf to allow editing the
     generated username.  (It must not generate several names to make
     strictNamingRules="false" work).
 .
   [ Daniel Hess ]
   * Remove 'ou=systems,dc=skole,dc=skolelinux,dc=no' definition from
     gosa.ldif and change the ou attribute in root.ldif to match the
     rename from machines to systems: This fixes a problem with the
     ldap bootstrap that breaks while adding the second
     'ou=systems,dc=skole,dc=skolelinux,dc=no' in gosa.ldif.
 .
   * debian-edu-config (1.446~svn73528) squeeze-test; urgency=low
 .
   [ Daniel Hess ]
   * Revert modifications from svn revision 73509 as they made things
     worse.
 .
   * debian-edu-config (1.446~svn73521) squeeze-test; urgency=low
 .
   [ Daniel Hess ]
   * Make sure that /var/lib/dovecot exists before trying to create a
     file there.
 .
   * debian-edu-config (1.446~svn73510) squeeze-test; urgency=low
 .
   [ Mike Gabriel ]
   * Silence dovecot's boot message before first IMAP login success
     (Closes: #629043).
 .
   [ Daniel Hess ]
   * Move debconf interaction from ldap-debian-edu-install into a
     separate script to test if interferences between the rest of
     ldap-debian-edu-install and debconf causes the "'finish-install'
     succeeded but requested to be left UN configured" problem with d-i.
 .
   * debian-edu-config (1.446~svn73486) squeeze-test; urgency=low
 .
   [ Holger Levsen ]
   * Remove depends on debian-edu-config-gosa-netgroups from
     debian-edu-config's depends. Only depend on it from the main-server task.
 .
   * debian-edu-config (1.446~svn73485) squeeze-test; urgency=low
 .
   [ Mike Gabriel ]
   * revert smb.conf on main server to security=DOMAIN (let
     Samba authenticate against LDAP again, not Kerberos)
   * disallow Samba root logins
   * disallow Samba anonymous logins
   * ou=machines is ou=systems when LDAP is used with GOsa²
 .
   * debian-edu-config (1.446~svn73463) squeeze-test; urgency=low
 .
   [ Holger Levsen ]
   * Remove our backdoor (which was poorly implemented and misnamed feature,
     see the buglog for details). (Closes: #629040)
 .
   [ Daniel Hess ]
   * Remove not working '019-kernel-selection' script.
 .
   * debian-edu-config (1.446~svn73449) squeeze-test; urgency=low
 .
   [ Mike Gabriel ]
   * Fix missing "]"s in debian-edu-pxeinstall.
   * Run ldap-debian-edu-install as root (from cfengine).
   * No network-manager tweaks on main server (tjener).
   * Drop a local ntp test from testsuite which has become obsolete.
   * Add README for unused .ldif files.
 .
   * debian-edu-config (1.446~svn73396) squeeze-test; urgency=low
 .
   [ Daniel Hess ]
   * Make 'debian-edu-config-gosa-netgroups' depend on 'gosa':
     Postinstall scripts calls update-gosa and fails if 'gosa'
     is not yet installed.
 .
   * debian-edu-config (1.446~svn73373) squeeze-test; urgency=low
 .
   [ Andreas B. Mundt ]
   * Modify gosa.conf to allow for editing the generated uid.
 .
   [ Daniel Hess ]
   * Add new variable 'ROOTPWDSSHAHASH' for ldap bootstraping:
     - Use the new ssha hash password in gosa.ldif for super-admin's
       userPassword: This should allow changing the password with gosa.
 .
   [ Mike Gabriel ]
   * Move NIS Netgroups further up in the GOsa² sidebar menu.
 .
   * debian-edu-config (1.446~svn73330) squeeze-test; urgency=low
 .
   [ Daniel Hess ]
   * HashComment redundant security.d.o entry before adding our own to
     sources.list. (via cf.apt)
 .
   [ Mike Gabriel ]
   * Use Debian's default NTP servers again for main server.
   * Use user Kerberos tickets for NFSv4 authentication/authorization on
     diskless workstations (Closes: #629049)
   * Beautify cf.adduser's Replace statements
   * cf.adduser: configure adduser.conf so that local users are now created
     with Debian's default again.
   * Add gosa-netgroups (from gosa-contrib 2.7 which is not in squeeze) as new
     binary package debian-edu-config-gosa-netgroup (Closes: #602859)
   * Make debian-edu-config-gosa-netgroups conflict with gosa >= 2.7
   * tools/kerberos-kdc-init: remove unused heimdal function.
   * add myself to uploaders in control file
   * remove .svn folders in debian-edu-config-gosa-netgroups when building
     the binary package
 .
   [ Holger Levsen ]
   * Remove /etc/dhcp/dhclient-exit-hooks.d/hostname-update and
     /etc/init.d/update-hostname as nowadays dhcp clients pick up their dns
     name from dhcp just fine. The code in question is from 2002 and nobody
     remembers why it should be necessary. (Closes: #629060)
   * Also drop /usr/sbin/update-hostname-from-ip
 .
   * debian-edu-config (1.446~svn73270) squeeze-test; urgency=low
 .
   [ Andreas B. Mundt ]
   * Add the tabs for the netgroups plugin in gosa.conf.
   * Add some descriptions to the netgroups in LDAP.
   * Change netmask in /etc/exports until GOsa supports 10.0.2.0/23.
   * Rework slapd-cert.cnf and make DNS aliases (subjectAltName) work.
   * Prepare gosa.conf for the netgroups plugin.
   * Enable HTTP in sources.list for APT. Most schools will have HTTP
     available today (Closes: #617368).
   * Disable DVD in sources.list for APT. Remove volatile repository, add
     squeeze-updates.
   * Testsuite: Check for TLS connection to ldap.intern if TLS connection
     to the ldap server reported by the SRV record fails.
   * Switch on password encryption in the GOsa configuration.
 .
   [Jürgen Leibner]
   * correct typo in 'index.html.de'
 .
   [Mike Gabriel]
   * Add cfengine script that modifies /etc/adduser.conf (Closes: #617384).
   * Move DHOME= setting from cf.homes to cf.adduser
   * Make CN for slapd cert match FQDN as returned by reverse DNS resolver.
     (Closes: #621800).
   * Deny root login for KDM.
   * ldap-tools/mkslapdcert: use SHA-1 algorithm for slapd TLS cert, refer to
     http://www.win.tue.nl/hashclash/rogue-ca/ for more information on MD5
     insecurity.
   * Cleanup of GOsa test code
   * Fix some typos.
 .
   [ Holger Levsen ]
   * Add Brazilian Portuguese translation by Eder L. Marques (Closes: #617726)
 .
   [ Andreas B. Mundt ]
   * Continue the rework of DHCP/DNS-setup.
   * Use FQDN for ldap-server in smb-debian-edu.conf. Thanks to Andreas
     Schockenhoff for testing and reporting.
   * Fix testsuite DNS-lookups for subnets.
   * Rework DHCP-setup in gosa-server.ldif.
   * Improve names for ltspservers and subnets.
   * Adapt testsuite to reflect new setup.
   * Remove ldap user 'admin' for now as it conflicts with the admin in
     ou=ldap-access.
   * Fix cfengine-rule.
   * Make locate-syslog-collector returning a sensible default host if no
     DNS server is available.
   * Allow NetworkManager to manage devices in /etc/network/interfaces.
     Further testing needed. If we are lucky, some hooks in
     /etc/dhcp/dhclient-* can be removed, as they are included in NM.
   * Add ldap user 'admin'. This user is going to have limited permissions
     compared to the super-admin. ACLs not yet implemented.
   * Prepare two sub-networks in ldap by default for the thin-clients.
     Needs further testing.
 .
   [ Andreas B. Mundt ]
   * Send a simple test-mail to root when running the postoffice
     test-suite. Minor fixes to latest commits.
   * Remove ldapserver from the 10.0.2-zone.  Add extra 192.168.-zone to
     make ltspserver resolvable as 192.168.0.254.
   * Rename cf.ldap2bind to cf.bind. Add rule to switch off IPv6 for
     bind to silence IPv6 lookup failure messages.
   * Fix bug in debian-edu-ldapserver that inhibits the fallback to 'ldap'
     as ldap server.  State the cause of failure precisely in the log.
   * Add mail alias for bind pointing to root.
   * Allow users of group 'bind' to write in /etc/bind/.  Needed to make
     ldap2bind chronjob work.
   * Add 'current_directory = /' to exim's rootmail transport configuration
     to make mail services to root work again.
   * Adapt testsuite to DNS implementation.
   * Remove duplicate A-records from DNS configuration to make sure the
     reverse address mapping needed for reliably issuing a Kerberos service
     ticket works.  To move services to another machine, add the machine to
     DNS, remove the CNAME-record(s) and modify the service record(s) to
     point to that new machine.
   * Rework gosa-server.ldif. Tested by bootstrapping the ldap tree.
     Recreate zone information for bind from the ldap tree.
   * Fix bugs in cf.homes and cfengine.conf that broke the installation.
     Tested by running cfengine in the spoiled system after applying the
     fixes to the mentioned files.
   * Make sure idmapd is started (/etc/defaults/nfs-common). Needed to test
     NFSv4 with Kerberos security.
   * Overhaul DNS setup of GOsa/bind in gosa-server.ldif.  I had to revert
     the stuff added to make powerDNS work, it completely breaks GOsa's
     functionality.
 .
   [ Christian Külker ]
   * Fix typo in www/index.pot and www/*.po.
 .
   [ Andreas B. Mundt ]
   * Provide zone configuration files named.conf.ldap2zone, db.intern and
     db.2.0.10.in-addr.arpa. for bind to make sure DNS works right after
     installation. May need polishing and further testing (the files should
     be replaced by identical files from ldap in the first ldap2bind run).
 .
   [ Petter Reinholdtsen ]
   * Adjust testsute/hardware to also handle ddccontrol to report DDC
     information, and prefer this over the disappearing xresprobe.
   * Fix incorrect shell test in dhclient-exit-hooks.d scripts (Closes:
     #610841).
 .
   [ Andreas B. Mundt ]
   * Switch on NFS4 (sec=sys) for mounting the home directories with the
     automounter.  Enable services needed to test sec=krb5p:krb5i:krb5
     (done in cf/cf.homes).
   * Switch from pdns to bind and ldap2zone.  This enables management of
     hosts with GOsa and has been done to enable further testing. Obviously
     it could be reverted and needs to be agreed on.  Also needs
     documentation if kept for the release. Add debian/TODO.Squeeze.
   * Fix inconsistent naming of environmental variable USERPASSWORD in
     tools/gosa-sync.
 .
   [ Holger Levsen ]
   * Fix tools/nbdswap-cleanup to delete the swapfiles. Add check which
     prevents the script from running twice.
   * Move debian/po/ru.po to www/ and restore the debian/po/ru.po file that
     was in 1.444 - thanks to Christian Perrier for spotting this!
     (Closes: #605245)
   * Add translation to Brasilian Portuguese of the www starting page,
     thanks to Gilberto Dos Santos Alves.
 .
   [ Petter Reinholdtsen ]
   * Change asound.conf to always pass audio to pulseaudio (and not only
     for LTSP), to ensure Adobe Flash audio do not block access to the
     audio device for other programs.  Drop no longer needed Xsession.d
     code to set ALSA_DEFAULT_PCM when thin clients log in.
   * Adjust some of the gosa-server.ldap DNS entries to work with
     PowerDNS, by adding associatedDomain attribute.
   * In gosa-server.ldif, change ldap, syslog, kerberos and kpasswd
     from CNAMEs to A records, to make sure they can be referred in SRV
     and MX entries.  Fix typos in some SRV records.
   * Adjust PowerDNS setup to look for its object from the LDAP root,
     as its old subtree have moved and we do not want to track its
     location.
   * Change DHCP server setup to look for
     (&(objectClass=dhcpService)(cn=tjener) used by GOsa instead of the
     entry (&(objectClass=dhcpService)(cn=dhcp) from the old service
     subtree.
   * Add code to expand $MAC in ldap-debian-edu-install, for
     gosa-server.ldif to get it.  Make sure to use / and not : as the
     sed substitution character, to ensure MACs can include :.
   * Make sure SRV records have FQDN to ensure the names extracted match
     the SSL certificate names.
   * Test suite:
     - Extend DNS server test to verify that CNAME and SRV records are
       present in DNS.  Also add tests for the service specific A
       records (ldap/kerberos/postoffice/domain).
     - Make DNS test more robust by setting LC_ALL=C.
     - Add test in pxeinstall to ensure that tftp server is configured
       to use /var/lib/tftpboot/.
   * PXE server setup:
     - Remove support for now obsolete d-i-bootimages package in setup
       script.
     - Use cdn.debian.net instead of ftp.skolelinux.org as the default
       Debian mirror when installing the main-server from DVD, to get a
       mirror close to the machine instead of one in Norway.
     - Drop vga=788 as kernel argument for PXE installation, to get
       newt based d-i to work on Dell Latitude D505.
   * Updated Spanish web page translation by Hector Oron (Closes: #606088).
   * Added Catalonian web page translation by Hector Oron (Closes: #606108).
   * Remove 'Terminal=False' from
     etc/xdg/autostart/welcome-webpage.desktop to get Gnome as well as
     KDE to use it.  Gnome complain that it do not understand the
     Terminal entry.
   * Update web page translation framework to handle the new translations.
   * Add workaround for bug #606313, while it isn't fixed in the
     ltsp-server package.
   * Disable code to write a special xorg.conf file on HP Mini 2133.
     The X server in Squeeze seem to handle autodetection.
   * Drop code to install b43-fwcutter on HP Mini 2133.  It is done
     by d-i and discover-pkginstall in Squeeze.
 .
   [ Ronny Aasen ]
   * Adjust some of the gosa-server.ldap, adding fqdn to cnames, and
     adding missing objectClass entries.
 .
   [ Claudio Carboncini ]
   * Updated the Italian translation of the web page.
 .
   [ Jürgen Leibner ]
   * Completed translation of the german www starting page.
   * Corrected some typos in the translation of the german www starting page.
Checksums-Sha1: 
 bde2b7eef56293762450c8d2842b7ca15de9b914 2087 debian-edu-config_1.446.dsc
 7edee8c312dfbd6001e95e6c15d77e16968b2a2d 483506 debian-edu-config_1.446.tar.gz
 a96adba72b4b6bcfc194abf53757b25c9db6d7fb 374476 debian-edu-config_1.446_all.deb
 dc9ab0d32b89c478a3ddc1c8e9dcafafbf399531 101090 debian-edu-config-gosa-netgroups_1.446_all.deb
Checksums-Sha256: 
 5aa5906bdde00d12dc7ab1b315f4db66d4488b8ef5752ace337fe4ff0acb800b 2087 debian-edu-config_1.446.dsc
 dd1c9059cd1619bb47da35e8d59efdd3cf5f29faad69bad05c8b3ba5bbedd090 483506 debian-edu-config_1.446.tar.gz
 e3c2df75cac6a95c6df36ffeb9bcf3f53a0bb5cc1769ed54f6a8ab8df7b7e344 374476 debian-edu-config_1.446_all.deb
 8d971223af334ff2d53b747c99a708b9b234143b9e52b090f5a140de3c7dd42e 101090 debian-edu-config-gosa-netgroups_1.446_all.deb
Files: 
 3f086841c02776e5c81b97e0ca3227f5 2087 misc extra debian-edu-config_1.446.dsc
 519d856f849ae9c16b961f5721374aab 483506 misc extra debian-edu-config_1.446.tar.gz
 c2efb423ac579bbd11d06efc73166f99 374476 misc extra debian-edu-config_1.446_all.deb
 e19e9743a70ae1b26f184803c1451071 101090 misc extra debian-edu-config-gosa-netgroups_1.446_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIVAwUBTvS5tQkauFYGmqocAQj5ShAAko9MLibwKh7+Dv/hecTmYxGEYZjeQIac
BigtE0spu8tutvcWDweTPo2mNxPPyW0j1XU3mFGUP///iG1pFDPn0k+4Vaoc1IBO
/iRbw7ZlUAfoFkfVsrk5EYg9TgMjd4cmANO2exDtGP0s9EB14NCHIwAXB3zHfjM5
Z/35bq7nMJJGi71wE6PMyjXia/EJNkLtNmf/kPKlexV+itPvc69+y+ktz6MO8JTU
FKi4yhFASebskvx3Ns4AEz1UoP0q/SseTf8OpuZ8MljCJH8IDCWCXjnUtMzivZBl
LE61fd+ouV5HoQD7sJ3b5zTIatnmBSKICOiwBcrIyCj5iKNZxq2L0uJhizjxad2G
9LgyrEhn8xrT7g/iQXVykAECEOzpmC5fVAEQmxLERz/FQWfsCSXzHHNom7zm+0nC
QTC6Z4MqTMBTAkyeJxhOmQ7HZMHdmXqy7sC80VBAisisYEekjOXPtlCyhUAzPIrE
Axo4xZAECXFLYfrPZVjDS13aqxTDJ0me9sjVjib5iK5oouGVQlAAcnOC+pTzo2n8
of8kbiccAU6GK+o3JQISny//vU12dTSAhhB1/kfn817/gzXRfZ2t0Fw7ufXwXgNM
fBB8eL+DWdF+Fhzth1i+GbxIhRqAhu/sUw4l8zXm/T8NaBkGGycpHZ3LNzTVAOk9
qM2cLY+UgG4=
=uqhF
-----END PGP SIGNATURE-----

--- End Message ---